/** * @param string $username * @param string $password * @param null|string $requiredGroupRole * @return bool */ public function login($username, $password, $requiredGroupRole = null) { if (empty($username) || empty($password)) { return false; } $user = $this->userProvider->loadUserByUsername($username); if (!$user) { $this->logger->warning(sprintf('Login failed for "%s". User not found', $username)); sleep(1); return false; } if (null !== $requiredGroupRole) { $groupRoles = $user->getGroupRoles(); if (!in_array($requiredGroupRole, $groupRoles)) { $this->logger->warning(sprintf('Login failed for "%s". Not in requested group role "%s" vs "%s"', $username, $requiredGroupRole, implode(',', $groupRoles))); sleep(1); return false; } } $encoder = $this->encoderFactory->getEncoder($user); if (!$encoder->isPasswordValid($user->getPassword(), $password, null)) { $this->logger->warning(sprintf('Login failed for "%s". Password missmatch ', $username)); sleep(1); return false; } $this->manualLogin($user); return true; }
/** * @ApiDoc( * section="Administration", * description="Logs in a user to the current session" * ) * * Result on success: * { * token: "c7405b2be7da96b0db784f2dc8b2b974", * userId: 1, * username: "******", * access: true, #administration access * firstName: "Admini", * lastName: "strator", * emailMd5: <emailAsMd5>, //for gravatar * imagePath: "/path/to/image.jpg" *} * * @Rest\RequestParam(name="username", requirements=".+", strict=true) * @Rest\RequestParam(name="password", requirements=".+", strict=true) * * @Rest\Post("/admin/login") * * @param ParamFetcher $paramFetcher * * @return array|bool Returns false on failure or a array if successful. */ public function loginUserAction(ParamFetcher $paramFetcher, Request $request) { $username = $paramFetcher->get('username'); $password = $paramFetcher->get('password'); $user = $this->userProvider->loadUserByUsername($username); if (!$user) { $this->logger->warning(sprintf('Login failed for "%s". User not found', $username)); sleep(1); return false; } $encoder = $this->encoderFactory->getEncoder($user); if (!$encoder->isPasswordValid($user->getPassword(), $password, null)) { $this->logger->warning(sprintf('Login failed for "%s". Password missmatch ', $username)); sleep(1); return false; } $token = new UsernamePasswordToken($user, null, "main", $user->getGroupRoles()); $this->tokenStorage->setToken($token); //now dispatch the login event $event = new InteractiveLoginEvent($request, $token); $this->get("event_dispatcher")->dispatch("security.interactive_login", $event); return array('userId' => $user->getId(), 'username' => $user->getUsername(), 'lastLogin' => $user->getLastLogin(), 'access' => $this->acl->check(ACLRequest::create('jarves/entryPoint', ['path' => '/admin'])), 'firstName' => $user->getFirstName(), 'lastName' => $user->getLastName(), 'imagePath' => $user->getImagePath()); }