Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Guard: o poder da autenticação do Symfony Security

Diana Arnos
May 17, 2019
Programming
3
240

Guard: o poder da autenticação do Symfony Security

Existem muitas maneiras interessantes de autenticar um usuário: API token, social login, um formulário HTML tradicional ou qualquer outra coisa que você possa imaginar.

Mas criar um sistema de autenticação personalizado no Symfony costumava significar muitos arquivos, muito código e muita complexidade. Agora, não mais.

Symfony Guard: um sistema de autenticação simples, mas expansível, parte do componente Symfony Security. Com poucas classes conseguimos implementar autenticação por API token, social login ou até mesmo integrar com algum sistema de autenticação legado.

Não significa que não teremos trabalho algum de implementação, mas o que teremos vai ser mais claro, simples e divertido.

Diana Arnos

May 17, 2019
Tweet

More Decks by Diana Arnos

See All by Diana Arnos
PHP Além do Síncrono
dianaarnos
1
500
O Mundo Mágico dos Profilers
dianaarnos
0
130
Trabalhar na gringa - Como chegar lá?
dianaarnos
0
300
PCS2020 - PHP Além do Síncrono
dianaarnos
2
980
VDPWeekend - Emprego dos Sonhos - O que esperam de você e como ser cada vez melhor
dianaarnos
1
160
PHPPR Live 2020 - PHP Paralelo e Distribuído
dianaarnos
0
120
Profiling 101: o que é e como fazer - PHPConference 2019
dianaarnos
1
380
PHP e Segurança: é possível - PHPConference BR 2019
dianaarnos
0
530
PHP, Symfony and Security
dianaarnos
0
720

Other Decks in Programming

See All in Programming
PHP でアセンブリ言語のように書く技術
memory1994
PRO
1
170
EMになってからチームの成果を最大化するために取り組んだこと/ Maximize team performance as EM
nashiusagi
0
100
受け取る人から提供する人になるということ
little_rubyist
0
250
Make Impossible States Impossibleを 意識してReactのPropsを設計しよう
ikumatadokoro
0
270
3 Effective Rules for Using Signals in Angular
manfredsteyer
PRO
0
100
デザインパターンで理解するLLMエージェントの作り方 / How to develop an LLM agent using agentic design patterns
rkaga
3
280
Macとオーディオ再生 2024/11/02
yusukeito
0
380
イマのCSSでできる
インタラクション最前線 + CSS最新情報
clockmaker
4
550
TypeScript Graph でコードレビューの心理的障壁を乗り越える
ysk8hori
3
1.2k
Click-free releases & the making of a CLI app
oheyadam
2
120
イベント駆動で成長して委員会
happymana
1
340
Duckdb-Wasmでローカルダッシュボードを作ってみた
nkforwork
0
130

Featured

See All Featured
GraphQLの誤解/rethinking-graphql
sonatard
67
10k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k
What's in a price? How to price your products and services
michaelherold
243
12k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
42
9.2k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Imperfection Machines: The Place of Print at Facebook
scottboms
265
13k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.1k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
16
2.1k
Put a Button on it: Removing Barriers to Going Fast.
kastner
59
3.5k
Automating Front-end Workflow
addyosmani
1366
200k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
109
49k
Designing Experiences People Love
moore
138
23k

Transcript

  1. SYMFONY SECURITY: GUARD O PODER DA AUTENTICAÇÃO

  2. @dianaarnos Dev, Sec, Music, Kung Fu. Dev / Architect @

    Senha Segura Evangelist @ PHPSP Evangelist @ PHPWomenBR

  3. ANTES DE QUALQUER COISA:

  4. AUTENTICAÇÃO != AUTORIZAÇÃO

  5. None

  6. AUTENTICAÇÃO É O PROCESSO DE IDENTIFICAR SE ALGUÉM É QUEM

    REALMENTE DIZ SER
  7. None

  8. AUTORIZAÇÃO É O PROCESSO DE VERIFICAR SE ESSE ALGUÉM PODE

    EXECUTAR DETERMINADA AÇÃO
  9. None

  10. AUTENTICAÇÃO É COMPOSTA POR 3 GRANDES PASSOS:

  11. RECUPERAR INFORMAÇÕES DA REQUISIÇÃO

  12. IDENTIFICAR UM USUÁRIO

  13. VALIDAR AS CREDENCIAIS

  14. None

  15. SECURITY COMPONENT

  16. $ composer require symfony/security

  17. PRIMEIRO: USER CLASS

  18. $ composer require symfony/maker-bundle

  19. $ php bin/console make:user

  20. namespace App\Entity; /*...*/ /** * @ORM\Entity(repositoryClass="App\Repository\UserRepository") */ class User implements

    UserInterface { // métodos da classe } USER CLASS

  21. namespace App\Entity; /*...*/ /** * @ORM\Entity(repositoryClass="App\Repository\UserRepository") */ class User implements

    UserInterface { // métodos da classe } USER CLASS

  22. namespace App\Entity; /*...*/ /** * @ORM\Entity(repositoryClass="App\Repository\UserRepository") */ class User implements

    UserInterface { // métodos da classe } USER CLASS

  23. namespace Symfony\Component\Security\Core\User; /*...*/ interface UserInterface { public function getRoles(); public

    function getPassword(); public function getSalt(); public function getUsername(); public function eraseCredentials(); } USER INTERFACE

  24. namespace Symfony\Component\Security\Core\User; /*...*/ interface UserInterface { public function getRoles(); public

    function getPassword(); public function getSalt(); public function getUsername(); public function eraseCredentials(); } USER INTERFACE

  25. OK, TEMOS UMA REPRESENTAÇÃO DO USUÁRIO!

  26. PRÓXIMO PASSO: LOGIN

  27. GUARD

  28. $ php bin/console make:auth

  29. What style of authentication do you want? [Empty authenticator ]:

    [0] Empty authenticator [1] Login form authenticator > 1 The class name of the authenticator to create (e.g. AppCustomAuthenticator ): > LoginFormAuthenticator Choose a name for the controller class (e.g. SecurityController ) [SecurityController ]: >

  30. CONTROLLER namespace App\Controller; /*...*/ class SecurityController extends AbstractController { /**

    * @Route("/login", name="app_login") */ public function login(AuthenticationUtils $authenticationUtils) { return $this->render('security/login.html.twig'); } }

  31. CONTROLLER namespace App\Controller; /*...*/ class SecurityController extends AbstractController { /**

    * @Route("/login", name="app_login") */ public function login(AuthenticationUtils $authenticationUtils) { return $this->render('security/login.html.twig'); } }

  32. CONTROLLER namespace App\Controller; /*...*/ class SecurityController extends AbstractController { /**

    * @Route("/login", name="app_login") */ public function login(AuthenticationUtils $authenticationUtils) { return $this->render('security/login.html.twig'); } }

  33. FORM <form class="form-signin" method="post"> {% if error %} <div class="alert

    alert-danger">{{ error.messageKey|trans(error.messageData, 'security') }}</div> {% endif %} <h1 class="h3 mb-3 font-weight-normal">Please sign in</h1> <label for="inputEmail" class="sr-only">Email address</label> <input type="email" value="{{ last_username }}" name="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus> <label for="inputPassword" class="sr-only">Password</label> <input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required> <button class="btn btn-lg btn-primary btn-block" type="submit"> Sign in </button> </form>

  34. AGORA, A AUTENTICAÇÃO

  35. LOGIN FORM AUTHENTICATOR namespace App\Security; /*...*/ class LoginFormAuthenticator extends AbstractFormLoginAuthenticator

    { //métodos da AuthenticatorInterface }

  36. namespace Symfony\Component\Security\Guard; /*...*/ interface AuthenticatorInterface extends AuthenticationEntryPointInterface { public function

    supports(Request $request); public function getCredentials(Request $request); public function getUser($credentials, UserProviderInterface $userProvider); public function checkCredentials($credentials, UserInterface $user); public function createAuthenticatedToken(UserInterface $user, $providerKey); public function onAuthenticationFailure(Request $request, AuthenticationException $exception); public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey); public function supportsRememberMe(); } AUTHENTICATOR INTERFACE

  37. namespace Symfony\Component\Security\Guard; /*...*/ interface AuthenticatorInterface extends AuthenticationEntryPointInterface { public function

    supports(Request $request); public function getCredentials(Request $request); public function getUser($credentials, UserProviderInterface $userProvider); public function checkCredentials($credentials, UserInterface $user); public function createAuthenticatedToken(UserInterface $user, $providerKey); public function onAuthenticationFailure(Request $request, AuthenticationException $exception); public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey); public function supportsRememberMe(); } AUTHENTICATOR INTERFACE

  38. namespace Symfony\Component\Security\Guard; /*...*/ interface AuthenticatorInterface extends AuthenticationEntryPointInterface { public function

    supports(Request $request); public function getCredentials(Request $request); public function getUser($credentials, UserProviderInterface $userProvider); public function checkCredentials($credentials, UserInterface $user); public function createAuthenticatedToken(UserInterface $user, $providerKey); public function onAuthenticationFailure(Request $request, AuthenticationException $exception); public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey); public function supportsRememberMe(); } AUTHENTICATOR INTERFACE

  39. namespace Symfony\Component\Security\Guard; /*...*/ interface AuthenticatorInterface extends AuthenticationEntryPointInterface { public function

    supports(Request $request); public function getCredentials(Request $request); public function getUser($credentials, UserProviderInterface $userProvider); public function checkCredentials($credentials, UserInterface $user); public function createAuthenticatedToken(UserInterface $user, $providerKey); public function onAuthenticationFailure(Request $request, AuthenticationException $exception); public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey); public function supportsRememberMe(); } AUTHENTICATOR INTERFACE

  40. namespace Symfony\Component\Security\Guard; /*...*/ interface AuthenticatorInterface extends AuthenticationEntryPointInterface { public function

    supports(Request $request); public function getCredentials(Request $request); public function getUser($credentials, UserProviderInterface $userProvider); public function checkCredentials($credentials, UserInterface $user); public function createAuthenticatedToken(UserInterface $user, $providerKey); public function onAuthenticationFailure(Request $request, AuthenticationException $exception); public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey); public function supportsRememberMe(); } AUTHENTICATOR INTERFACE

  41. namespace Symfony\Component\Security\Guard; /*...*/ interface AuthenticatorInterface extends AuthenticationEntryPointInterface { public function

    supports(Request $request); public function getCredentials(Request $request); public function getUser($credentials, UserProviderInterface $userProvider); public function checkCredentials($credentials, UserInterface $user); public function createAuthenticatedToken(UserInterface $user, $providerKey); public function onAuthenticationFailure(Request $request, AuthenticationException $exception); public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey); public function supportsRememberMe(); } AUTHENTICATOR INTERFACE

  42. namespace Symfony\Component\Security\Guard; /*...*/ interface AuthenticatorInterface extends AuthenticationEntryPointInterface { public function

    supports(Request $request); public function getCredentials(Request $request); public function getUser($credentials, UserProviderInterface $userProvider); public function checkCredentials($credentials, UserInterface $user); public function createAuthenticatedToken(UserInterface $user, $providerKey); public function onAuthenticationFailure(Request $request, AuthenticationException $exception); public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey); public function supportsRememberMe(); } AUTHENTICATOR INTERFACE

  43. namespace Symfony\Component\Security\Guard; /*...*/ interface AuthenticatorInterface extends AuthenticationEntryPointInterface { public function

    supports(Request $request); public function getCredentials(Request $request); public function getUser($credentials, UserProviderInterface $userProvider); public function checkCredentials($credentials, UserInterface $user); public function createAuthenticatedToken(UserInterface $user, $providerKey); public function onAuthenticationFailure(Request $request, AuthenticationException $exception); public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey); public function supportsRememberMe(); } AUTHENTICATOR INTERFACE

  44. namespace Symfony\Component\Security\Guard; /*...*/ interface AuthenticatorInterface extends AuthenticationEntryPointInterface { public function

    supports(Request $request); public function getCredentials(Request $request); public function getUser($credentials, UserProviderInterface $userProvider); public function checkCredentials($credentials, UserInterface $user); public function createAuthenticatedToken(UserInterface $user, $providerKey); public function onAuthenticationFailure(Request $request, AuthenticationException $exception); public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey); public function supportsRememberMe(); } AUTHENTICATOR INTERFACE

  45. namespace Symfony\Component\Security\Guard; /*...*/ interface AuthenticatorInterface extends AuthenticationEntryPointInterface { public function

    supports(Request $request); public function getCredentials(Request $request); public function getUser($credentials, UserProviderInterface $userProvider); public function checkCredentials($credentials, UserInterface $user); public function createAuthenticatedToken(UserInterface $user, $providerKey); public function onAuthenticationFailure(Request $request, AuthenticationException $exception); public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey); public function supportsRememberMe(); } AUTHENTICATOR INTERFACE

  46. ATIVANDO O AUTENTICADOR

  47. SECURITY.YAML em config/packages

  48. security: encoders: App\Entity\User: algorithm: argon2i #bcrypt providers: app_user_provider: entity: class:

    App\Entity\User property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: true guard: authenticators: - App\Security\LoginFormAuthenticator entry_point: App\Security\LoginFormAuthenticator SECURITY.YAML

  49. security: encoders: App\Entity\User: algorithm: argon2i #bcrypt providers: app_user_provider: entity: class:

    App\Entity\User property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: true guard: authenticators: - App\Security\LoginFormAuthenticator entry_point: App\Security\LoginFormAuthenticator SECURITY.YAML

  50. security: encoders: App\Entity\User: algorithm: argon2i #bcrypt providers: app_user_provider: entity: class:

    App\Entity\User property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: true guard: authenticators: - App\Security\LoginFormAuthenticator entry_point: App\Security\LoginFormAuthenticator SECURITY.YAML

  51. security: encoders: App\Entity\User: algorithm: argon2i #bcrypt providers: app_user_provider: entity: class:

    App\Entity\User property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: true guard: authenticators: - App\Security\LoginFormAuthenticator entry_point: App\Security\LoginFormAuthenticator SECURITY.YAML

  52. security: encoders: App\Entity\User: algorithm: argon2i #bcrypt providers: app_user_provider: entity: class:

    App\Entity\User property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: true guard: authenticators: - App\Security\LoginFormAuthenticator entry_point: App\Security\LoginFormAuthenticator SECURITY.YAML

  53. security: encoders: App\Entity\User: algorithm: argon2i #bcrypt providers: app_user_provider: entity: class:

    App\Entity\User property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: true guard: authenticators: - App\Security\LoginFormAuthenticator entry_point: App\Security\LoginFormAuthenticator SECURITY.YAML

  54. VOLTANDO AO AUTENTICADOR...

  55. LOGIN FORM AUTHENTICATOR public function supports(Request $request) { return $request->attributes->get('_route')

    === 'app_login' && $request->isMethod('POST'); }

  56. LOGIN FORM AUTHENTICATOR public function supports(Request $request) { return $request->attributes->get('_route')

    === 'app_login' && $request->isMethod('POST'); }

  57. CONTROLLER namespace App\Controller; /*...*/ class SecurityController extends AbstractController { /**

    * @Route("/login", name="app_login") */ public function login(AuthenticationUtils $authenticationUtils) { return $this->render('security/login.html.twig'); } }

  58. LOGIN FORM AUTHENTICATOR public function getCredentials (Request $request) { $credentials

    = [ 'email' => $request->request->get( 'email'), 'password' => $request->request->get( 'password'), ]; return $credentials; }

  59. LOGIN FORM AUTHENTICATOR public function getCredentials (Request $request) { $credentials

    = [ 'email' => $request->request->get( 'email'), 'password' => $request->request->get( 'password'), ]; return $credentials; }

  60. LOGIN FORM AUTHENTICATOR public function getUser($credentials, UserProviderInterface $userProvider) { return

    $this->userRepository->findOneBy(['email' => $credentials['email']]); }

  61. LOGIN FORM AUTHENTICATOR public function getUser($credentials, UserProviderInterface $userProvider) { return

    $this->userRepository->findOneBy(['email' => $credentials['email']]); }

  62. LOGIN FORM AUTHENTICATOR public function getUser($credentials, UserProviderInterface $userProvider) { return

    $this->userRepository->findOneBy(['email' => $credentials['email']]); } public function checkCredentials($credentials, UserInterface $user) { return $this->passwordEncoder->isPasswordValid($user, $credentials['password']); }

  63. LOGIN FORM AUTHENTICATOR public function getUser($credentials, UserProviderInterface $userProvider) { return

    $this->userRepository->findOneBy(['email' => $credentials['email']]); } public function checkCredentials($credentials, UserInterface $user) { return $this->passwordEncoder->isPasswordValid($user, $credentials['password']); }

  64. LOGIN FORM AUTHENTICATOR public function onAuthenticationSuccess(Request $request, $providerKey) { if

    ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) { return new RedirectResponse($targetPath); } return new RedirectResponse($this->router->generate('app_homepage')); }

  65. LOGIN FORM AUTHENTICATOR public function onAuthenticationSuccess(Request $request, $providerKey) { if

    ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) { return new RedirectResponse($targetPath); } return new RedirectResponse($this->router->generate('app_homepage')); } public function onAuthenticationFailure(Request $request, AuthenticationException $exception) { if ($request->hasSession()) { $request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception); } $url = $this->getLoginUrl(); return new RedirectResponse($url); }

  66. LOGIN FORM AUTHENTICATOR public function onAuthenticationSuccess(Request $request, $providerKey) { if

    ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) { return new RedirectResponse($targetPath); } return new RedirectResponse($this->router->generate('app_homepage')); } public function onAuthenticationFailure(Request $request, AuthenticationException $exception) { if ($request->hasSession()) { $request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception); } $url = $this->getLoginUrl(); return new RedirectResponse($url); }

  67. IMPORTANTE: CSRF TOKEN A.K.A.: CROSS-SITE REQUEST FORGERY

  68. FORM CSRF <form class="form-signin" method="post"> {% if error %} <div

    class="alert alert-danger">{{ error.messageKey|trans(error.messageData, 'security') }}</div> {% endif %} <h1 class="h3 mb-3 font-weight-normal">Please sign in</h1> <label for="inputEmail" class="sr-only">Email address</label> <input type="email" value="{{ last_username }}" name="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus> <label for="inputPassword" class="sr-only">Password</label> <input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required> <input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}"> </form>

  69. FORM CSRF <form class="form-signin" method="post"> {% if error %} <div

    class="alert alert-danger">{{ error.messageKey|trans(error.messageData, 'security') }}</div> {% endif %} <h1 class="h3 mb-3 font-weight-normal">Please sign in</h1> <label for="inputEmail" class="sr-only">Email address</label> <input type="email" value="{{ last_username }}" name="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus> <label for="inputPassword" class="sr-only">Password</label> <input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required> <input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}"> </form>

  70. FORM CSRF <form class="form-signin" method="post"> {% if error %} <div

    class="alert alert-danger">{{ error.messageKey|trans(error.messageData, 'security') }}</div> {% endif %} <h1 class="h3 mb-3 font-weight-normal">Please sign in</h1> <label for="inputEmail" class="sr-only">Email address</label> <input type="email" value="{{ last_username }}" name="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus> <label for="inputPassword" class="sr-only">Password</label> <input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required> <input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}"> </form>

  71. LOGIN FORM AUTHENTICATOR CSRF public function getCredentials(Request $request) { $credentials

    = [ 'email' => $request->request->get('email'), 'password' => $request->request->get('password'), 'csrf_token' => $request->request->get('_csrf_token'), ]; return $credentials; }

  72. LOGIN FORM AUTHENTICATOR CSRF public function getCredentials(Request $request) { $credentials

    = [ 'email' => $request->request->get('email'), 'password' => $request->request->get('password'), 'csrf_token' => $request->request->get('_csrf_token'), ]; return $credentials; }

  73. LOGIN FORM AUTHENTICATOR CSRF O TOKEN É VÁLIDO?

  74. LOGIN FORM AUTHENTICATOR CSRF O TOKEN É VÁLIDO? public function

    checkCredentials($credentials, UserInterface $user) { }

  75. LOGIN FORM AUTHENTICATOR CSRF O TOKEN É VÁLIDO? public function

    checkCredentials($credentials, UserInterface $user) { } public function getUser($credentials, UserProviderInterface $userProvider) { $token = new CsrfToken('authenticate', $credentials['csrf_token']); if (!$this->csrfTokenManager->isTokenValid($token)) { throw new InvalidCsrfTokenException(); } return $this->userRepository->findOneBy(['email' => $credentials['email']]); }

  76. LOGIN FORM AUTHENTICATOR CSRF O TOKEN É VÁLIDO? public function

    checkCredentials($credentials, UserInterface $user) { } public function getUser($credentials, UserProviderInterface $userProvider) { $token = new CsrfToken('authenticate', $credentials['csrf_token']); if (!$this->csrfTokenManager->isTokenValid($token)) { throw new InvalidCsrfTokenException(); } return $this->userRepository->findOneBy(['email' => $credentials['email']]); }

  77. LOGIN FORM AUTHENTICATOR CSRF O TOKEN É VÁLIDO? public function

    checkCredentials($credentials, UserInterface $user) { } public function getUser($credentials, UserProviderInterface $userProvider) { $token = new CsrfToken('authenticate', $credentials['csrf_token']); if (!$this->csrfTokenManager->isTokenValid($token)) { throw new InvalidCsrfTokenException(); } return $this->userRepository->findOneBy(['email' => $credentials['email']]); }

  78. LOGIN FORM AUTHENTICATOR CSRF O TOKEN É VÁLIDO? public function

    getUser($credentials, UserProviderInterface $userProvider) { $token = new CsrfToken('authenticate', $credentials['csrf_token']); if (!$this->csrfTokenManager->isTokenValid($token)) { throw new InvalidCsrfTokenException(); } return $this->userRepository->findOneBy(['email' => $credentials['email']]); }

  79. LOGIN FORM AUTHENTICATOR CSRF O TOKEN É VÁLIDO? public function

    getUser($credentials, UserProviderInterface $userProvider) { $token = new CsrfToken('authenticate', $credentials['csrf_token']); if (!$this->csrfTokenManager->isTokenValid($token)) { throw new InvalidCsrfTokenException(); } return $this->userRepository->findOneBy(['email' => $credentials['email']]); }

  80. LOGIN FORM AUTHENTICATOR CSRF O TOKEN É VÁLIDO? public function

    getUser($credentials, UserProviderInterface $userProvider) { $token = new CsrfToken('authenticate', $credentials['csrf_token']); if (!$this->csrfTokenManager->isTokenValid($token)) { throw new InvalidCsrfTokenException(); } return $this->userRepository->findOneBy(['email' => $credentials['email']]); } <input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}">

  81. LOGIN FORM AUTHENTICATOR CSRF O TOKEN É VÁLIDO? public function

    getUser($credentials, UserProviderInterface $userProvider) { $token = new CsrfToken('authenticate', $credentials['csrf_token']); if (!$this->csrfTokenManager->isTokenValid($token)) { throw new InvalidCsrfTokenException(); } return $this->userRepository->findOneBy(['email' => $credentials['email']]); } <input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}">

  82. LOGIN FORM AUTHENTICATOR CSRF O TOKEN É VÁLIDO? public function

    getUser($credentials, UserProviderInterface $userProvider) { $token = new CsrfToken('authenticate', $credentials['csrf_token']); if (!$this->csrfTokenManager->isTokenValid($token)) { throw new InvalidCsrfTokenException(); } return $this->userRepository->findOneBy(['email' => $credentials['email']]); }

  83. DONE!

  84. MAS… E SE FOR UMA API?

  85. TOKENS, TOKENS EVERYWHERE

  86. RELACIONAR UM TOKEN A UM USUÁRIO/CLIENTE

  87. None

  88. DATA + TOKEN

  89. DATA + TOKEN AUTH

  90. DATA + TOKEN AUTH

  91. DATA + TOKEN RESPOSTA + NOVO TOKEN AUTH

  92. DATA + TOKEN RESPOSTA + NOVO TOKEN AUTH

  93. $ php bin/console make:auth

  94. API TOKEN AUTHENTICATOR namespace App\Security; /*...*/ class ApiTokenAuthenticator extends AbstractGuardAuthenticator

    { //métodos da AuthenticatorInterface }

  95. API TOKEN AUTHENTICATOR namespace App\Security; /*...*/ class ApiTokenAuthenticator extends AbstractGuardAuthenticator

    { //métodos da AuthenticatorInterface }

  96. API TOKEN AUTHENTICATOR public function supports(Request $request) { return $request->headers->has('Authorization');

    }

  97. API TOKEN AUTHENTICATOR public function getCredentials(Request $request) { $authorizationHeader =

    $request->headers->get('Authorization'); return $authorizationHeader; }

  98. API TOKEN AUTHENTICATOR public function getUser($credentials, UserProviderInterface $userProvider) { $token

    = $this->apiTokenRepo->findOneBy([ 'token' => $credentials ]); if (!$token) { throw new CustomUserMessageAuthenticationException( 'Invalid API Token' ); } if ($token->isExpired()) { throw new CustomUserMessageAuthenticationException( 'Token expired' ); } return $token->getUser(); }

  99. API TOKEN AUTHENTICATOR public function getUser($credentials, UserProviderInterface $userProvider) { $token

    = $this->apiTokenRepo->findOneBy([ 'token' => $credentials ]); if (!$token) { throw new CustomUserMessageAuthenticationException( 'Invalid API Token' ); } if ($token->isExpired()) { throw new CustomUserMessageAuthenticationException( 'Token expired' ); } return $token->getUser(); }

  100. API TOKEN AUTHENTICATOR public function getUser($credentials, UserProviderInterface $userProvider) { $token

    = $this->apiTokenRepo->findOneBy([ 'token' => $credentials ]); if (!$token) { throw new CustomUserMessageAuthenticationException( 'Invalid API Token' ); } if ($token->isExpired()) { throw new CustomUserMessageAuthenticationException( 'Token expired' ); } return $token->getUser(); }

  101. API TOKEN AUTHENTICATOR public function getUser($credentials, UserProviderInterface $userProvider) { $token

    = $this->apiTokenRepo->findOneBy([ 'token' => $credentials ]); if (!$token) { throw new CustomUserMessageAuthenticationException( 'Invalid API Token' ); } if ($token->isExpired()) { throw new CustomUserMessageAuthenticationException( 'Token expired' ); } return $token->getUser(); }

  102. API TOKEN AUTHENTICATOR public function getUser($credentials, UserProviderInterface $userProvider) { $token

    = $this->apiTokenRepo->findOneBy([ 'token' => $credentials ]); if (!$token) { throw new CustomUserMessageAuthenticationException( 'Invalid API Token' ); } if ($token->isExpired()) { throw new CustomUserMessageAuthenticationException( 'Token expired' ); } return $token->getUser(); }

  103. API TOKEN AUTHENTICATOR public function checkCredentials($credentials, UserInterface $user) { //

    seu código aqui } public function onAuthenticationFailure(Request $request, AuthenticationException $exception) { return new JsonResponse([ 'message' => $exception->getMessageKey() ], 401); } public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) { // seu código aqui }

  104. API TOKEN AUTHENTICATOR public function checkCredentials($credentials, UserInterface $user) { //

    seu código aqui } public function onAuthenticationFailure(Request $request, AuthenticationException $exception) { return new JsonResponse([ 'message' => $exception->getMessageKey() ], 401); } public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) { // seu código aqui }

  105. API TOKEN AUTHENTICATOR public function checkCredentials($credentials, UserInterface $user) { //

    seu código aqui } public function onAuthenticationFailure(Request $request, AuthenticationException $exception) { return new JsonResponse([ 'message' => $exception->getMessageKey() ], 401); } public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) { // seu código aqui }

  106. API TOKEN AUTHENTICATOR public function checkCredentials($credentials, UserInterface $user) { //

    seu código aqui } public function onAuthenticationFailure(Request $request, AuthenticationException $exception) { return new JsonResponse([ 'message' => $exception->getMessageKey() ], 401); } public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) { // seu código aqui }

  107. VOLTANDO AO SECURITY.YAML

  108. security: encoders: App\Entity\User: algorithm: argon2i #bcrypt providers: app_user_provider: entity: class:

    App\Entity\User property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: true guard: authenticators: - App\Security\LoginFormAuthenticator - App\Security\ApiTokenAuthenticator entry_point: App\Security\LoginFormAuthenticator SECURITY.YAML

  109. security: encoders: App\Entity\User: algorithm: argon2i #bcrypt providers: app_user_provider: entity: class:

    App\Entity\User property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: true guard: authenticators: - App\Security\LoginFormAuthenticator - App\Security\ApiTokenAuthenticator entry_point: App\Security\LoginFormAuthenticator SECURITY.YAML

  110. security: encoders: App\Entity\User: algorithm: argon2i #bcrypt providers: app_user_provider: entity: class:

    App\Entity\User property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: true guard: authenticators: - App\Security\LoginFormAuthenticator - App\Security\ApiTokenAuthenticator entry_point: App\Security\LoginFormAuthenticator SECURITY.YAML
  111. None

  112. ACESSO AOS SLIDES http://bit.ly/sflive-guard

  113. OBRIGADA! AVALIE NO JOIND.IN https://joind.in/talk/e11e4