Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Guard: o poder da autenticação do Symfony Security

Diana Arnos
May 17, 2019
Programming
3
240

Guard: o poder da autenticação do Symfony Security

Existem muitas maneiras interessantes de autenticar um usuário: API token, social login, um formulário HTML tradicional ou qualquer outra coisa que você possa imaginar.

Mas criar um sistema de autenticação personalizado no Symfony costumava significar muitos arquivos, muito código e muita complexidade. Agora, não mais.

Symfony Guard: um sistema de autenticação simples, mas expansível, parte do componente Symfony Security. Com poucas classes conseguimos implementar autenticação por API token, social login ou até mesmo integrar com algum sistema de autenticação legado.

Não significa que não teremos trabalho algum de implementação, mas o que teremos vai ser mais claro, simples e divertido.

Diana Arnos

May 17, 2019
Tweet

More Decks by Diana Arnos

See All by Diana Arnos
PHP Além do Síncrono
dianaarnos
1
500
O Mundo Mágico dos Profilers
dianaarnos
0
130
Trabalhar na gringa - Como chegar lá?
dianaarnos
0
300
PCS2020 - PHP Além do Síncrono
dianaarnos
2
980
VDPWeekend - Emprego dos Sonhos - O que esperam de você e como ser cada vez melhor
dianaarnos
1
160
PHPPR Live 2020 - PHP Paralelo e Distribuído
dianaarnos
0
120
Profiling 101: o que é e como fazer - PHPConference 2019
dianaarnos
1
380
PHP e Segurança: é possível - PHPConference BR 2019
dianaarnos
0
530
PHP, Symfony and Security
dianaarnos
0
720

Other Decks in Programming

See All in Programming
From Subtype Polymorphism To Typeclass-based Ad hoc Polymorphism - An Example
philipschwarz
PRO
0
190
シェーダーで魅せるMapLibreの動的ラスタータイル
satoshi7190
1
440
EventSourcingの理想と現実
wenas
6
2.2k
プロジェクト新規参入者のリードタイム短縮の観点から見る、品質の高いコードとアーキテクチャを保つメリット
d_endo
1
1.1k
「今のプロジェクトいろいろ大変なんですよ、app/services とかもあって……」/After Kaigi on Rails 2024 LT Night
junk0612
4
1.9k
Kaigi on Rails 2024 - Rails APIモードのためのシンプルで効果的なCSRF対策 / kaigionrails-2024-csrf
corocn
5
3.7k
Googleのテストサイズを活用したテスト環境の構築
toms74209200
0
300
Quine, Polyglot, 良いコード
qnighy
4
610
推し活の ハイトラフィックに立ち向かう Railsとアーキテクチャ - Kaigi on Rails 2024
falcon8823
6
2.6k
役立つログに取り組もう
irof
28
9.3k
Importmapを使ったJavaScriptの 読み込みとブラウザアドオンの影響
swamp09
4
1.3k
タクシーアプリ『GO』のリアルタイムデータ分析基盤における機械学習サービスの活用
mot_techtalk
4
160

Featured

See All Featured
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
231
17k
Put a Button on it: Removing Barriers to Going Fast.
kastner
59
3.5k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
42
9.2k
What's new in Ruby 2.0
geeforr
343
31k
The Pragmatic Product Professional
lauravandoore
31
6.3k
The Cost Of JavaScript in 2023
addyosmani
45
6.7k
GraphQLの誤解/rethinking-graphql
sonatard
67
10k
GraphQLとの向き合い方2022年版
quramy
43
13k
Optimizing for Happiness
mojombo
376
69k
Agile that works and the tools we love
rasmusluckow
327
21k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
109
49k
Designing the Hi-DPI Web
ddemaree
280
34k

Transcript

  1. SYMFONY SECURITY: GUARD O PODER DA AUTENTICAÇÃO

  2. @dianaarnos Dev, Sec, Music, Kung Fu. Dev / Architect @

    Senha Segura Evangelist @ PHPSP Evangelist @ PHPWomenBR

  3. ANTES DE QUALQUER COISA:

  4. AUTENTICAÇÃO != AUTORIZAÇÃO

  5. None

  6. AUTENTICAÇÃO É O PROCESSO DE IDENTIFICAR SE ALGUÉM É QUEM

    REALMENTE DIZ SER
  7. None

  8. AUTORIZAÇÃO É O PROCESSO DE VERIFICAR SE ESSE ALGUÉM PODE

    EXECUTAR DETERMINADA AÇÃO
  9. None

  10. AUTENTICAÇÃO É COMPOSTA POR 3 GRANDES PASSOS:

  11. RECUPERAR INFORMAÇÕES DA REQUISIÇÃO

  12. IDENTIFICAR UM USUÁRIO

  13. VALIDAR AS CREDENCIAIS

  14. None

  15. SECURITY COMPONENT

  16. $ composer require symfony/security

  17. PRIMEIRO: USER CLASS

  18. $ composer require symfony/maker-bundle

  19. $ php bin/console make:user

  20. namespace App\Entity; /*...*/ /** * @ORM\Entity(repositoryClass="App\Repository\UserRepository") */ class User implements

    UserInterface { // métodos da classe } USER CLASS

  21. namespace App\Entity; /*...*/ /** * @ORM\Entity(repositoryClass="App\Repository\UserRepository") */ class User implements

    UserInterface { // métodos da classe } USER CLASS

  22. namespace App\Entity; /*...*/ /** * @ORM\Entity(repositoryClass="App\Repository\UserRepository") */ class User implements

    UserInterface { // métodos da classe } USER CLASS

  23. namespace Symfony\Component\Security\Core\User; /*...*/ interface UserInterface { public function getRoles(); public

    function getPassword(); public function getSalt(); public function getUsername(); public function eraseCredentials(); } USER INTERFACE

  24. namespace Symfony\Component\Security\Core\User; /*...*/ interface UserInterface { public function getRoles(); public

    function getPassword(); public function getSalt(); public function getUsername(); public function eraseCredentials(); } USER INTERFACE

  25. OK, TEMOS UMA REPRESENTAÇÃO DO USUÁRIO!

  26. PRÓXIMO PASSO: LOGIN

  27. GUARD

  28. $ php bin/console make:auth

  29. What style of authentication do you want? [Empty authenticator ]:

    [0] Empty authenticator [1] Login form authenticator > 1 The class name of the authenticator to create (e.g. AppCustomAuthenticator ): > LoginFormAuthenticator Choose a name for the controller class (e.g. SecurityController ) [SecurityController ]: >

  30. CONTROLLER namespace App\Controller; /*...*/ class SecurityController extends AbstractController { /**

    * @Route("/login", name="app_login") */ public function login(AuthenticationUtils $authenticationUtils) { return $this->render('security/login.html.twig'); } }

  31. CONTROLLER namespace App\Controller; /*...*/ class SecurityController extends AbstractController { /**

    * @Route("/login", name="app_login") */ public function login(AuthenticationUtils $authenticationUtils) { return $this->render('security/login.html.twig'); } }

  32. CONTROLLER namespace App\Controller; /*...*/ class SecurityController extends AbstractController { /**

    * @Route("/login", name="app_login") */ public function login(AuthenticationUtils $authenticationUtils) { return $this->render('security/login.html.twig'); } }

  33. FORM <form class="form-signin" method="post"> {% if error %} <div class="alert

    alert-danger">{{ error.messageKey|trans(error.messageData, 'security') }}</div> {% endif %} <h1 class="h3 mb-3 font-weight-normal">Please sign in</h1> <label for="inputEmail" class="sr-only">Email address</label> <input type="email" value="{{ last_username }}" name="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus> <label for="inputPassword" class="sr-only">Password</label> <input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required> <button class="btn btn-lg btn-primary btn-block" type="submit"> Sign in </button> </form>

  34. AGORA, A AUTENTICAÇÃO

  35. LOGIN FORM AUTHENTICATOR namespace App\Security; /*...*/ class LoginFormAuthenticator extends AbstractFormLoginAuthenticator

    { //métodos da AuthenticatorInterface }

  36. namespace Symfony\Component\Security\Guard; /*...*/ interface AuthenticatorInterface extends AuthenticationEntryPointInterface { public function

    supports(Request $request); public function getCredentials(Request $request); public function getUser($credentials, UserProviderInterface $userProvider); public function checkCredentials($credentials, UserInterface $user); public function createAuthenticatedToken(UserInterface $user, $providerKey); public function onAuthenticationFailure(Request $request, AuthenticationException $exception); public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey); public function supportsRememberMe(); } AUTHENTICATOR INTERFACE

  37. namespace Symfony\Component\Security\Guard; /*...*/ interface AuthenticatorInterface extends AuthenticationEntryPointInterface { public function

    supports(Request $request); public function getCredentials(Request $request); public function getUser($credentials, UserProviderInterface $userProvider); public function checkCredentials($credentials, UserInterface $user); public function createAuthenticatedToken(UserInterface $user, $providerKey); public function onAuthenticationFailure(Request $request, AuthenticationException $exception); public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey); public function supportsRememberMe(); } AUTHENTICATOR INTERFACE

  38. namespace Symfony\Component\Security\Guard; /*...*/ interface AuthenticatorInterface extends AuthenticationEntryPointInterface { public function

    supports(Request $request); public function getCredentials(Request $request); public function getUser($credentials, UserProviderInterface $userProvider); public function checkCredentials($credentials, UserInterface $user); public function createAuthenticatedToken(UserInterface $user, $providerKey); public function onAuthenticationFailure(Request $request, AuthenticationException $exception); public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey); public function supportsRememberMe(); } AUTHENTICATOR INTERFACE

  39. namespace Symfony\Component\Security\Guard; /*...*/ interface AuthenticatorInterface extends AuthenticationEntryPointInterface { public function

    supports(Request $request); public function getCredentials(Request $request); public function getUser($credentials, UserProviderInterface $userProvider); public function checkCredentials($credentials, UserInterface $user); public function createAuthenticatedToken(UserInterface $user, $providerKey); public function onAuthenticationFailure(Request $request, AuthenticationException $exception); public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey); public function supportsRememberMe(); } AUTHENTICATOR INTERFACE

  40. namespace Symfony\Component\Security\Guard; /*...*/ interface AuthenticatorInterface extends AuthenticationEntryPointInterface { public function

    supports(Request $request); public function getCredentials(Request $request); public function getUser($credentials, UserProviderInterface $userProvider); public function checkCredentials($credentials, UserInterface $user); public function createAuthenticatedToken(UserInterface $user, $providerKey); public function onAuthenticationFailure(Request $request, AuthenticationException $exception); public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey); public function supportsRememberMe(); } AUTHENTICATOR INTERFACE

  41. namespace Symfony\Component\Security\Guard; /*...*/ interface AuthenticatorInterface extends AuthenticationEntryPointInterface { public function

    supports(Request $request); public function getCredentials(Request $request); public function getUser($credentials, UserProviderInterface $userProvider); public function checkCredentials($credentials, UserInterface $user); public function createAuthenticatedToken(UserInterface $user, $providerKey); public function onAuthenticationFailure(Request $request, AuthenticationException $exception); public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey); public function supportsRememberMe(); } AUTHENTICATOR INTERFACE

  42. namespace Symfony\Component\Security\Guard; /*...*/ interface AuthenticatorInterface extends AuthenticationEntryPointInterface { public function

    supports(Request $request); public function getCredentials(Request $request); public function getUser($credentials, UserProviderInterface $userProvider); public function checkCredentials($credentials, UserInterface $user); public function createAuthenticatedToken(UserInterface $user, $providerKey); public function onAuthenticationFailure(Request $request, AuthenticationException $exception); public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey); public function supportsRememberMe(); } AUTHENTICATOR INTERFACE

  43. namespace Symfony\Component\Security\Guard; /*...*/ interface AuthenticatorInterface extends AuthenticationEntryPointInterface { public function

    supports(Request $request); public function getCredentials(Request $request); public function getUser($credentials, UserProviderInterface $userProvider); public function checkCredentials($credentials, UserInterface $user); public function createAuthenticatedToken(UserInterface $user, $providerKey); public function onAuthenticationFailure(Request $request, AuthenticationException $exception); public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey); public function supportsRememberMe(); } AUTHENTICATOR INTERFACE

  44. namespace Symfony\Component\Security\Guard; /*...*/ interface AuthenticatorInterface extends AuthenticationEntryPointInterface { public function

    supports(Request $request); public function getCredentials(Request $request); public function getUser($credentials, UserProviderInterface $userProvider); public function checkCredentials($credentials, UserInterface $user); public function createAuthenticatedToken(UserInterface $user, $providerKey); public function onAuthenticationFailure(Request $request, AuthenticationException $exception); public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey); public function supportsRememberMe(); } AUTHENTICATOR INTERFACE

  45. namespace Symfony\Component\Security\Guard; /*...*/ interface AuthenticatorInterface extends AuthenticationEntryPointInterface { public function

    supports(Request $request); public function getCredentials(Request $request); public function getUser($credentials, UserProviderInterface $userProvider); public function checkCredentials($credentials, UserInterface $user); public function createAuthenticatedToken(UserInterface $user, $providerKey); public function onAuthenticationFailure(Request $request, AuthenticationException $exception); public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey); public function supportsRememberMe(); } AUTHENTICATOR INTERFACE

  46. ATIVANDO O AUTENTICADOR

  47. SECURITY.YAML em config/packages

  48. security: encoders: App\Entity\User: algorithm: argon2i #bcrypt providers: app_user_provider: entity: class:

    App\Entity\User property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: true guard: authenticators: - App\Security\LoginFormAuthenticator entry_point: App\Security\LoginFormAuthenticator SECURITY.YAML

  49. security: encoders: App\Entity\User: algorithm: argon2i #bcrypt providers: app_user_provider: entity: class:

    App\Entity\User property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: true guard: authenticators: - App\Security\LoginFormAuthenticator entry_point: App\Security\LoginFormAuthenticator SECURITY.YAML

  50. security: encoders: App\Entity\User: algorithm: argon2i #bcrypt providers: app_user_provider: entity: class:

    App\Entity\User property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: true guard: authenticators: - App\Security\LoginFormAuthenticator entry_point: App\Security\LoginFormAuthenticator SECURITY.YAML

  51. security: encoders: App\Entity\User: algorithm: argon2i #bcrypt providers: app_user_provider: entity: class:

    App\Entity\User property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: true guard: authenticators: - App\Security\LoginFormAuthenticator entry_point: App\Security\LoginFormAuthenticator SECURITY.YAML

  52. security: encoders: App\Entity\User: algorithm: argon2i #bcrypt providers: app_user_provider: entity: class:

    App\Entity\User property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: true guard: authenticators: - App\Security\LoginFormAuthenticator entry_point: App\Security\LoginFormAuthenticator SECURITY.YAML

  53. security: encoders: App\Entity\User: algorithm: argon2i #bcrypt providers: app_user_provider: entity: class:

    App\Entity\User property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: true guard: authenticators: - App\Security\LoginFormAuthenticator entry_point: App\Security\LoginFormAuthenticator SECURITY.YAML

  54. VOLTANDO AO AUTENTICADOR...

  55. LOGIN FORM AUTHENTICATOR public function supports(Request $request) { return $request->attributes->get('_route')

    === 'app_login' && $request->isMethod('POST'); }

  56. LOGIN FORM AUTHENTICATOR public function supports(Request $request) { return $request->attributes->get('_route')

    === 'app_login' && $request->isMethod('POST'); }

  57. CONTROLLER namespace App\Controller; /*...*/ class SecurityController extends AbstractController { /**

    * @Route("/login", name="app_login") */ public function login(AuthenticationUtils $authenticationUtils) { return $this->render('security/login.html.twig'); } }

  58. LOGIN FORM AUTHENTICATOR public function getCredentials (Request $request) { $credentials

    = [ 'email' => $request->request->get( 'email'), 'password' => $request->request->get( 'password'), ]; return $credentials; }

  59. LOGIN FORM AUTHENTICATOR public function getCredentials (Request $request) { $credentials

    = [ 'email' => $request->request->get( 'email'), 'password' => $request->request->get( 'password'), ]; return $credentials; }

  60. LOGIN FORM AUTHENTICATOR public function getUser($credentials, UserProviderInterface $userProvider) { return

    $this->userRepository->findOneBy(['email' => $credentials['email']]); }

  61. LOGIN FORM AUTHENTICATOR public function getUser($credentials, UserProviderInterface $userProvider) { return

    $this->userRepository->findOneBy(['email' => $credentials['email']]); }

  62. LOGIN FORM AUTHENTICATOR public function getUser($credentials, UserProviderInterface $userProvider) { return

    $this->userRepository->findOneBy(['email' => $credentials['email']]); } public function checkCredentials($credentials, UserInterface $user) { return $this->passwordEncoder->isPasswordValid($user, $credentials['password']); }

  63. LOGIN FORM AUTHENTICATOR public function getUser($credentials, UserProviderInterface $userProvider) { return

    $this->userRepository->findOneBy(['email' => $credentials['email']]); } public function checkCredentials($credentials, UserInterface $user) { return $this->passwordEncoder->isPasswordValid($user, $credentials['password']); }

  64. LOGIN FORM AUTHENTICATOR public function onAuthenticationSuccess(Request $request, $providerKey) { if

    ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) { return new RedirectResponse($targetPath); } return new RedirectResponse($this->router->generate('app_homepage')); }

  65. LOGIN FORM AUTHENTICATOR public function onAuthenticationSuccess(Request $request, $providerKey) { if

    ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) { return new RedirectResponse($targetPath); } return new RedirectResponse($this->router->generate('app_homepage')); } public function onAuthenticationFailure(Request $request, AuthenticationException $exception) { if ($request->hasSession()) { $request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception); } $url = $this->getLoginUrl(); return new RedirectResponse($url); }

  66. LOGIN FORM AUTHENTICATOR public function onAuthenticationSuccess(Request $request, $providerKey) { if

    ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) { return new RedirectResponse($targetPath); } return new RedirectResponse($this->router->generate('app_homepage')); } public function onAuthenticationFailure(Request $request, AuthenticationException $exception) { if ($request->hasSession()) { $request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception); } $url = $this->getLoginUrl(); return new RedirectResponse($url); }

  67. IMPORTANTE: CSRF TOKEN A.K.A.: CROSS-SITE REQUEST FORGERY

  68. FORM CSRF <form class="form-signin" method="post"> {% if error %} <div

    class="alert alert-danger">{{ error.messageKey|trans(error.messageData, 'security') }}</div> {% endif %} <h1 class="h3 mb-3 font-weight-normal">Please sign in</h1> <label for="inputEmail" class="sr-only">Email address</label> <input type="email" value="{{ last_username }}" name="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus> <label for="inputPassword" class="sr-only">Password</label> <input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required> <input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}"> </form>

  69. FORM CSRF <form class="form-signin" method="post"> {% if error %} <div

    class="alert alert-danger">{{ error.messageKey|trans(error.messageData, 'security') }}</div> {% endif %} <h1 class="h3 mb-3 font-weight-normal">Please sign in</h1> <label for="inputEmail" class="sr-only">Email address</label> <input type="email" value="{{ last_username }}" name="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus> <label for="inputPassword" class="sr-only">Password</label> <input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required> <input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}"> </form>

  70. FORM CSRF <form class="form-signin" method="post"> {% if error %} <div

    class="alert alert-danger">{{ error.messageKey|trans(error.messageData, 'security') }}</div> {% endif %} <h1 class="h3 mb-3 font-weight-normal">Please sign in</h1> <label for="inputEmail" class="sr-only">Email address</label> <input type="email" value="{{ last_username }}" name="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus> <label for="inputPassword" class="sr-only">Password</label> <input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required> <input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}"> </form>

  71. LOGIN FORM AUTHENTICATOR CSRF public function getCredentials(Request $request) { $credentials

    = [ 'email' => $request->request->get('email'), 'password' => $request->request->get('password'), 'csrf_token' => $request->request->get('_csrf_token'), ]; return $credentials; }

  72. LOGIN FORM AUTHENTICATOR CSRF public function getCredentials(Request $request) { $credentials

    = [ 'email' => $request->request->get('email'), 'password' => $request->request->get('password'), 'csrf_token' => $request->request->get('_csrf_token'), ]; return $credentials; }

  73. LOGIN FORM AUTHENTICATOR CSRF O TOKEN É VÁLIDO?

  74. LOGIN FORM AUTHENTICATOR CSRF O TOKEN É VÁLIDO? public function

    checkCredentials($credentials, UserInterface $user) { }

  75. LOGIN FORM AUTHENTICATOR CSRF O TOKEN É VÁLIDO? public function

    checkCredentials($credentials, UserInterface $user) { } public function getUser($credentials, UserProviderInterface $userProvider) { $token = new CsrfToken('authenticate', $credentials['csrf_token']); if (!$this->csrfTokenManager->isTokenValid($token)) { throw new InvalidCsrfTokenException(); } return $this->userRepository->findOneBy(['email' => $credentials['email']]); }

  76. LOGIN FORM AUTHENTICATOR CSRF O TOKEN É VÁLIDO? public function

    checkCredentials($credentials, UserInterface $user) { } public function getUser($credentials, UserProviderInterface $userProvider) { $token = new CsrfToken('authenticate', $credentials['csrf_token']); if (!$this->csrfTokenManager->isTokenValid($token)) { throw new InvalidCsrfTokenException(); } return $this->userRepository->findOneBy(['email' => $credentials['email']]); }

  77. LOGIN FORM AUTHENTICATOR CSRF O TOKEN É VÁLIDO? public function

    checkCredentials($credentials, UserInterface $user) { } public function getUser($credentials, UserProviderInterface $userProvider) { $token = new CsrfToken('authenticate', $credentials['csrf_token']); if (!$this->csrfTokenManager->isTokenValid($token)) { throw new InvalidCsrfTokenException(); } return $this->userRepository->findOneBy(['email' => $credentials['email']]); }

  78. LOGIN FORM AUTHENTICATOR CSRF O TOKEN É VÁLIDO? public function

    getUser($credentials, UserProviderInterface $userProvider) { $token = new CsrfToken('authenticate', $credentials['csrf_token']); if (!$this->csrfTokenManager->isTokenValid($token)) { throw new InvalidCsrfTokenException(); } return $this->userRepository->findOneBy(['email' => $credentials['email']]); }

  79. LOGIN FORM AUTHENTICATOR CSRF O TOKEN É VÁLIDO? public function

    getUser($credentials, UserProviderInterface $userProvider) { $token = new CsrfToken('authenticate', $credentials['csrf_token']); if (!$this->csrfTokenManager->isTokenValid($token)) { throw new InvalidCsrfTokenException(); } return $this->userRepository->findOneBy(['email' => $credentials['email']]); }

  80. LOGIN FORM AUTHENTICATOR CSRF O TOKEN É VÁLIDO? public function

    getUser($credentials, UserProviderInterface $userProvider) { $token = new CsrfToken('authenticate', $credentials['csrf_token']); if (!$this->csrfTokenManager->isTokenValid($token)) { throw new InvalidCsrfTokenException(); } return $this->userRepository->findOneBy(['email' => $credentials['email']]); } <input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}">

  81. LOGIN FORM AUTHENTICATOR CSRF O TOKEN É VÁLIDO? public function

    getUser($credentials, UserProviderInterface $userProvider) { $token = new CsrfToken('authenticate', $credentials['csrf_token']); if (!$this->csrfTokenManager->isTokenValid($token)) { throw new InvalidCsrfTokenException(); } return $this->userRepository->findOneBy(['email' => $credentials['email']]); } <input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}">

  82. LOGIN FORM AUTHENTICATOR CSRF O TOKEN É VÁLIDO? public function

    getUser($credentials, UserProviderInterface $userProvider) { $token = new CsrfToken('authenticate', $credentials['csrf_token']); if (!$this->csrfTokenManager->isTokenValid($token)) { throw new InvalidCsrfTokenException(); } return $this->userRepository->findOneBy(['email' => $credentials['email']]); }

  83. DONE!

  84. MAS… E SE FOR UMA API?

  85. TOKENS, TOKENS EVERYWHERE

  86. RELACIONAR UM TOKEN A UM USUÁRIO/CLIENTE

  87. None

  88. DATA + TOKEN

  89. DATA + TOKEN AUTH

  90. DATA + TOKEN AUTH

  91. DATA + TOKEN RESPOSTA + NOVO TOKEN AUTH

  92. DATA + TOKEN RESPOSTA + NOVO TOKEN AUTH

  93. $ php bin/console make:auth

  94. API TOKEN AUTHENTICATOR namespace App\Security; /*...*/ class ApiTokenAuthenticator extends AbstractGuardAuthenticator

    { //métodos da AuthenticatorInterface }

  95. API TOKEN AUTHENTICATOR namespace App\Security; /*...*/ class ApiTokenAuthenticator extends AbstractGuardAuthenticator

    { //métodos da AuthenticatorInterface }

  96. API TOKEN AUTHENTICATOR public function supports(Request $request) { return $request->headers->has('Authorization');

    }

  97. API TOKEN AUTHENTICATOR public function getCredentials(Request $request) { $authorizationHeader =

    $request->headers->get('Authorization'); return $authorizationHeader; }

  98. API TOKEN AUTHENTICATOR public function getUser($credentials, UserProviderInterface $userProvider) { $token

    = $this->apiTokenRepo->findOneBy([ 'token' => $credentials ]); if (!$token) { throw new CustomUserMessageAuthenticationException( 'Invalid API Token' ); } if ($token->isExpired()) { throw new CustomUserMessageAuthenticationException( 'Token expired' ); } return $token->getUser(); }

  99. API TOKEN AUTHENTICATOR public function getUser($credentials, UserProviderInterface $userProvider) { $token

    = $this->apiTokenRepo->findOneBy([ 'token' => $credentials ]); if (!$token) { throw new CustomUserMessageAuthenticationException( 'Invalid API Token' ); } if ($token->isExpired()) { throw new CustomUserMessageAuthenticationException( 'Token expired' ); } return $token->getUser(); }

  100. API TOKEN AUTHENTICATOR public function getUser($credentials, UserProviderInterface $userProvider) { $token

    = $this->apiTokenRepo->findOneBy([ 'token' => $credentials ]); if (!$token) { throw new CustomUserMessageAuthenticationException( 'Invalid API Token' ); } if ($token->isExpired()) { throw new CustomUserMessageAuthenticationException( 'Token expired' ); } return $token->getUser(); }

  101. API TOKEN AUTHENTICATOR public function getUser($credentials, UserProviderInterface $userProvider) { $token

    = $this->apiTokenRepo->findOneBy([ 'token' => $credentials ]); if (!$token) { throw new CustomUserMessageAuthenticationException( 'Invalid API Token' ); } if ($token->isExpired()) { throw new CustomUserMessageAuthenticationException( 'Token expired' ); } return $token->getUser(); }

  102. API TOKEN AUTHENTICATOR public function getUser($credentials, UserProviderInterface $userProvider) { $token

    = $this->apiTokenRepo->findOneBy([ 'token' => $credentials ]); if (!$token) { throw new CustomUserMessageAuthenticationException( 'Invalid API Token' ); } if ($token->isExpired()) { throw new CustomUserMessageAuthenticationException( 'Token expired' ); } return $token->getUser(); }

  103. API TOKEN AUTHENTICATOR public function checkCredentials($credentials, UserInterface $user) { //

    seu código aqui } public function onAuthenticationFailure(Request $request, AuthenticationException $exception) { return new JsonResponse([ 'message' => $exception->getMessageKey() ], 401); } public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) { // seu código aqui }

  104. API TOKEN AUTHENTICATOR public function checkCredentials($credentials, UserInterface $user) { //

    seu código aqui } public function onAuthenticationFailure(Request $request, AuthenticationException $exception) { return new JsonResponse([ 'message' => $exception->getMessageKey() ], 401); } public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) { // seu código aqui }

  105. API TOKEN AUTHENTICATOR public function checkCredentials($credentials, UserInterface $user) { //

    seu código aqui } public function onAuthenticationFailure(Request $request, AuthenticationException $exception) { return new JsonResponse([ 'message' => $exception->getMessageKey() ], 401); } public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) { // seu código aqui }

  106. API TOKEN AUTHENTICATOR public function checkCredentials($credentials, UserInterface $user) { //

    seu código aqui } public function onAuthenticationFailure(Request $request, AuthenticationException $exception) { return new JsonResponse([ 'message' => $exception->getMessageKey() ], 401); } public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) { // seu código aqui }

  107. VOLTANDO AO SECURITY.YAML

  108. security: encoders: App\Entity\User: algorithm: argon2i #bcrypt providers: app_user_provider: entity: class:

    App\Entity\User property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: true guard: authenticators: - App\Security\LoginFormAuthenticator - App\Security\ApiTokenAuthenticator entry_point: App\Security\LoginFormAuthenticator SECURITY.YAML

  109. security: encoders: App\Entity\User: algorithm: argon2i #bcrypt providers: app_user_provider: entity: class:

    App\Entity\User property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: true guard: authenticators: - App\Security\LoginFormAuthenticator - App\Security\ApiTokenAuthenticator entry_point: App\Security\LoginFormAuthenticator SECURITY.YAML

  110. security: encoders: App\Entity\User: algorithm: argon2i #bcrypt providers: app_user_provider: entity: class:

    App\Entity\User property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: true guard: authenticators: - App\Security\LoginFormAuthenticator - App\Security\ApiTokenAuthenticator entry_point: App\Security\LoginFormAuthenticator SECURITY.YAML
  111. None

  112. ACESSO AOS SLIDES http://bit.ly/sflive-guard

  113. OBRIGADA! AVALIE NO JOIND.IN https://joind.in/talk/e11e4