8

我正在使用 HWIOAuthBundle 让用户使用 Oauth 登录,我创建了一个自定义用户提供程序,它创建一个用户以防万一它不存在:

public function loadUserByOAuthUserResponse(UserResponseInterface $response)
{
    $attr = $response->getResponse();
    switch($response->getResourceOwner()->getName()) {
        case 'google':
            if(!$user = $this->userRepository->findOneByGoogleId($attr['id'])) {
                if(($user = $this->userRepository->findOneByEmail($attr['email'])) && $attr['verified_email']) {
                    $user->setGoogleId($attr['id']);
                    if(!$user->getFirstname()) {
                        $user->setFirstname($attr['given_name']);
                    }
                    if(!$user->getLastname()) {
                        $user->setLastname($attr['family_name']);
                    }
                    $user->setGoogleName($attr['name']);
                }else{
                    $user = new User();
                    $user->setUsername($this->userRepository->createUsernameByEmail($attr['email']));
                    $user->setEmail($attr['email']);
                    $user->setFirstname($attr['given_name']);
                    $user->setLastname($attr['family_name']);
                    $user->setPassword('');
                    $user->setIsActive(true);
                    $user->setGoogleId($attr['id']);
                    $user->setGoogleName($attr['name']);
                    $user->addGroup($this->groupRepository->findOneByRole('ROLE_USER'));
                    $this->entityManager->persist($user);
                }
            }
            break;
        case 'facebook':
            if(!$user = $this->userRepository->findOneByFacebookId($attr['id'])) {
                if(($user = $this->userRepository->findOneByEmail($attr['email'])) && $attr['verified']) {
                    $user->setFacebookId($attr['id']);
                    if(!$user->getFirstname()) {
                        $user->setFirstname($attr['first_name']);
                    }
                    if(!$user->getLastname()) {
                        $user->setLastname($attr['last_name']);
                    }
                    $user->setFacebookUsername($attr['username']);
                }else{
                    $user = new User();
                    $user->setUsername($this->userRepository->createUsernameByEmail($attr['email']));
                    $user->setEmail($attr['email']);
                    $user->setFirstname($attr['first_name']);
                    $user->setLastname($attr['last_name']);
                    $user->setPassword('');
                    $user->setIsActive(true);
                    $user->setFacebookId($attr['id']);
                    $user->setFacebookUsername($attr['username']);
                    $user->addGroup($this->groupRepository->findOneByRole('ROLE_USER'));
                    $this->entityManager->persist($user);
                }
            }
            break;
    }

    $this->entityManager->flush();


    if (null === $user) {
        throw new AccountNotLinkedException(sprintf("User '%s' not found.", $attr['email']));
    }

    return $user;
}

问题是,例如 twitter 不提供电子邮件,或者我希望在创建新用户之前包含一些额外的字段。有没有办法在创建之前将用户重定向到“完整注册”表单?

我尝试添加一个请求侦听器,在每个请求上,如果用户已登录,则检查电子邮件是否存在,如果不存在,它会重定向到 complete_registration 页面,但如果用户去,它也会重定向到主页,注销或其他任何东西,我只想在他尝试访问某些用户限制页面时重定向他。

或者更好的是,在他提供所有必需的信息之前不要创建它。

4

2 回答 2

6

我自己找到了解决方案,我手动创建了一个新异常:

<?php

namespace Acme\UserBundle\Exception;

use Symfony\Component\Security\Core\Exception\AuthenticationException;
use HWI\Bundle\OAuthBundle\Security\Core\Exception\OAuthAwareExceptionInterface;

/**
 * IncompleteUserException is thrown when the user isn't fully registered (e.g.: missing some informations).
 *
 * @author Alessandro Tagliapietra http://www.alexnetwork.it/
 */
class IncompleteUserException extends AuthenticationException implements OAuthAwareExceptionInterface
{
    private $user;
    private $accessToken;
    private $resourceOwnerName;

    /**
     * {@inheritdoc}
     */
    public function setAccessToken($accessToken)
    {
        $this->accessToken = $accessToken;
    }

    /**
     * {@inheritdoc}
     */
    public function getAccessToken()
    {
        return $this->accessToken;
    }

    /**
     * {@inheritdoc}
     */
    public function getResourceOwnerName()
    {
        return $this->resourceOwnerName;
    }

    /**
     * {@inheritdoc}
     */
    public function setResourceOwnerName($resourceOwnerName)
    {
        $this->resourceOwnerName = $resourceOwnerName;
    }

    public function setUser($user)
    {
        $this->user = $user;
    }

    public function getUser($user)
    {
        return $this->user;
    }

    public function serialize()
    {
        return serialize(array(
            $this->user,
            $this->accessToken,
            $this->resourceOwnerName,
            parent::serialize(),
        ));
    }

    public function unserialize($str)
    {
        list(
            $this->user,
            $this->accessToken,
            $this->resourceOwnerName,
            $parentData
        ) = unserialize($str);
        parent::unserialize($parentData);
    }
}

这样,在自定义 Oauth 用户提供程序中,当我检查用户是否存在或创建新用户时,我会检查是否缺少必填字段:

if (!$user->getEmail()) {
    $e = new IncompleteUserException("Your account doesn't has a mail set");
    $e->setUser($user);
    throw $e;
}

在这种情况下,用户将被重定向到登录表单,会话中出现异常,所以在登录页面中我这样做:

if($error instanceof IncompleteUserException) {
    $session->set(SecurityContext::AUTHENTICATION_ERROR, $error);
    return $this->redirect($this->generateUrl('register_complete'));
}

并且它将被重定向到异常中带有 $user 的表单,因此它只能询问缺少的信息,然后登录用户。

于 2012-11-07T08:55:58.723 回答
1

我在迁移到 sf 网站时遇到了类似的问题。迁移后,我希望迁移的用户完成他们的个人资料,而新注册的用户可以立即开始。

我使用 RequestListener 解决了与您的想法类似的问题,但添加了允许用户在未完成其个人资料的情况下允许的页面白名单。根据您希望用户在未完成其个人资料的情况下访问的页面数量,您也可以考虑使用黑名单。

在重定向到配置文件完成页面时,我没有检查特定字段的存在,但在迁移用户数据库时添加了角色“ROLE_MIGRATION”。在您的情况下,您可以在通过 oauth 创建用户时添加角色。

这是我的请求侦听器的代码:

public function onRequest(GetResponseEvent $evt)
{

    if (HttpKernelInterface::MASTER_REQUEST !== $evt->getRequestType())
    {
        return;
    }

    $token = $this->securityContext->getToken();

    if(!is_object($token)) or not migrating
    {
        // user is not logged in
        return;
    }

    $user = $token->getUser();

    if(!$user instanceof User || !$user->hasRole('ROLE_MIGRATING'))
    {
        // different user class or already migrated
        return;
    }

    $openPaths = array(
        '/start-2.0',
        '/css',
        '/js',
        '/images',
        '/media',
        '/geo',
        '/_wdt',
        '/logout', or not migrating
        '/terms',
        '/contact',
        '/about',
        '/locale/set'
    );

    foreach($openPaths as $p)
    {
        if(strpos($evt->getRequest()->getPathInfo(),$p)===0)
        {
            // path is open for migrating users
            return;
        }
    }



    header('Location: /start-2.0');
    exit;
}
于 2012-11-06T19:47:46.190 回答