如何在没有 Doctrine 的情况下实现 Symfony 5 身份验证？

Question

我正在将现有的 PHP 项目重写为 Symfony 5.3。我想将其身份验证系统升级到 Symfony 的。唯一的问题：在这个项目中，Doctrine 不是一个选项。

我怎样才能使用Symfony's authentication（可能与新的Authenticator-based Security一起使用）而不在任何地方调用Doctrine？

我知道我必须implement a UserLoaderInterface，但是the docs 使用Doctrine 的次数太多了，以至于我不知道该怎么做。

post I just mentioned 提出了类似的问题，但它仍然使用 Symfony 2，因此已经过时了。

我有一个数据库，其中包含必要的 User 表和常用列（ID、电子邮件、密码、姓名等）。

直截了当： 我如何在没有 Doctrine 的情况下使用Symfony's authentication（可能与新的Authenticator-based Security 一起使用）？

Answer 1

要在官方website 和本教程SymfonyCast 上进行配置，但基本上您可以根据需要对用户进行身份验证：

看下一个例子：

如果您的配置使用默认配置，请在 src\App\Security 文件夹中创建一个文件并创建 TokenAuthenticator 类，现在请参阅下面的代码，在这种情况下检查 App\Service\ExternalAuthenticator 类，谁将负责从其他服务或api获取信息并返回。

<?php

namespace App\Security;

use App\Example\Student;
use App\Service\ExternalAuthenticator;
use App\DTO\INFORMATIONFROMOTHERSERVICE;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
use Symfony\Component\Security\Core\Security;

final class TokenAuthenticator extends AbstractGuardAuthenticator
{
    /** @var Security */
    private $security;

    /** @var ExternalAuthenticator */
    private $externalAuthenticator;

    /** @var UrlGeneratorInterface */
    private $urlGenerator;

    public function __construct(
        Security $security,
        ExternalAuthenticator $externalAuthenticator
    ) {
        $this->security = $security;
        $this->externalAuthenticator = $externalAuthenticator;
    }

    /**
     * {@inheritDoc}
     */
    public function supports(Request $request)
    {
        //on this example, this guard must be using if on the request contains the word token
        $response = false;
        $apiKey = $request->query->get('token');
        if (!is_null($apiKey)) {
            $response = true;
        }

        return $response;
    }

    /**
     * {@inheritDoc}
     */
    public function getCredentials(Request $request)
    {
        $apiKey = $request->query->get('token');
        // Validate with anything you want, other service or api
        /** @var INFORMATIONFROMOTHERSERVICE**/
        $dtoToken = $this->externalAuthenticator->validateToken($apiKey, $simulator);

        return $dtoToken;
    }

    /**
     * @param INFORMATIONFROMOTHERSERVICE $credentials
     * @param UserProviderInterface $userProvider
     * @return INFORMATIONFROMOTHERSERVICE |UserInterface|null
     */
    public function getUser($credentials, UserProviderInterface $userProvider)
    {
        return $userProvider;
    }

    public function checkCredentials($credentials, UserInterface $user)
    {
        return true;
    }

    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
    {
        return new RedirectResponse($this->urlGenerator->generate('home_incorrect'));
    }

    public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey)
    {
        return new RedirectResponse($request->getPathInfo());
    }

    public function start(Request $request, AuthenticationException $authException = null)
    {
        return new RedirectResponse($this->urlGenerator->generate('home_incorrect'));
    }

    public function supportsRememberMe()
    {
        // todo
    }
}

现在外部服务必须返回 App\DTO\INFORMATIONFROMOTHERSERVICE 类，但是这个类必须实现 UserInterface，现在记住这一点。我们需要配置什么守卫必须负责什么路由，看下一个例子：

security:
    encoders:
        App\Entity\User:
            algorithm: bcrypt

    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
    providers:
        # used to reload user from session & other features (e.g. switch_user)
        app_user_provider:
            entity:
                class: App\Entity\User
                property: email
        //You can use a 
        custom_provider:
            id : App\DTO\INFORMATIONFROMOTHERSERVICE
        # used to reload user from session & other features (e.g. switch_user)
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        survey:
            anonymous: true
            pattern: ^/(custom_path)/
            // The
            provider: custom_provider
            guard:
                // You can use as many authenticator that you want, but in the node entrypoint, you must choose who must be the default if only is one you could remove the entrypoint node, similar as the main firewall
                authenticators:
                    - App\Security\TokenAuthenticator
                    - App\Security\OtherAuthenticator
                entry_point: App\Security\OtherAuthenticator
        main:
            anonymous: true
            lazy: true
            provider: app_user_provider
            logout:
                path: app_logout
            guard:
                authenticators:
                    - App\Security\AppAuthenticator

另请参阅下一个documentation，它将指导您创建类 App\DTO\INFORMATIONFROMOTHERSERVICE。

希望这个回答对你有帮助