How to programmatically authenticate a user

Question

I have a controller that is supposed to add a user through a simple form, but I cannot get the user to be manually authenticated.

use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken    

public function addAction($user)
    {
           $token =new UsernamePasswordToken(
                    $user->getUsername(),
                    $user->getPassword(),
                    'secured_area',
                   $user->getRoles()
                    );

           $this->get('security.context')->setToken($token);
           // as suggested in some other answers

           $request->getSession()->set('_security_secured_area', serialize($token));
           // as suggested in http://techblog.zabuchy.net/2012/manually-authenticate-symfony-2-user/

            return $this->redirect($this->generateUrl('acme_project_secure_show' )
                    );
        }
    }

The redirection to the secure route works, but then the method $this->getUser() returns null as the authentication is not set properly... I can get the user from $user= $this->get('security.context')->getToken(); instead of $user= $this->get('security.context')->getToken()->getUser(); shortcut for $this->getUser() see the Book here Any idea why?

http://stackoverflow.com/questions/9550079/programmatically-login-user — mpm, Jan 24 '13 at 23:30
Does your user have any roles? It needs at least one for token to be considered authenticated. Don't do that session stuff. The security context listener takes care of that. Use the debug toolbar and see if the security token makes it into the session. — Cerad, Jan 25 '13 at 23:24
what is your firewall config ? the security context is specific for each firewall. maybe you are redirecting to a url which is not behind the same firewall. — Florian Klein, Jan 28 '13 at 16:41

score 6 · Accepted Answer · answered Jan 29 '13 at 22:43

6

Problem solved - two points were missing: 1) it was necessary to dispatch the InteractiveLoginEvent -thanks mpm for the link 2) the route of this controller was not under the secured_area firewall - merci Florian ;)

answered Jan 29 '13 at 22:43

Francis

109
1
1
6

Another error you made was the first parameter of UsernamePassworkToken needs the whole user object instead of only the username! – 10us Jul 12 '16 at 10:22

score 0 · Answer 2 · answered Jan 25 '13 at 00:56

0

You can try this

use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken

$token = new UsernamePasswordToken($user, $user->getPassword(), "firewallname", $user->getRoles());

answered Jan 25 '13 at 00:56

Mirage

30,868
62
166
261

yeah, the namespace is set correctly - see update – Francis Jan 25 '13 at 21:42

score -1 · Answer 3 · edited Jan 25 '13 at 09:27

-1

As said @user19340357, you can instanciate a token by hand.

What he forgot to say is that you should set it in the security context:

use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken

$token = new UsernamePasswordToken($user, $user->getPassword(), "firewallname", $user->getRoles());
$securityContext = $this->container->get('security.context'); // do it your way
$securityContext->setToken($token);

edited Jan 25 '13 at 09:27

j0k

22,600
28
79
90

answered Jan 25 '13 at 09:19

Florian Klein

8,692
1
32
42

I don't see the difference from what I'm doing. `$this->getUser()` is still null – Francis Jan 25 '13 at 21:45

How to programmatically authenticate a user

3 Answers3