问题
I work on a Symfony web application which has a standard login form. To allow users to login more easily we want to give them a link which logs them in directly. I've already build a way to get a token to use, but I have no clue as to how the Symfony login process works, specifically how I can adapt it to take a GET/POST token instead of redirecting to the login page. Any help appreciated!
Oh and this is Symfony 1.2 BTW (and no, upgrading is not an option right now)
回答1:
Not sure if there are any differences with regard to this in 1.2 compared to 1.4, but in 1.4 I'd suggest taking a look at the sfGuardPlugin's signin() method (or that of sfDoctrineGuardPlugin) to figure out a suitable solution.
$this->getUser()->signIn(... params ...);
That single call will take care of authentication so I think all you really need to do is to resolve your link-specific stuff beforehand (e.g. validate and fetch sfguarduser username & password from db) and then call that method with the user-specific params. Looking at the method will show you exactly what you're passing into it and how it's being used. It's the same one as is being used in the post action of the login form.
Hope that points you in the right direction.
回答2:
Thanks Tom, what I ended up doing was building a second login module/action (I already had a executeLogin action which basically sets the $this->getUser() and $this->getUser()->setAuthenticated(true) when the username/password is correct) with a token instead of username/password. Some things to take into account on security: either clear up your token when used in a successful login attempt or set something of an expiration timestamp when creating the token. This way a bot can't 'guess' a token.
来源:https://stackoverflow.com/questions/2757192/login-to-application-with-get-post-token