ats/user-bundle

ATS 用户包

维护者

详细信息

gitlab.com/atsdigital/user-bundle

问题

安装: 22

依赖关系: 0

建议者: 0

安全: 0

类型:symfony-bundle

v1.0.15 2019-03-26 14:45 UTC

Requires

Requires (Dev)

Provides

MIT e962460d54e0dd071fb58e50704021aa8dfe244c

This package is not auto-updated.

Last update: 2021-09-19 20:07:16 UTC

README

通用

基于 OAuth2 的功能齐全且 RESTful 的用户包

安装

  1. 更新你的 composer.json 文件以添加 ATS 私有 Packagist

    {
 "repositories": [
   // ...
     {
         "type": "composer",
         "url": "https://packagist.ats-digital.com"
     }
     // ...
 ],
 // ...
}

  2. 使用 composer 安装

    $ php composer require ats/user-bundle dev-master

配置

  1. 包注册

要开始使用此包,你需要更新你的 AppKernel.php 文件并注册以下包

<?php
// app/AppKernel.php

class AppKernel extends Kernel
{
    public function registerBundles()
    {
        $bundles = [
            // ...
            new Symfony\Bundle\FrameworkBundle\FrameworkBundle(),
            new Symfony\Bundle\SecurityBundle\SecurityBundle(),
            new Symfony\Bundle\MonologBundle\MonologBundle(),
            new Symfony\Bundle\TwigBundle\TwigBundle(),
            new Doctrine\Bundle\MongoDBBundle\DoctrineMongoDBBundle(),
            new Symfony\Bundle\SwiftmailerBundle\SwiftmailerBundle(),
            new Doctrine\Bundle\DoctrineBundle\DoctrineBundle(),
            new JMS\SerializerBundle\JMSSerializerBundle(),
            new FOS\OAuthServerBundle\FOSOAuthServerBundle(),
            new ATS\CoreBundle\ATSCoreBundle(),
            new ATS\UserBundle\ATSUserBundle(),
            // ...
        ];
    }
    // ...
}
  1. 包配置

默认配置足够,除非你可能需要覆盖它以自定义包的使用,为此,更新你的 config.yml 文件并添加以下配置部分,参见[配置参考][config-references]

配置 SwiftMailer

swiftmailer:
    transport:  "<transport>" # exp. gmail
    username:   "<username>"
    password:   "<password>"
    spool:
        type: file
        path: '%kernel.project_dir%/var/spool/app/%kernel.environment%'
    antiflood:
        threshold: 99
        sleep:     5
  1. 安全配置

更新你的 security.yml 文件并在其中添加以下配置,不要犹豫去查看 Symfony [文档][symfony-security] 以获取更多信息

# app/config/security.yml
security:
    encoders:
        ATS\UserBundle\Document\User: sha512

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        ats_user_provider:
            id: ATS\UserBundle\Provider\UserProvider

    firewalls:
        oauth_token:
            pattern:    ^/oauth/v2/token
            security:   false

        main:
            pattern:    ^/ # might be something else
            fos_oauth:  true
            stateless:  true
            anonymous:  false

    # put your own access control rules in here
    # access_control:
        # - { path: ^/, role: ROLE_USER }

用法

  1. 创建客户端
$ php bin/console ats:user:client:create <name>

前面的命令将输出类似以下内容

Client Credentials
==================

 +----------+-------------+-----------------+
 | name     | client_id   | client_secret   |
 +----------+-------------+-----------------+
 | <name>   | <client_id> | <client_secret> |
 +----------+-------------+-----------------+

  1. 创建用户

    $ php bin/console ats:user:create <usenrame> <email> <password>

  2. 请求 OAuth2 Bearer 访问令牌

使用你在步骤 1 中生成的 client_idclient_secret 以及你在步骤 2 中创建的用户名和密码(通过将 grant_type 设置为 password),发送 GET 请求,你的请求应该看起来像这样

$ curl -X GET 'http://127.0.0.1:8000/oauth/v2/token?grant_type=password&client_id=<client_id>&client_secret=<client_secret>&redirect_uri=<redirect_uri>&username=<username>&password=<password>'

此请求将返回一个包含 access_token 的 json 格式响应

{
    "access_token": <access_token>,
    "expires_in": 3600,
    "token_type": "bearer",
    "scope": <scopes>,
    "refresh_token": <refresh_token>
}
  1. 使用 access_token 登录

要使用之前生成的 access_token 登录到你的应用程序,你只需将其添加到请求的 header 中的 Authorization 头键,并在其前面添加关键字 Bearer 

$ curl -H 'Authorization: Bearer <access_token>' http://127.0.0.1:8000
  1. 刷新 OAuth2 Bearer 访问令牌

当你的访问令牌过期时,你可以通过发送使用你在步骤 1 中生成的 client_idclient_secret 以及你在步骤 2 中创建的用户名和密码(通过在步骤 3 中提供的 refresh_token 设置 grant_typerefresh_token)的 GET 请求来刷新它,你的请求应该看起来像这样

$ curl -X GET 'http://127.0.0.1:8000/oauth/v2/token?grant_type=password&client_id=<client_id>&client_secret=<client_secret>&redirect_uri=<redirect_uri>&username=<username>&password=<password>&refresh_token=<refresh_token>'

此请求将返回一个包含新的 access_token 的 json 格式响应

{
    "access_token": <access_token>,
    "expires_in": 3600,
    "token_type": "bearer",
    "scope": <scopes>,
    "refresh_token": <refresh_token>
}

就是这样。

示例
  1. 创建客户端
    $ php bin/console ats:user:client:create webapp

    输出

    Created client
+--------+-----------------------------------------------------------------------------+----------------------------------------------------+
| name   | client_id                                                                   | client_secret                                      |
+--------+-----------------------------------------------------------------------------+----------------------------------------------------+
| webapp | 5c0bad1027ff86203709f9a1_3gngcksw79escc0k0c0g4gc00k8kscwo4wks08kc8sk8w4gco4 | 1n8ahgynngxwcs8g8gs8cgg08o8gogk0k8sgogco0cocc8ck4w |
+--------+-----------------------------------------------------------------------------+----------------------------------------------------+


2. Create a user:

$ php bin/console ats:user:create myusername [email protected] mypassword


3. Request a OAuth2 Bearer access token:

$ curl -X GET 'http://127.0.0.1:8000/oauth/v2/token?grant_type=password&client_id=5c0bad1027ff86203709f9a1_3gngcksw79escc0k0c0g4gc00k8kscwo4wks08kc8sk8w4gco4&client_secret=1n8ahgynngxwcs8g8gs8cgg08o8gogk0k8sgogco0cocc8ck4w&redirect_uri=http://127.0.0.1&username=myusername&password=mypassword'

response:

{

"access_token": "N2Y5NTc1ZThiNjgyYWU3NTE1OGZjNTZlYWVhODJkYmQ5NmEzM2I4NzA1YTRmYzU4MGU2MWI3ZGZkNzUwMmI3Yg",
"expires_in": 3600,
"token_type": "bearer",
"scope": "user admin super_admin",
"refresh_token": "MWRkNjdkNDYwNjBlNjVkMjVmNTMzNGI1Mjc4YWUzMzg3YTY4MTQ5MDFlN2EwMGZmZThjYmI3YzFmMzkzYzQ5ZA"

}


4. Login using the `access_token`

$ curl -H 'Authorization: Bearer N2Y5NTc1ZThiNjgyYWU3NTE1OGZjNTZlYWVhODJkYmQ5NmEzM2I4NzA1YTRmYzU4MGU2MWI3ZGZkNzUwMmI3Yg' http://127.0.0.1:8000


3. Refresh a OAuth2 Bearer access token:

$ curl -X GET 'http://127.0.0.1:8000/oauth/v2/token?grant_type=refresh_token&client_id=5c0bad1027ff86203709f9a1_3gngcksw79escc0k0c0g4gc00k8kscwo4wks08kc8sk8w4gco4&client_secret=1n8ahgynngxwcs8g8gs8cgg08o8gogk0k8sgogco0cocc8ck4w&redirect_uri=http://127.0.0.1&username=myusername&password=mypassword&refresh_token=MWRkNjdkNDYwNjBlNjVkMjVmNTMzNGI1Mjc4YWUzMzg3YTY4MTQ5MDFlN2EwMGZmZThjYmI3YzFmMzkzYzQ5ZA'

response:

{

"access_token": "YTFmNDBlYmZkNDdhNGM1NTNkODY0ODNkNDQ4MmM4YWRmMGQ0ZDM3MDViNjUzMTNlNmYyYzc0MWI1NGQ4NTMyOQ",
"expires_in": 3600,
"token_type": "bearer",
"scope": "user admin super_admin",
"refresh_token": "ZThlNDI3NjViNzY0NmQyNDM5MzYzYzNiOGMzYmRjYjcxNGU4MDQzZjUwZGE1YTUzZWRmOTFhMTI1YWE5Yzg3OQ"

}


### Tests
---
To run unit test:

$ php ./vendor/bin/simple-phpunit --coverage-text --colors=never --strict-coverage --disallow-test-output -c phpunit.xml.dist

### Table of contents
---
[Configuration references][config-references]

---
Enjoy!

[symfony-security]: <https://symfony.com/doc/3.4/security.html>
[config-references]: <https://gitlab.ats-digital.com/ats/user-bundle/blob/master/doc/ConfigurationReferences.md>