I make authorization on symfony, there are no special problems in the implementation, I set up a check from the database, everything works:

# app/config/security.yml security:: Delivery\AdminBundle\Entity\User: algorithm: bcrypt providers: user_db_provider: entity: class: DeliveryAdminBundle:User property: username firewalls: main: pattern: ^/admin provider: user_db_provider anonymous: ~ form_login: login_path: _security_login #login route check_path: _security_check #credentials check route failure_path: _security_login #failed login route default_target_path: a_home #successfull login route logout: path: _security_logout #logout route target: a_home #route to redirect after logout access_control: - { path: ^/admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/admin, roles: ROLE_ADMIN }

You also need the same ^ / admin route to configure direct authorization without entering a login / password, and passing the type of authorization to the url - email, hash to verify and authorize in case of successful verification.

Here https://habrahabr.ru/post/134005/ implementation is described, but I can not figure out how the system will "understand" which type to use - direct or through the login form?

    1 answer 1

    Different firewalls for the same URL will not work.

    I would do it like this. Would make a separate "open" url, which the user goes to with email + hash in the query string. Then you can validate this hash in the controller, then manually create and save the user token.

     $tokenStorage = $this->get('security.token_storage'); $tokenStorage->setToken(new SomeCustomHashToken($user, $user->getRoles()));

    After reboot, the system will consider the user with the current session authorized.

    • Token, as I understand it, you need to create yourself, right? - Zaur
    • @Zaur yes. You can even use any existing token, there is no difference. But I prefer to create a custom for such cases, so that it is immediately clear how the user is authorized. There you can write some kind of add. information - for example, hash and email (they may in theory be needed in the future). - Hast
    • Thank you very much. Implemented a little differently, but you suggested an idea! - Zaur