How to prevent user creation for user not allowed in the systems?
Closed this issue · 4 comments
chanondb commented
Is there anyway to prevent user provider auto create user???
chanondb commented
Nevermind my bad, confusing of some part
KevinSleegers commented
@chanondb How have you been able to prevent the user creation?
chanondb commented
Can't remember exactly, I run dump and debug step for a while.
What i found through my code is.
- class UserCreator : I just return new User();
public function createUser(Response $response) { return new User(); }
- AcsController : when we got callback request from google
`
/**
*
* @Route("/saml-acs", name="saml-acs", methods={"POST"})
*/
public function index(SessionInterface $session, Request $request, UserPasswordEncoderInterface $passwordEncoder, LoggerInterface $dblogger)
{
$bindingFactory = new \LightSaml\Binding\BindingFactory();
$binding = $bindingFactory->getBindingByRequest($request);
$messageContext = new \LightSaml\Context\Profile\MessageContext();
/** @var \LightSaml\Model\Protocol\Response $response */
$response = $binding->receive($request, $messageContext);
if (!is_null($messageContext) && !is_null($messageContext->asResponse())) {
$nameAttr = $messageContext->asResponse()
->getFirstAssertion()
->getFirstAttributeStatement()
->getFirstAttributeByName("FirstName");
$lastnameAttr = $messageContext->asResponse()
->getFirstAssertion()
->getFirstAttributeStatement()
->getFirstAttributeByName("LastName");
$emailAttr = $messageContext->asResponse()
->getFirstAssertion()
->getFirstAttributeStatement()
->getFirstAttributeByName("Email");
$clientName = $nameAttr->getFirstAttributeValue() . ' ' . $lastnameAttr->getFirstAttributeValue();
$email = $emailAttr->getFirstAttributeValue();
// found user : login if user is admin++
$userRepo = $this->getDoctrine()->getRepository(User::class);
$foundUser = $userRepo->findOneBy([
"email" => $email, 'deletedAt' => null
]);
if (!is_null($foundUser)) {
if ($foundUser->getStatus() == User::STATUS_ACTIVE) {
$this->manualAuthenUser($foundUser);
if ($this->isGranted('ROLE_ADMIN')) {
$dblogger->info('login user: "' . $email, ["authen" => "saml", "backend" => true]);
return $this->redirectToRoute('easyadmin');
} else {
$dblogger->info('login user: "' . $email, ["authen" => "saml", "backend" => false]);
return $this->redirectToRoute('app_security_login');
}
} else {
$dblogger->info('login user inactive: "' . $email, ["authen" => "saml", "backend" => false]);
return $this->redirectToRoute('app_security_login');
}
} else {
// not found user : create user as normal user
// prevent create user
return $this->redirectToRoute('app_security_login');
}
} else {
// dump($messageContext->asResponse()
// ->getFirstAssertion()
// ->getAllItems());
// error login
// die();
return $this->redirectToRoute('app_security_login');
}
// die();
}
private function manualAuthenUser($foundUser)
{
$token = new UsernamePasswordToken($foundUser, $foundUser->getPassword(), 'main', $foundUser->getRoles());
$this->get('security.token_storage')->setToken($token);
$this->get('session')->set('_security_main', serialize($token));
}
`
KevinSleegers commented
@chanondb Thanks! Returning a new User seems to have solved my issue.