symfony framework forum

[lucasmarin]

Hi,

i've been try get the credentials (password) of the user after login, but i can't because the method eraseCredentials is called in AuthenticationProviderManager.

Have any way that I choose don't call eraseCredentials?? I see that second parameter of AuthenticationProviderManager constructor have the eraseCredentials flag, have any way that I force this parameter to false? to can use $token->getCredentials() for return the password presented by logged user???

Code: Select all


class AuthenticationProviderManager implements AuthenticationManagerInterface {
    ...
    public function __construct(array $providers, $eraseCredentials = true) {
    ...



I'm trying to do this in many ways a few hours, but i don't have success.

Thanks so far.

Best regards.

Lucas

[blogsh]

Why would you want to do this? If the credentials aren't erased you save plain passwords in your sessions. I bet there is a secure solution to your problem that doesn't serve your user's password on a golden plate

[lucasmarin]

I need this in my project because I connect in imap with plain password presented by user, maybe I can create a persistent connection with imap using one time the password and then call eraseCredentials, but nonetheless I will need the plain text password after login.

[blogsh]

There is no configuration option that allows you to disable eraseCredentials. You could save the password encrypted in the session or in the user object when "loadUserByName" of your user provider is called. Another possibility would be to write an InteractiveLoginEvent listener.

Listener:

Code: Select all

use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;

class MyListener
{
    public function onLogin(InteractiveLoginEvent $event)
    {
        $token = $event->getAuthenticationToken();
        // save the password
    }
}

Service definition:

Code: Select all

services:
    my_listener:
        class: Path\To\MyListener
        tags:
            - { name: kernel.event_listener, event: security.interactive_login, method: onLogin }

Just hacked it in here in the forum... no guarantee that it works

[lucasmarin]

Thank's blogsh, it works.

Here, my code.

Code: Select all

...
class LoginListener {
  public function onLogin( InteractiveLoginEvent $event ) {
    $token = $event->getAuthenticationToken();
    $token->setAttribute( 'password', $event->getRequest()->request->get( '_password' ) );
  }
}


In my service class:

Code: Select all

<?php

namespace Lucas\WebmailBundle\Singleton;

use Lucas\ImapBundle\Command\Imap\ImapMessageCommand;
use Symfony\Component\DependencyInjection\ContainerInterface;

/**
 * This singleton class create only one instance to call imap message methods.
 *
 * @author lucas
 */
class WebmailImapMessageCommand extends ImapMessageCommand {

  private $container;

  public function __construct ( ContainerInterface $container ) {
    $this->container = $container;
    $security = $container->get('security.context');
    $token = $security->getToken();
    parent::__construct( $token->getUser()->getUsername(), $token->getAttribute( 'password' ) );
  }

}