承接 roadiz/user-bundle 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

roadiz/user-bundle

Composer 安装命令:

composer require roadiz/user-bundle

包简介

Public user management bundle for Roadiz CMS

README 文档

README

Public user management bundle for Roadiz v2

Run test status

Installation

Make sure Composer is installed globally, as explained in the installation chapter of the Composer documentation.

Applications that use Symfony Flex

Open a command console, enter your project directory and execute:

$ composer require roadiz/user-bundle

Applications that don't use Symfony Flex

Step 1: Download the Bundle

Open a command console, enter your project directory and execute the following command to download the latest stable version of this bundle:

$ composer require roadiz/user-bundle

Step 2: Enable the Bundle

Then, enable the bundle by adding it to the list of registered bundles in the config/bundles.php file of your project:

// config/bundles.php

return [
    // ...
    \RZ\Roadiz\UserBundle\RoadizUserBundle::class => ['all' => true],
];

Configuration

  • Copy API Platform resource configuration files to your Roadiz project api_resource folder:
    • ./config/api_resources/user.yaml
    • ./config/api_resources/me.yaml
  • Edit your ./config/packages/framework.yaml file with:
framework:
    rate_limiter:
        user_signup:
            policy: 'token_bucket'
            limit: 5
            rate: { interval: '1 minutes', amount: 3 }
            cache_pool: 'cache.user_signup_limiter'
        password_request:
            policy: 'token_bucket'
            limit: 3
            rate: { interval: '1 minutes', amount: 3 }
            cache_pool: 'cache.password_request_limiter'
        password_reset:
            policy: 'token_bucket'
            limit: 3
            rate: { interval: '1 minutes', amount: 3 }
            cache_pool: 'cache.password_reset_limiter'
  • Edit your ./config/packages/cache.yaml file with:
framework:
    cache:
        pools:
            cache.user_signup_limiter: ~
            cache.password_request_limiter: ~
            cache.password_reset_limiter: ~
  • Edit your ./config/packages/security.yaml file with:
security:
    access_control:
        # Prepend user routes configuration before API Platform ones
        # Public routes must be defined before protected ones
        - { path: "^/api/users/login_link_check", methods: [ POST ], roles: PUBLIC_ACCESS }
        - { path: "^/api/users/login_link", methods: [ POST ], roles: PUBLIC_ACCESS }
        - { path: "^/api/users/signup", methods: [ POST ], roles: PUBLIC_ACCESS }
        - { path: "^/api/users/password_request", methods: [ POST ], roles: PUBLIC_ACCESS }
        - { path: "^/api/users/password_reset", methods: [ PUT ], roles: PUBLIC_ACCESS }
        # ...
        - { path: "^/api", roles: ROLE_BACKEND_USER, methods: [ POST, PUT, PATCH, DELETE ] }
        - { path: "^/api/users", methods: [ GET, PUT, PATCH, POST ], roles: ROLE_USER }
  • Edit your ./.env file with:
USER_PASSWORD_RESET_URL=https://your-public-url.test/reset
USER_VALIDATION_URL=https://your-public-url.test/validate
USER_PASSWORD_RESET_EXPIRES_IN=600
USER_VALIDATION_EXPIRES_IN=3600
  • Update your CORS configuration with additional headers Www-Authenticate and x-g-recaptcha-response:
# config/packages/nelmio_cors.yaml
nelmio_cors:
    defaults:
        # ...
        allow_headers: ['Content-Type', 'Authorization', 'Www-Authenticate', 'x-g-recaptcha-response']
        expose_headers: ['Link', 'Www-Authenticate']

Passwordless user creation and authentication

You can switch your public users to PasswordlessUser and set up a login link authentication process along with user creation process.

First you need to configure a public login link route:

# config/routes.yaml
public_login_link_check:
    path: /api/users/login_link_check
    methods: [POST]

Then you need to configure your security.yaml file to use login_link authentication process in your API firewall. You must use all_users provider to be able to use Roadiz User provider during the login_link authentication process.

# config/packages/security.yaml
# https://symfony.com/bundles/LexikJWTAuthenticationBundle/current/8-jwt-user-provider.html#symfony-5-3-and-higher
api:
    pattern: ^/api
    stateless: true
    # We need to use all_users provider to be able to use Roadiz User provider 
    # during the login_link authentication process
    provider: all_users
    jwt: ~
    login_link:
        check_route: public_login_link_check
        check_post_only: true
        success_handler: lexik_jwt_authentication.handler.authentication_success
        failure_handler: lexik_jwt_authentication.handler.authentication_failure
        signature_properties: [ 'email' ]
        # lifetime in seconds
        lifetime: 600
        max_uses: 3

Public login link creation

Then you'll need a public route to request a login-link. In your project create a new App\Controller\SecurityController and add a new route /api/users/login_link:

<?php

declare(strict_types=1);

namespace App\Controller;

use RZ\Roadiz\CoreBundle\Repository\UserRepository;
use RZ\Roadiz\CoreBundle\Security\LoginLink\LoginLinkSenderInterface;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Security\Http\LoginLink\LoginLinkHandlerInterface;

final readonly class SecurityController
{
    public function __construct(
        private LoginLinkSenderInterface $loginLinkSender,
    ) {
    }
    
    #[Route('/api/users/login_link', name: 'public_user_login_link_request', methods: ['POST'])]
    public function requestLoginLink(
        LoginLinkHandlerInterface $loginLinkHandler,
        UserRepository $userRepository,
        Request $request
    ): Response {
        // load the user in some way (e.g. using the form input)
        $email = $request->getPayload()->get('email');
        $user = $userRepository->findOneBy(['email' => $email]);

        if (null === $user) {
            // Do not leak if a user exists or not
            return new JsonResponse(null, Response::HTTP_NO_CONTENT);
        }

        // create a login link for $user this returns an instance
        // of LoginLinkDetails
        $loginLinkDetails = $loginLinkHandler->createLoginLink($user, $request);
        $this->loginLinkSender->sendLoginLink($user, $loginLinkDetails);
        return new JsonResponse(null, Response::HTTP_NO_CONTENT);
    }
}

Register your controller:

# config/services.yaml
services:
    App\Controller\SecurityController:
        tags: [ 'controller.service_arguments' ]

Override login link URL

Roadiz User Bundle provides a custom Symfony\Component\Security\Http\LoginLink\LoginLinkHandlerInterface service to generate a login-link with a different base-uri, all you need is to register RZ\Roadiz\UserBundle\Security\FrontendLoginLinkHandler service in your project with its mandatory arguments:

# config/services.yaml
services:
    RZ\Roadiz\UserBundle\Security\FrontendLoginLinkHandler:
        decorates: Symfony\Component\Security\Http\LoginLink\LoginLinkHandlerInterface
        arguments:
            $decorated: '@RZ\Roadiz\UserBundle\Security\FrontendLoginLinkHandler.inner'
            $frontendLoginCheckRoute: '%frontend_login_check_route%'
            $frontendLoginLinkRequestRoutes:
                - 'frontend_user_login_link_request'
                - 'public_user_login_link_request'
                - 'api_user_signup'
            $signatureHasher: '@security.authenticator.login_link_signature_hasher.api_login_link'

Now for each $frontendLoginLinkRequestRoutes login_link will be generated using $frontendLoginCheckRoute base URL

Public users roles

  • ROLE_PUBLIC_USER: Default role for public users
  • ROLE_PASSWORDLESS_USER: Role for public users authenticated with a login link
  • ROLE_EMAIL_VALIDATED: Role for public users added since they validated their email address, through a validation token or a login link

Maintenance commands

  • bin/console users:purge-validation-tokens: Delete all expired user validation tokens
  • bin/console users:inactive -d 60 -r ROLE_PUBLIC_USER -m ROLE_EMAIL_VALIDATED -v: Delete all inactive public users that did not logged-in for 60 days. Notice that this command example only displays users that do not have ROLE_EMAIL_VALIDATED role.

Contributing

Report issues and send Pull Requests in the main Roadiz repository

roadiz/user-bundle 适用场景与选型建议

roadiz/user-bundle 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 606 次下载、GitHub Stars 达 3, 最近一次更新时间为 2022 年 06 月 14 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「cms」 「backoffice」 「rezo zero」 「roadiz」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 roadiz/user-bundle 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 roadiz/user-bundle 我们能提供哪些服务?
定制开发 / 二次开发

基于 roadiz/user-bundle 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 606
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 3
  • 点击次数: 18
  • 依赖项目数: 0
  • 推荐数: 1

GitHub 信息

  • Stars: 3
  • Watchers: 2
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2022-06-14