Symfony 电子邮件验证 - 过期链接
问题描述 投票:0回答:1
我在我的 symfony 应用程序中进行了安全流程。
一切就绪,但如果电子邮件验证链接已过期,如何创建新链接“请求新链接”。 ?就像这张照片上的问题一样:
我做了symfony的安全性,一切正常,但是,我不知道在哪里可以找到如何在链接过期时“请求新链接”。
这是安全 YAML
security:
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
lazy: true
provider: app_user_provider
login_throttling:
max_attempts: 3
logout:
path: app_logout
form_login:
login_path: app_login
check_path: app_login
default_target_path: app_member
remember_me:
secret: '%kernel.secret%' # required
lifetime: 604800 # 1 week in seconds
access_control:
# - { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/member, roles: ROLE_USER }
这是注册控制器
namespace App\Controller;
use App\Entity\User;
use App\Form\RegistrationFormType;
use App\Repository\UserRepository;
use App\Security\EmailVerifier;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Bridge\Twig\Mime\TemplatedEmail;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Mime\Address;
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Contracts\Translation\TranslatorInterface;
use SymfonyCasts\Bundle\VerifyEmail\Exception\VerifyEmailExceptionInterface;
class RegistrationController extends AbstractController
{
private EmailVerifier $emailVerifier;
public function __construct(EmailVerifier $emailVerifier)
{
$this->emailVerifier = $emailVerifier;
}
#[Route('/register', name: 'app_register')]
public function register(Request $request, UserPasswordHasherInterface $userPasswordHasher, EntityManagerInterface $entityManager): Response
{
$user = new User();
$form = $this->createForm(RegistrationFormType::class, $user);
$form->handleRequest($request);
if ($form->isSubmitted() && $form->isValid()) {
// encode the plain password
$user->setPassword(
$userPasswordHasher->hashPassword(
$user,
$form->get('plainPassword')->getData()
)
);
$entityManager->persist($user);
$entityManager->flush();
// generate a signed url and email it to the user
$this->emailVerifier->sendEmailConfirmation('app_verify_email', $user,
(new TemplatedEmail())
->from(new Address('[email protected]', 'Account Confirmation'))
->to($user->getEmail())
->subject('Please Confirm your Email')
->htmlTemplate('registration/confirmation_email.html.twig')
);
// do anything else you need here, like send an email
return $this->redirectToRoute('app_login');
}
return $this->render('registration/register.html.twig', [
'registrationForm' => $form->createView(),
]);
}
#[Route('/verify/email', name: 'app_verify_email')]
public function verifyUserEmail(Request $request, TranslatorInterface $translator, UserRepository $userRepository): Response
{
$id = $request->query->get('id');
if (null === $id) {
return $this->redirectToRoute('app_register');
}
$user = $userRepository->find($id);
if (null === $user) {
return $this->redirectToRoute('app_register');
}
// validate email confirmation link, sets User::isVerified=true and persists
try {
$this->emailVerifier->handleEmailConfirmation($request, $user);
} catch (VerifyEmailExceptionInterface $exception) {
$this->addFlash('verify_email_error', $translator->trans($exception->getReason(), [], 'VerifyEmailBundle'));
return $this->redirectToRoute('app_register');
}
// @TODO Change the redirect on success and handle or remove the flash message in your templates
$this->addFlash('success', 'Your email address has been verified.');
return $this->redirectToRoute('app_register');
}
}
这是电子邮件验证器
<?php
namespace App\Security;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Bridge\Twig\Mime\TemplatedEmail;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Mailer\MailerInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use SymfonyCasts\Bundle\VerifyEmail\Exception\VerifyEmailExceptionInterface;
use SymfonyCasts\Bundle\VerifyEmail\VerifyEmailHelperInterface;
class EmailVerifier
{
public function __construct(
private VerifyEmailHelperInterface $verifyEmailHelper,
private MailerInterface $mailer,
private EntityManagerInterface $entityManager
) {
}
public function sendEmailConfirmation(string $verifyEmailRouteName, UserInterface $user, TemplatedEmail $email): void
{
$signatureComponents = $this->verifyEmailHelper->generateSignature(
$verifyEmailRouteName,
$user->getId(),
$user->getEmail(),
['id' => $user->getId()]
);
$context = $email->getContext();
$context['signedUrl'] = $signatureComponents->getSignedUrl();
$context['expiresAtMessageKey'] = $signatureComponents->getExpirationMessageKey();
$context['expiresAtMessageData'] = $signatureComponents->getExpirationMessageData();
$email->context($context);
$this->mailer->send($email);
}
/**
* @throws VerifyEmailExceptionInterface
*/
public function handleEmailConfirmation(Request $request, UserInterface $user): void
{
$this->verifyEmailHelper->validateEmailConfirmation($request->getUri(), $user->getId(), $user->getEmail());
$roles = [];
$roles[] = "ROLE_MEMBER";
$user->setRoles($roles);
$user->setIsVerified(true);
$this->entityManager->persist($user);
$this->entityManager->flush();
}
}
1个回答
0
投票
投票
创建一个新操作,该操作将: a) 检查用户是否仍未验证 b) 重新生成签名电子邮件并再次发送
在 RegistrationController 中类似这样的东西:
#[Route('/verify/request', name: 'app_request_verification_email')]
public function requestVerificationEmail(Request $request, TranslatorInterface $translator, UserRepository $userRepository): Response
{
$id = $request->query->get('id');
if (null === $id) {
return $this->redirectToRoute('app_register');
}
$user = $userRepository->find($id);
if (null === $user) {
return $this->redirectToRoute('app_register');
}
if ($user->isVerified() && $user->hasRole("ROLE_MEMBER")) {
$this->addFlash('already_verified', $translator->trans($exception->getReason(), [], 'VerifyEmailBundle'));
return $this->redirectToRoute('app_register');
}
$this->emailVerifier->sendEmailConfirmation('app_verify_email', $user,
(new TemplatedEmail())
->from(new Address('[email protected]', 'Account Confirmation'))
->to($user->getEmail())
->subject('Please Confirm your Email')
->htmlTemplate('registration/confirmation_email.html.twig')
);
$this->addFlash('success', 'New verification link has been sent');
return $this->redirectToRoute('app_register');
}
最新问题
- 如何切换 VS Code 以使用 Pylance 而不是 Jedi?
- Git 页面不加载 css(外部/内部)和图像
- 在Ubuntu中设置optirun和g++作为编译器来编译OpenCL
- Aarch64 的 CPSR 寄存器的困惑:如何读取它以及“ARM 处理器模式”的编码
- Agda 终止检查对于反向-++-分布练习失败
- 如何检查HTML日期选择器日历的dom?
- Django as_field_group?
- 使用Minikube:部署了SQL Server 2022,但在主机上使用ssms无法访问它
- 如何通过pandas数据框中的记录迭代计算指数移动平均线(EMA)
- Laravel 5 单元测试 - 在 null 上调用成员函数connection()
- 即使在 ttlAfterFinished 很久之后仍在使用的 Job 实例的 kubernetes 版本名称
- 列表理解仅输出 1 行,而不是按三角形数字序列输出多行
- JAVA中如何从日期时间格式获取星期几?
- 阻止用户访问“表单发送确认页面”,除非他们通过表单到达那里
- 如何在 Laravel 中验证数组
- 为什么C的pow()比cpow()更精确?
- DelegatingHandler 中的私有变量混合来自其他请求的值
- 在 Windows (emacs) 中使用 org-screenshot.el
- 如何获取vim中光标下高亮的组名?
- 使图像最小的一面用滚动条覆盖浏览器窗口
© www.soinside.com 2019 - 2024. All rights reserved.