0

I'm creating a website thanks to Symfony2 with FOSUserBundle.

I'm triyng to deny multiple connections on the same login (but from different computers for example). I've 2 solutions :

  • Create an event listner on authentification but I didn't manage to make it. (even with the cookbook).
  • override the login_check method but my FOSUserBundle doesn't work if I do it.

Do you have any better options? Or any solutions?

j0k
  • 22,600
  • 28
  • 79
  • 90
sllly
  • 73
  • 1
  • 6
  • FYI here is another solution on SO: http://stackoverflow.com/questions/13514513/prevent-duplicate-login-with-fosuserbundle – fkoessler Nov 28 '12 at 06:32

3 Answers3

1

Got it finaly. There is just one last update to make to solve it all. You need to add an other field to the User entity. sessionId (string). Then update your LoginListener class like that : 

// YourSite\UserBundle\Listener\YourSiteLoginListener.php

//...
public function onSecurityInteractiveLogin(InteractiveLoginEvent $event)
{
    $request = $event->getRequest();
    $session = $request->getSession();
    $user = $event->getAuthenticationToken()->getUser();
    $has_session = is_file ( '/path_to_your_php_session_file/'.'sess_'.$user->getSessionId() );

    if($user->getLogged() && $has_session){
        throw new AuthenticationException('this user is already logged');
    }else{
        $user->setLogged(true);
        $user->setSessionId($session->getId());
        $this->userManager->updateUser($user);
    }   
}
sllly
  • 73
  • 1
  • 6
0

Maybe this will help people to solve this problem.

It's kind of a solution but there is still a problem : If the user session is killed by php (after too mush time without action for example), you will have to go into your database to reset the "logged" value to 0.

So my solution is :

-add the field "logged" (boolean) to you User entity.

-in YourSite\UserBundle\Listener create a : YourSiteLoginListener.php with this code

namespace YourSite\UserBundle\Listener;

use FOS\UserBundle\Model\UserManagerInterface;
use FOS\UserBundle\Model\UserInterface;
use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\SecurityContext;


class YourSiteLoginListener
{
private $userManager;

    public function __construct(UserManagerInterface $userManager)
    {
        $this->userManager = $userManager;
    }

    public function onSecurityInteractiveLogin(InteractiveLoginEvent $event)
    {   
        $user = $event->getAuthenticationToken()->getUser();

        if($user->getLogged()){
            throw new AuthenticationException('this user is already logged');
        }else{
            $user->setLogged(true);
            $this->userManager->updateUser($user);
        }   
    }
}

-then in the same directory, create a logout handler : YourSiteLogoutHandler.php

namespace YourSite\UserBundle\Listener;

use FOS\UserBundle\Model\UserManagerInterface;
use FOS\UserBundle\Model\UserInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Http\Logout\LogoutHandlerInterface;

class YourSiteLogoutHandler implements LogoutHandlerInterface
{
    private $userManager;

    public function __construct(UserManagerInterface $userManager)
    {
        $this->userManager = $userManager;
    }

    public function logout (Request $request, Response $response, TokenInterface $token){
        $user = $token->getUser();
        if($user->getLogged()){
            $user->setLogged(false);
            $this->userManager->updateUser($user);
        }
    }
}

-finaly declare those services in your app/config.yml for example:

services:
    yoursite_login_listener:
        class: YourSite\UserBundle\Listener\YourSiteLoginListener
        arguments: [@fos_user.user_manager]
        tags:
            - { name: kernel.event_listener, event: security.interactive_login, method :onSecurityInteractiveLogin }

    yoursite_logout_handler:
        class: YourSite\UserBundle\Listener\YourSiteLogoutHandler
        arguments: [@fos_user.user_manager]
sllly
  • 73
  • 1
  • 6
0

In Symfony3, the logout handler was not trigged by the code above. I rebuild the code so the system is updated when the user is logging out.

namespace YourSite\UserBundle\Listener;

use FOS\UserBundle\Model\UserManagerInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface;

class LogoutSuccessHandler implements LogoutSuccessHandlerInterface
{
    private $userManager;

    public function __construct(UserManagerInterface $userManager)
    {
        $this->userManager = $userManager;
    }


    public function onLogoutSuccess(Request $request){
        global $kernel;
        $user = $kernel->getContainer()->get('security.token_storage')->getToken()->getUser();
        if($user->getLogged()){
            $user->setLogged(false);
            $this->userManager->updateUser($user);
        }
        $referer = $request->headers->get('referer');

        return new RedirectResponse($referer);      
    }
}
Jørgen Rudolph Låker
  • 139
  • 1
  • 6