我正在开发一个集成了 REST API 的 Symfony 应用程序,但我遇到了一个问题,当通过 API 请求以 JSON 形式返回用户实体时,它会返回用户密码,尽管已加密,但我想避免它。
我的用户实体是:
<?php
namespace AppBundle\Entity;
use AppBundle\Util\Language;
use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\AdvancedUserInterface;
/**
* @ORM\Table(name="users")
* @ORM\Entity(repositoryClass="AppBundle\Repository\UserRepository")
*/
class User implements AdvancedUserInterface, \Serializable
{
public function __construct()
{
$this->isActive = true;
}
// Functions and parameters
/**
* Set password
*
* @param string $password
*
* @return User
*/
public
function setPassword($password)
{
$this->password = $password;
return $this;
}
/**
* Get password
*
*
* @return string
*/
public function getPassword()
{
return $this->password;
}
// More functions and parameters
/** @see \Serializable::serialize() */
public
function serialize()
{
return serialize(array(
$this->id,
$this->username,
$this->password,
$this->isActive,
$this->createdAt,
$this->lastLogin,
));
}
/** @see \Serializable::unserialize() */
public
function unserialize($serialized)
{
list (
$this->id,
$this->username,
$this->password,
$this->isActive,
$this->createdAt,
$this->lastLogin,
) = unserialize($serialized);
}
}
用户存储库
<?php
namespace AppBundle\Repository;
use Symfony\Bridge\Doctrine\Security\User\UserLoaderInterface;
use Doctrine\ORM\EntityRepository;
class UserRepository extends EntityRepository implements UserLoaderInterface
{
public function loadUserByUsername($username)
{
return $this->createQueryBuilder('u')
->where('u.username = :username OR u.email = :email')
->setParameter('username', $username)
->setParameter('email', $username)
->getQuery()
->getOneOrNullResult();
}
}
我有一个静态方法来构建 API 响应
public static function createSuccessfulresponse($entity, $entityName, $responseCode, $userLocale = "en", $responseMsg = "")
{
$defResponseMsg = ($responseMsg != "" ? $responseMsg : ApiResponseCode::getMsg($responseCode, $userLocale));
$responseArray = array();
$responseArray['responseCode'] = $responseCode;
$responseArray['responseMsg'] = $defResponseMsg;
$responseArray['userLocale'] = $userLocale;
if ($entity != null) {
$responseArray[$entityName] = $entity;
}
return ApiResponseHelper::serializeResponse($responseArray);
}
响应序列化器
private static function serializeResponse($responseArray)
{
$encoders = array(new JsonEncoder());
$normalizers = array(new ObjectNormalizer());
$serializer = new Serializer($normalizers, $encoders);
return $serializer->serialize($responseArray, 'json');
}
其中一个 API 调用返回一个 user 实体(还有更多)
/**
* @Route("/api/url/{uid}" )
* @Method({"GET"})
*/
public function getByUidAction($uid)
{
$user = $this->get('security.token_storage')->getToken()->getUser();
$entityManager = $this->getDoctrine()->getManager();
$entity = $entityManager->getRepository('AppBundle:Workday')->findOneBy(['uid' => $uid, 'user' => $user]);
if($entity != null){
return new Response(ApiResponseHelper::createSuccessfulresponse($entity, "workday", ApiResponseCode::SUCCESS_FETCH_WORKDAY, $user->getLocale()));
}else{
return new Response(ApiResponseHelper::createSuccessfulresponse(null, "workday", ApiResponseCode::ERROR_EXISTS_WORKDAY, $user->getLocale()));
}
}
这是来自上述方法的一个 JSON 响应
{
"responseCode": "successfulResponseCode",
"responseMsg": "Data received",
"userLocale": "es",
"workday": {
"id": 10,
... so many data
"job": {
"id": 11,
.. more json data
},
"user": {
"username": "amendez",
"password": "encrypted_password",
... more data
},
... and more data
}
}
正如您所看到的,我收到了一个包含用户的 JSON 对象,其中包含其加密密码和许多其他数据,我的目标是避免返回密码 key 和值。
有人知道我怎样才能实现它吗?
最佳答案
您需要定义序列化器组并分配所需的 getter。请参阅:https://symfony.com/doc/current/components/serializer.html#attributes-groups .
首选(最佳实践)方法是分配所需的组。
use Symfony\Component\Serializer\Annotation\Groups;
class User implements AdvancedUserInterface, \Serializable
{
/**
* @Groups({"api"})
* @return string
*/
public function getUsername()
{
return $this->username;
}
//...
/**
* Get password
* @return string
*/
public function getPassword()
{
return $this->password;
}
}
进行编辑以便更轻松地使用序列化器服务
在 app/config/config.yml 中启用注释,从而启用序列化器服务。
#config.yml
framework:
#...
serializer:
enable_annotations: true
现在您可以直接调用序列化器服务或在自定义服务中使用 DI。
use Symfony\Component\Serializer\Encoder\JsonEncoder;
use Symfony\Component\HttpFoundation\JsonResponse;
private static function serializeResponse($responseArray)
{
$serializer = $this->container->get('serializer');
return $serializer->serialize($responseArray, JsonEncoder::FORMAT, array(
'groups' => array('api'),
'json_encode_options' => JsonResponse::DEFAULT_ENCODING_OPTIONS
));
}
手动将序列化器组件与组一起使用。
use Symfony\Component\Serializer\Mapping\Factory\ClassMetadataFactory;
use Doctrine\Common\Annotations\AnnotationReader;
use Symfony\Component\Serializer\Mapping\Loader\AnnotationLoader;
private static function serializeResponse($responseArray)
{
$classMetadataFactory = new ClassMetadataFactory(new AnnotationLoader(new AnnotationReader()));
$normalizer = new ObjectNormalizer($classMetadataFactory);
$encoder = new JsonEncoder();
$serializer = new Serializer(array($normalizer), array($encoder));
return $serializer->serialize($responseArray, JsonEncoder::FORMAT, array('groups' => array('api')));
}
或者,您应该能够将其设置为忽略属性的一部分。请参阅:https://symfony.com/doc/current/components/serializer.html#ignoring-attributes
private static function serializeResponse($responseArray)
{
$normalizer = new ObjectNormalizer();
$normalizer->setIgnoredAttributes(array('password'));
$encoder = new JsonEncoder();
$serializer = new Serializer(array($normalizer), array($encoder));
return $serializer->serialize($responseArray, JsonEncoder::FORMAT);
}
关于php - 如何避免在 Symfony 3 中通过 JSON 返回用户密码,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47338361/