Reputation: 1396
In my case some of users can login only from specific ip addresses (one for each user).
I need to decline all auth requests for a user if user's ip address doesn't match with ip from database.
For now I have this User entity:
class User implements AdvancedUserInterface
{
// ....
protected $id;
// ....
protected $allowedIp;
}
This check needs to be done at the authentication stage.
Upvotes: 2
Views: 437
Reputation: 17678
You'll want to use an authentication voter. The Symfony cookbook has a recipe for an IP blacklist voter, so you can follow their example and change the code to deny if it's not on the list, instead of denying if it is.
Upvotes: 3