symfony/docs/Security.md

# User Authentication

## Create a user class

Permissions are linked to a user object.

```bash
symfony console make:user # (All default yes)
symfony console make:auth # (1 for login form)
symfony console make:registration-form
symfony console make:reset-password
```
Now you will want to sync the database (using docker)

```bash
sudo docker-compose run symfony php bin/console make:migration
sudo docker-compose run symfony php bin/console doctrine:migrations:migrate
```
Note: 'symfony' is the name of your symfony app in docker-compose (such as app)

## Login Form

The above already created this.

```php bin/console make:controller Login```

You have to add 
```yaml
form_login:
  login_path: app_login
  check_path: app_login
```
to the firewalls section under main of config/packages/security.yaml

### Modify the controller

```php
<?php

namespace App\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;

class LoginController extends AbstractController
{
    #[Route('/login', name: 'app_login')]
    public function index(AuthenticationUtils $authenticationUtils): Response
    {
        $error = $authenticationUtils->getLastAuthenticationError();
        $lastUsername = $authenticationUtils->getLastUsername();

        return $this->render('login/index.html.twig', [
            'last_username' => $lastUsername,
            'error'         => $error,
        ]);
    }
}
```

### Modify the template
```php
{% extends '@nytwig/master.html.twig' %}

{% block title %}Hello LoginController!{% endblock %}

{% block content %}
{% if error %}
        <div>{{ error.messageKey|trans(error.messageData, 'security') }}</div>
    {% endif %}

    <form action="{{ path('app_login') }}" method="post">
        <label for="username">Email:</label>
        <input type="text" id="username" name="_username" value="{{ last_username }}"/>

        <label for="password">Password:</label>
        <input type="password" id="password" name="_password"/>

        {# If you want to control the URL the user is redirected to on success
        <input type="hidden" name="_target_path" value="/account"/> #}

        <button type="submit">login</button>
    </form>

{% endblock %}
```

## Loggging Out

https://symfony.com/doc/current/security.html#logging-out


## Access Control (Authorization)

https://symfony.com/doc/current/security.html#access-control-authorization

## References

* https://symfony.com/doc/current/security.html
* https://dev.to/nabbisen/symfony-6-user-authentication-4ek
worked on security 2022-11-17 14:07:14 -08:00			`# User Authentication`

			`## Create a user class`

			`Permissions are linked to a user object.`

			```bash
fix security 2023-07-27 11:30:37 -07:00			`symfony console make:user # (All default yes)`
updated documentation, got login working 2023-05-16 16:42:29 -07:00			`symfony console make:auth # (1 for login form)`
			`symfony console make:registration-form`
			`symfony console make:reset-password`
worked on security 2022-11-17 14:07:14 -08:00			```
updated documentation, got login working 2023-05-16 16:42:29 -07:00			`Now you will want to sync the database (using docker)`
worked on security 2022-11-17 14:07:14 -08:00
			```bash
updated documentation, got login working 2023-05-16 16:42:29 -07:00			`sudo docker-compose run symfony php bin/console make:migration`
			`sudo docker-compose run symfony php bin/console doctrine:migrations:migrate`
worked on security 2022-11-17 14:07:14 -08:00			```
updated documentation, got login working 2023-05-16 16:42:29 -07:00			`Note: 'symfony' is the name of your symfony app in docker-compose (such as app)`
worked on security 2022-11-17 14:07:14 -08:00
			`## Login Form`

fix security 2023-07-27 11:30:37 -07:00			`The above already created this.`

worked on security 2022-11-17 14:07:14 -08:00			```php bin/console make:controller Login```

			`You have to add`
			```yaml
			`form_login:`
			`login_path: app_login`
			`check_path: app_login`
			```
Documentation update mostly * readme added requriements * script added mailer (unfinished) * man docker * man security * added man easyadmin 2022-12-17 14:29:39 -08:00			`to the firewalls section under main of config/packages/security.yaml`
worked on security 2022-11-17 14:07:14 -08:00
			`### Modify the controller`

			```php
updated docs 2022-11-17 20:25:09 -08:00			`<?php`

			`namespace App\Controller;`

			`use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;`
			`use Symfony\Component\HttpFoundation\Response;`
			`use Symfony\Component\Routing\Annotation\Route;`
			`use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;`

			`class LoginController extends AbstractController`
			`{`
			`#[Route('/login', name: 'app_login')]`
			`public function index(AuthenticationUtils $authenticationUtils): Response`
			`{`
			`$error = $authenticationUtils->getLastAuthenticationError();`
worked on security 2022-11-17 14:07:14 -08:00			`$lastUsername = $authenticationUtils->getLastUsername();`
updated docs 2022-11-17 20:25:09 -08:00
worked on security 2022-11-17 14:07:14 -08:00			`return $this->render('login/index.html.twig', [`
			`'last_username' => $lastUsername,`
			`'error' => $error,`
			`]);`
updated docs 2022-11-17 20:25:09 -08:00			`}`
			`}`
worked on security 2022-11-17 14:07:14 -08:00			```

			`### Modify the template`
			```php
updated docs 2022-11-17 20:25:09 -08:00			`{% extends '@nytwig/master.html.twig' %}`

			`{% block title %}Hello LoginController!{% endblock %}`

worked on security 2022-11-17 14:07:14 -08:00			`{% block content %}`
			`{% if error %}`
			`<div>{{ error.messageKey\|trans(error.messageData, 'security') }}</div>`
			`{% endif %}`

			`<form action="{{ path('app_login') }}" method="post">`
			`<label for="username">Email:</label>`
			`<input type="text" id="username" name="_username" value="{{ last_username }}"/>`

			`<label for="password">Password:</label>`
			`<input type="password" id="password" name="_password"/>`

			`{# If you want to control the URL the user is redirected to on success`
			`<input type="hidden" name="_target_path" value="/account"/> #}`

			`<button type="submit">login</button>`
			`</form>`

			`{% endblock %}`
			```

			`## Loggging Out`

			`https://symfony.com/doc/current/security.html#logging-out`


			`## Access Control (Authorization)`

			`https://symfony.com/doc/current/security.html#access-control-authorization`

			`## References`

			`* https://symfony.com/doc/current/security.html`
docs 2023-04-03 20:26:25 -07:00			`* https://dev.to/nabbisen/symfony-6-user-authentication-4ek`