From 46a617f9f4e4557c09e4301ef0635b1f793e4a01 Mon Sep 17 00:00:00 2001 From: Nick Yeoman Date: Thu, 17 Nov 2022 14:07:14 -0800 Subject: [PATCH] worked on security --- bash/newProject.bash | 18 +++++++--- docs/Console.md | 11 +++++- docs/Security.md | 82 +++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 105 insertions(+), 6 deletions(-) diff --git a/bash/newProject.bash b/bash/newProject.bash index 984968e..d5274f8 100644 --- a/bash/newProject.bash +++ b/bash/newProject.bash @@ -76,21 +76,31 @@ echo "SASS installed you still need to run sass sass/$1.sass public/css/main.css composer req symfony/process composer req asset composer req annotations -composer req symfony/apache-pack - -# untested -composer require symfony/security-bundle +################################################################################ +# Symfony development bundles +################################################################################ # Dev components composer req --dev maker composer req --dev symfony/profiler-pack composer req debug logger +################################################################################ +# Symfony security +################################################################################ + +composer require symfony/security-bundle +composer require form validator +composer require symfonycasts/verify-email-bundle + ################################################################################ # Docker ################################################################################ +# For the Apache container +composer req symfony/apache-pack + # You need the following variables in your env for docker-compose echo '' >> .env echo '# For Docker compose' >> .env diff --git a/docs/Console.md b/docs/Console.md index 3685728..4e761f3 100644 --- a/docs/Console.md +++ b/docs/Console.md @@ -6,4 +6,13 @@ Checks the version, support, kernel and php ## version -php bin/console --version \ No newline at end of file +php bin/console --version + +## Manually hash a password + +php bin/console security:hash-password + +# Composer Cheat Sheet + +## Installed Recipes +Use ```composer recipes``` to see which bundles you have installed. diff --git a/docs/Security.md b/docs/Security.md index a455791..d47b0ed 100644 --- a/docs/Security.md +++ b/docs/Security.md @@ -1 +1,81 @@ -https://symfony.com/doc/current/security.html +# User Authentication + +## Create a user class + +Permissions are linked to a user object. + +```bash +php bin/console make:user +``` +Now you will want to sync the databse + +```bash +php bin/console make:migration +php bin/console doctrine:migrations:migrate +``` + +## Registration Form + +You can use maker to do this (symfonycasts/verify-email-bundle must be installed, which is done through the install script) +```bash +php bin/console make:registration-form +``` + +## Login Form + +```php bin/console make:controller Login``` + +You have to add +```yaml +form_login: + login_path: app_login + check_path: app_login +``` +to the firewalls section of config/packages/security.yaml + +### Modify the controller + +```php +$error = $authenticationUtils->getLastAuthenticationError(); + $lastUsername = $authenticationUtils->getLastUsername(); + return $this->render('login/index.html.twig', [ + 'last_username' => $lastUsername, + 'error' => $error, + ]); +``` + +### Modify the template +```php +{% block content %} +{% if error %} +
{{ error.messageKey|trans(error.messageData, 'security') }}
+ {% endif %} + +
+ + + + + + + {# If you want to control the URL the user is redirected to on success + #} + + +
+ +{% endblock %} +``` + +## Loggging Out + +https://symfony.com/doc/current/security.html#logging-out + + +## Access Control (Authorization) + +https://symfony.com/doc/current/security.html#access-control-authorization + +## References + +* https://symfony.com/doc/current/security.html