nick/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2024-08-26. You can view files and clone it, but cannot push or open issues or pull requests.
5e72e23051
symfony/docs/Security.md
Nick Yeoman f46d08850e docs
2023-04-03 20:26:25 -07:00

2.5 KiB
Raw Blame History

User Authentication

Create a user class

Permissions are linked to a user object.

php bin/console make:user

Now you will want to sync the databse

php bin/console make:migration
php bin/console doctrine:migrations:migrate

Registration Form

You can use maker to do this (symfonycasts/verify-email-bundle must be installed, which is done through the install script)

php bin/console make:registration-form

Login Form

php bin/console make:controller Login

You have to add

form_login:
  login_path: app_login
  check_path: app_login

to the firewalls section under main of config/packages/security.yaml

Modify the controller

<?php

namespace App\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;

class LoginController extends AbstractController
{
    #[Route('/login', name: 'app_login')]
    public function index(AuthenticationUtils $authenticationUtils): Response
    {
        $error = $authenticationUtils->getLastAuthenticationError();
        $lastUsername = $authenticationUtils->getLastUsername();

        return $this->render('login/index.html.twig', [
            'last_username' => $lastUsername,
            'error'         => $error,
        ]);
    }
}

Modify the template

{% extends '@nytwig/master.html.twig' %}

{% block title %}Hello LoginController!{% endblock %}

{% block content %}
{% if error %}
        <div>{{ error.messageKey|trans(error.messageData, 'security') }}</div>
    {% endif %}

    <form action="{{ path('app_login') }}" method="post">
        <label for="username">Email:</label>
        <input type="text" id="username" name="_username" value="{{ last_username }}"/>

        <label for="password">Password:</label>
        <input type="password" id="password" name="_password"/>

        {# If you want to control the URL the user is redirected to on success
        <input type="hidden" name="_target_path" value="/account"/> #}

        <button type="submit">login</button>
    </form>

{% endblock %}

Loggging Out

https://symfony.com/doc/current/security.html#logging-out

Access Control (Authorization)

https://symfony.com/doc/current/security.html#access-control-authorization

References