This repository has been archived on 2024-08-26. You can view files and clone it, but cannot push or open issues or pull requests.
symfony/docs/Security.md
2022-11-17 20:25:09 -08:00

103 lines
2.4 KiB
Markdown

# User Authentication
## Create a user class
Permissions are linked to a user object.
```bash
php bin/console make:user
```
Now you will want to sync the databse
```bash
php bin/console make:migration
php bin/console doctrine:migrations:migrate
```
## Registration Form
You can use maker to do this (symfonycasts/verify-email-bundle must be installed, which is done through the install script)
```bash
php bin/console make:registration-form
```
## Login Form
```php bin/console make:controller Login```
You have to add
```yaml
form_login:
login_path: app_login
check_path: app_login
```
to the firewalls section of config/packages/security.yaml
### Modify the controller
```php
<?php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
class LoginController extends AbstractController
{
#[Route('/login', name: 'app_login')]
public function index(AuthenticationUtils $authenticationUtils): Response
{
$error = $authenticationUtils->getLastAuthenticationError();
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('login/index.html.twig', [
'last_username' => $lastUsername,
'error' => $error,
]);
}
}
```
### Modify the template
```php
{% extends '@nytwig/master.html.twig' %}
{% block title %}Hello LoginController!{% endblock %}
{% block content %}
{% if error %}
<div>{{ error.messageKey|trans(error.messageData, 'security') }}</div>
{% endif %}
<form action="{{ path('app_login') }}" method="post">
<label for="username">Email:</label>
<input type="text" id="username" name="_username" value="{{ last_username }}"/>
<label for="password">Password:</label>
<input type="password" id="password" name="_password"/>
{# If you want to control the URL the user is redirected to on success
<input type="hidden" name="_target_path" value="/account"/> #}
<button type="submit">login</button>
</form>
{% endblock %}
```
## Loggging Out
https://symfony.com/doc/current/security.html#logging-out
## Access Control (Authorization)
https://symfony.com/doc/current/security.html#access-control-authorization
## References
* https://symfony.com/doc/current/security.html