New in MakerBundle 1.15: make:reset-password & make:message
Ryan Weaver
MakerBundle 1.15 was just released and comes with several new makers. Let's take a look!
Generate a Full, Secure User Setup with make:reset-password
Contributed by
Jesse Rushlow,
Romaric Drigon
in #567
and #359.
MakerBundle already had almost everything you needed to quickly bootstrap
an entire security system thanks to make:user, make:auth (for authenticators)
and make:registration-form. The only common missing piece was a reset password
system.
Now you can generate a fully-functional & secure password reset system with:
1 2 3 4 5 6 7 8 9 10 11 12 13 14
$ php bin/console make:reset-password
# .. answer a few questions
created: src/Controller/ResetPasswordController.php
created: src/Entity/ResetPasswordRequest.php
created: src/Repository/ResetPasswordRequestRepository.php
updated: config/packages/reset_password.yaml
created: src/Form/ResetPasswordRequestFormType.php
created: src/Form/ChangePasswordFormType.php
created: templates/reset_password/check_email.html.twig
created: templates/reset_password/email.html.twig
created: templates/reset_password/request.html.twig
created: templates/reset_password/reset.html.twigAfter asking a few questions, this will generate everything needed for a user to
reset their password: a user enters their email into a form, your app sends
an "reset password" email, the user clicks a one-time-use link, the link is validated,
and the user is allowed to choose a new password. Just go to /reset-password
and try it!
Behind-the-scenes, the command leverages a new SymfonyCastsPasswordResetBundle to handle the security-sensitive (and boring) parts of the process. A lot of effort was done to make this the most secure reset password system available, including features that prevent timing attacks, enforce throttling and avoid "leaking" the reset token to JavaScript by immediately removing it from the URL.
A huge thanks to the amazing work done by Jesse Rushlow who did the majority of the research & work on both the bundle and command. Thanks also to Romaric Drigon who spent a huge effort to bootstrap this.
Message, Handler & Routing with make:message
Contributed by
Nicolas Philippe
in #338.
The bundle also now has a new command to make generating Messenger messages easy.
This will generate an empty message class, a handler that is preconfigured to handle
that message and it will route your message to the transport in messenger.yaml
if you choose that option:
1 2 3 4 5 6 7 8 9 10 11 12 13 14
$ php bin/console make:message
The name of the message class (e.g. SendEmailMessage):
> CreateImageThumbnails
Which transport do you want to route your message to? [[no transport]]:
[0] [no transport]
[1] async
[2] async_high_priority
> 1
created: src/Message/CreateImageThumbnails.php
created: src/MessageHandler/CreateImageThumbnailsHandler.php
updated: config/packages/messenger.yamlThanks to Nicolas Philippe for this contribution!
make:messenger-middleware
Contributed by
Imad Zairig
in #574.
If you need to create a custom Messenger middleware, you can also now generate that:
1 2 3 4 5 6 7 8 9
$ php bin/console make:messenger-middleware
The name of the middleware class (e.g. CustomMiddleware):
> MyLoggingMiddleware
created: src/Middleware/MyLoggingMiddleware.php
Next:
- Add the middleware to your config/packages/messenger.yaml fileThanks to Imad Zairig for this contribution!
Have other ideas for MakerBundle? Send us a pull request!
Happy making!
Help the Symfony project!
As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.
Comments
Comments are closed.
To ensure that comments stay relevant, they are closed for old posts.
I really like the approach of actually generating code rather than extending some bundle and adding stuff on top of it!