New in MakerBundle 1.15: make:reset-password & make:message

MakerBundle 1.15 was just released and comes with several new makers. Let's take a look!

Generate a Full, Secure User Setup with make:reset-password

Contributed by
Jesse Rushlow, Romaric Drigon
in #567 and #359.

MakerBundle already had almost everything you needed to quickly bootstrap an entire security system thanks to make:user, make:auth (for authenticators) and make:registration-form. The only common missing piece was a reset password system.

Now you can generate a fully-functional & secure password reset system with:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
$ php bin/console make:reset-password

# .. answer a few questions

created: src/Controller/ResetPasswordController.php
created: src/Entity/ResetPasswordRequest.php
created: src/Repository/ResetPasswordRequestRepository.php
updated: config/packages/reset_password.yaml
created: src/Form/ResetPasswordRequestFormType.php
created: src/Form/ChangePasswordFormType.php
created: templates/reset_password/check_email.html.twig
created: templates/reset_password/email.html.twig
created: templates/reset_password/request.html.twig
created: templates/reset_password/reset.html.twig

After asking a few questions, this will generate everything needed for a user to reset their password: a user enters their email into a form, your app sends an "reset password" email, the user clicks a one-time-use link, the link is validated, and the user is allowed to choose a new password. Just go to /reset-password and try it!

Behind-the-scenes, the command leverages a new SymfonyCastsPasswordResetBundle to handle the security-sensitive (and boring) parts of the process. A lot of effort was done to make this the most secure reset password system available, including features that prevent timing attacks, enforce throttling and avoid "leaking" the reset token to JavaScript by immediately removing it from the URL.

A huge thanks to the amazing work done by Jesse Rushlow who did the majority of the research & work on both the bundle and command. Thanks also to Romaric Drigon who spent a huge effort to bootstrap this.

Message, Handler & Routing with make:message

Contributed by
Nicolas Philippe
in #338.

The bundle also now has a new command to make generating Messenger messages easy. This will generate an empty message class, a handler that is preconfigured to handle that message and it will route your message to the transport in messenger.yaml if you choose that option:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
$ php bin/console make:message

The name of the message class (e.g. SendEmailMessage):
> CreateImageThumbnails

Which transport do you want to route your message to? [[no transport]]:
  [0] [no transport]
  [1] async
  [2] async_high_priority
> 1

created: src/Message/CreateImageThumbnails.php
created: src/MessageHandler/CreateImageThumbnailsHandler.php
updated: config/packages/messenger.yaml

Thanks to Nicolas Philippe for this contribution!

make:messenger-middleware

Contributed by
Imad Zairig
in #574.

If you need to create a custom Messenger middleware, you can also now generate that:

1
2
3
4
5
6
7
8
9
$ php bin/console make:messenger-middleware

The name of the middleware class (e.g. CustomMiddleware):
> MyLoggingMiddleware

created: src/Middleware/MyLoggingMiddleware.php

Next:
 - Add the middleware to your config/packages/messenger.yaml file

Thanks to Imad Zairig for this contribution!

Have other ideas for MakerBundle? Send us a pull request!

Happy making!

New in MakerBundle 1.15: make:reset-password & make:message symfony.com/blog/new-in-makerbundle-1-15-make-reset-password-and-make-message

Tweet this

Comments

Super cool, now there is no need for third party bundles in order to create user flow.

I really like the approach of actually generating code rather than extending some bundle and adding stuff on top of it!
Now we just need some basic account lockout/throttling and we'll be golden.
Login with SymfonyConnect to post a comment