MakerBundle 1.15 was just released and comes with several new makers. Let's take a look!
Generate a Full, Secure User Setup with make:reset-password
MakerBundle already had almost everything you needed to quickly bootstrap
an entire security system thanks to make:user, make:auth (for authenticators)
and make:registration-form. The only common missing piece was a reset password
system.
Now you can generate a fully-functional & secure password reset system with:
1 2 3 4 5 6 7 8 9 10 11 12 13 14
$ php bin/console make:reset-password
# .. answer a few questions
created: src/Controller/ResetPasswordController.php
created: src/Entity/ResetPasswordRequest.php
created: src/Repository/ResetPasswordRequestRepository.php
updated: config/packages/reset_password.yaml
created: src/Form/ResetPasswordRequestFormType.php
created: src/Form/ChangePasswordFormType.php
created: templates/reset_password/check_email.html.twig
created: templates/reset_password/email.html.twig
created: templates/reset_password/request.html.twig
created: templates/reset_password/reset.html.twigAfter asking a few questions, this will generate everything needed for a user to
reset their password: a user enters their email into a form, your app sends
an "reset password" email, the user clicks a one-time-use link, the link is validated,
and the user is allowed to choose a new password. Just go to /reset-password
and try it!
Behind-the-scenes, the command leverages a new SymfonyCastsPasswordResetBundle to handle the security-sensitive (and boring) parts of the process. A lot of effort was done to make this the most secure reset password system available, including features that prevent timing attacks, enforce throttling and avoid "leaking" the reset token to JavaScript by immediately removing it from the URL.
A huge thanks to the amazing work done by Jesse Rushlow who did the majority of the research & work on both the bundle and command. Thanks also to Romaric Drigon who spent a huge effort to bootstrap this.
Message, Handler & Routing with make:message
The bundle also now has a new command to make generating Messenger messages easy.
This will generate an empty message class, a handler that is preconfigured to handle
that message and it will route your message to the transport in messenger.yaml
if you choose that option:
1 2 3 4 5 6 7 8 9 10 11 12 13 14
$ php bin/console make:message
The name of the message class (e.g. SendEmailMessage):
> CreateImageThumbnails
Which transport do you want to route your message to? [[no transport]]:
[0] [no transport]
[1] async
[2] async_high_priority
> 1
created: src/Message/CreateImageThumbnails.php
created: src/MessageHandler/CreateImageThumbnailsHandler.php
updated: config/packages/messenger.yamlThanks to Nicolas Philippe for this contribution!
make:messenger-middleware
If you need to create a custom Messenger middleware, you can also now generate that:
1 2 3 4 5 6 7 8 9
$ php bin/console make:messenger-middleware
The name of the middleware class (e.g. CustomMiddleware):
> MyLoggingMiddleware
created: src/Middleware/MyLoggingMiddleware.php
Next:
- Add the middleware to your config/packages/messenger.yaml fileThanks to Imad Zairig for this contribution!
Have other ideas for MakerBundle? Send us a pull request!
Happy making!
Super cool, now there is no need for third party bundles in order to create user flow.
I really like the approach of actually generating code rather than extending some bundle and adding stuff on top of it!
Now we just need some basic account lockout/throttling and we'll be golden.
@Yoan Arnaudov The article specifically says that it uses a third party bundle ("SymfonyCastsPasswordResetBundle"). I don't get why there is nothing on the doc page about how to implement a reset solution except to re-iterate what is said here about using the bundle. The maker bundle is leading to some pretty crappy DX IMO.