New in MakerBundle 1.8: Instant User & Login Form Commands
October 17, 2018 • Published by Ryan Weaver
Symfony's security system has always been flexible. But over the past few years, it's also become increasingly easy to tap into that power: by creating Guard authenticators and voters for complex authorization rules.
But, we can do more. For example, Symfony security users are so flexible, they can be confusing to set up. And creating a Guard authenticator, while clear and powerful, requires some work. Can we have both flexibility and rapid development? I think so - thanks to two new commands added to MakerBundle.
make:user
Contributed by
Ryan Weaver
in #250.
Ready to start your security system? First you need a user. But, does your entity need to be saved to the database? And is your app responsible for checking passwords?
MakerBundle 1.7 will guide you through these decisions and generate exactly what you need:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
$ php bin/console make:user
The name of the security user class (e.g. User) [User]:
> User
Do you want to store user data in the database (via Doctrine)? (yes/no) [yes]:
> yes
Enter a property name that will be the unique "display" name for the user
(e.g. email, username, uuid) [email]:
> email
Will this app need to hash/check user passwords? Choose No if passwords
are not needed or will be checked/hashed by some other system (e.g. a single sign-on server).
Does this app need to hash/check user passwords? (yes/no) [yes]:
> yes
created: src/Entity/User.php
created: src/Repository/UserRepository.php
updated: src/Entity/User.php
updated: config/packages/security.yaml
That's it! Depending on your answers, the command will create a User
class/entity and update your security.yaml
file to configure a secure
password encoder (if needed) and a user provider. The generated code has clear
comments so you can continue updating everything for your needs.
make:auth
Contributed by
Nicolas Philippe
in #266.
Now that you have a User class, it's time to let your users log in. Want a complete form login system in one command? In MakerBundle 1.8, it's no problem. The new make:auth command can create an entire form authentication system, or an empty authenticator, based on your answers:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
$ php bin/console make:auth
What style of authentication do you want? [Empty authenticator]:
[0] Empty authenticator
[1] Login form authenticator
> 1
The class name of the authenticator to create (e.g. AppCustomAuthenticator):
> LoginFormAuthenticator
Choose a name for the controller class (e.g. SecurityController) [SecurityController]:
created: src/Security/LoginFormAuthenticator.php
updated: config/packages/security.yaml
created: src/Controller/SecurityController.php
created: templates/security/login.html.twig
This creates the login route, controller and template as well as a Guard authenticator that handles the login submit, includes CSRF protection and redirects intelligently on success and error. Your authenticator class will have a few minor TODOs inside (usually just 1) that you'll need to finish. But, you won't need to modify any config files.
The result? A fully functional login system in minutes that you have full control over. Customize the template to match your look and update the code in your authenticator to add anything special you need during the login process.
You can also generate a "empty" authenticator to use for whatever other authentication you need. Want support to generate other kinds of authenticators? Just open a pull request!
Happy security!
Help the Symfony project!
As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.
Comments are closed.
To ensure that comments stay relevant, they are closed for old posts.
There is a small typo on the example screen for `make:user` on the 4th question :
"by me other system" instead of "by some other system" (checked on the repo)
Very helpful. Thanks!
I didn't test it though :)
But for now, FOSUserBundle provides functionality to easily reset passwords, send and accept invitations, etc, including sending emails and generating the links. Is it possible to use make:user and make:auth for the initial setup, and then integrate FosUser for the other routes? I'm hoping someday that make:auth has options like --reset-password and --invite, which can generate the appropriate controllers and services.
In short, what's the best way to migrate to this approach while still having FOSUser functionality?