Skip to content

Security and Logins For Symfony

This is well documented at https://symfony.com/doc/current/security.html

You will composer require symfony/security-bundle

You will use maker bundle to generate your User class.

Whilst we may use Doctrine for the User, as we are generally using DSM then you will not use maker to generate the Entity and will do this bit in your entities module.

Authentication

You need to create a user and an authenticator

./bin/console make:user
./bin/console make:auth

Your user password needs to be managed by symfony. If you are integrating with a legacy Database, suggest you add a new password column for symfony's purposes

To generate a salted password (for example to manually update a DB or fixture or something), use the ./bin/console security:encode-password command

Your User Provider needs to load the user from the database and populate the username and password fields ready to be checked against authentication details

Confusing Generated Code

When generating the UserProvider, there will be some docblock comments that are a bit confusing

You must ignore the comments that indicate that you only need to implement a method if you have user switching:

<?php
   /**
     * Symfony calls this method if you use features like switch_user
     * or remember_me.
     *
     * If you're not using these features, you do not need to implement
     * this method.
     *
     * @param string $username
     *
     * @return UserInterface
     *
     * @throws UsernameNotFoundException if the user is not found
     */
    public function loadUserByUsername($username)

If you are loading the User yourself, you definitely do need to implement this method!