Security and Logins For Symfony¶
This is well documented at https://symfony.com/doc/current/security.html
composer require symfony/security-bundle
You will use maker bundle to generate your User class.
Whilst we may use Doctrine for the User, as we are generally using DSM then you will not use maker to generate the Entity and will do this bit in your entities module.
You need to create a user and an authenticator
./bin/console make:user ./bin/console make:auth
Your user password needs to be managed by symfony. If you are integrating with a legacy Database, suggest you add a new password column for symfony's purposes
To generate a salted password (for example to manually update a DB or fixture or something), use the
./bin/console security:encode-password command
Your User Provider needs to load the user from the database and populate the username and password fields ready to be checked against authentication details
Confusing Generated Code
When generating the UserProvider, there will be some docblock comments that are a bit confusing
You must ignore the comments that indicate that you only need to implement a method if you have user switching:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
<?php /** * Symfony calls this method if you use features like switch_user * or remember_me. * * If you're not using these features, you do not need to implement * this method. * * @param string $username * * @return UserInterface * * @throws UsernameNotFoundException if the user is not found */ public function loadUserByUsername($username)
If you are loading the User yourself, you definitely do need to implement this method!