Chapters

36 Chapters | 1:50:44 |

01

Introduction

0:44
02

Security Fundamentals

3:47
03

Authorization with Access Control

2:08
04

Creating a Login Form (Part 1)

4:46
05

Creating a Login Form (Part 2)

3:57
06

Logging Out and Cleaning Up

5:03
07

Twig Security and IS_AUTHENTICATED_FULLY

2:41
08

Denying Access: AccessDeniedException

4:23
09

Entity Security

4:32
10

Saving Users

3:37
11

Adding Dynamic Roles to each User

4:56
12

Repository Security

4:20
13

Doctrine’s QueryBuilder

2:25
14

The UserProvider: Custom Logic to Load Security Users

3:15
15

User Serialization

2:16
16

Registration Form

3:11
17

Form Rendering

4:38
18

Using More Fields: email and repeated

2:31
19

Handling Form Submissions

4:22
20

Form: Default Data

2:10
21

Cleaning up with a plainPassword Field

1:34
22

Using an External Form Type Class

2:40
23

Registration Validation

3:36
24

Server-Side Validation

4:18
25

Adding a Flash Message

1:35
26

Automatically Authenticating after Registration

0:55
27

Functional Testing

5:04
28

Testing Forms

3:21
29

Controlling Data / Fixtures in a Test

3:23
30

More about Container, the “doctrine” Service and the Entity Manager

1:54
31

After-dinner Mint

3:35
32

Security: Creating Roles and Role Hierarchies

2:50
33

Switching Users / Impersonation

1:09
34

Whitelisting: Securing all Pages, except a few

2:15
35

Accessing the User

1:09
36

Remember Me Functionality

1:44

This tutorial has a new version, check it out!

> Symfony 2 > Starting in Symfony2: Course 2 (2.4+)

Buy Access to Course

26.

Automatically Authenticating after Registration

Autoplay

Keep on Learning!

If you liked what you've learned so far, dive in! Subscribe to get
access to this tutorial plus video, code and script downloads.

Start your All-Access Pass

Buy just this tutorial for $12.00

Previous Chapter

Next Chapter

Automatically Authenticating after Registration¶

After registration, let’s log the user in automatically. Create a private function called authenticateUser inside RegisterController. Normally, authentication happens automatically, but we can also trigger it manually:

// src/Yoda/UserBundle/Entity/Controller/RegisterController.php
// ...
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;

private function authenticateUser(User $user)
{
    $providerKey = 'secured_area'; // your firewall name
    $token = new UsernamePasswordToken($user, null, $providerKey, $user->getRoles());

    $this->container->get('security.context')->setToken($token);
}

This code might look strange, and I don’t want you to worry about it too much. The basic idea is that we create a token, which holds details about the user, and then pass this into Symfony’s security system.

Call this method right after registration:

// src/Yoda/UserBundle/Entity/Controller/RegisterController.php
// ...

if ($form->isValid()) {
    // .. code that saves the user, sets the flash message

    $this->authenticateUser($user);

    $url = $this->generateUrl('event');

    return $this->redirect($url);
}

Try it out! After registration, we’re redirected back to the homepage. But if you check the web debug toolbar, you’ll see that we’re also authenticated as Padmé. Sweet!

Suppose an anonymous user tries to access a page and is redirected to /login. Then, they register for a new account. After registration, wouldn’t it be nice to redirect them back to the page they were originally trying to access?

Yes! And that’s possible because Symfony stores the original, protected URL in the session:

$key = '_security.'.$providerKey.'.target_path';
$session = $this->getRequest()->getSession();

 // get the URL to the last page, or fallback to the homepage
 if ($session->has($key)) {
     $url = $session->get($key)
     $session->remove($key);
 } else {
     $url = $this->generateUrl('homepage');
 }

The session storage key used here is pretty internal, and could change in the future. So use with caution!

4 Comments

Sort By

YoyoSan 6 years ago edited

Since symfony 2.6, the code in the <strong>authenticateUser</strong> method should be:


$providerKey = 'secured_area';
$token = new UsernamePasswordToken($user, null, $providerKey, $user->getRoles());

$this->container->get('security.token_storage')->setToken($token);

Read more in this announcement http://symfony.com/blog/new-in-symfony-2-6-security-component-improvements.

| Reply |

weaverryan SFCASTS YoyoSan 6 years ago

Thanks! You're absolutely right: though the old way will still work until Symfony 3.0 (but you'll start to see these pesky deprecation warnings). The above code will remove those warnings.

Cheers!

| Reply |

guest 6 years ago

use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;

| Reply |

weaverryan SFCASTS guest 6 years ago

I see we were missing that use statement in the code block. I've just fixed that.

Thanks!

| Reply |

Symfony 2

What PHP libraries does this tutorial use?

// composer.json
{
    "require": {
        "php": ">=5.3.3",
        "symfony/symfony": "~2.4", // v2.4.2
        "doctrine/orm": "~2.2,>=2.2.3", // v2.4.2
        "doctrine/doctrine-bundle": "~1.2", // v1.2.0
        "twig/extensions": "~1.0", // v1.0.1
        "symfony/assetic-bundle": "~2.3", // v2.3.0
        "symfony/swiftmailer-bundle": "~2.3", // v2.3.5
        "symfony/monolog-bundle": "~2.4", // v2.5.0
        "sensio/distribution-bundle": "~2.3", // v2.3.4
        "sensio/framework-extra-bundle": "~3.0", // v3.0.0
        "sensio/generator-bundle": "~2.3", // v2.3.4
        "incenteev/composer-parameter-handler": "~2.0", // v2.1.0
        "doctrine/doctrine-fixtures-bundle": "~2.2.0", // v2.2.0
        "ircmaxell/password-compat": "~1.0.3", // 1.0.3
        "phpunit/phpunit": "~4.1" // 4.1.0
    }
}

Previous Chapter

Next Chapter

Automatically Authenticating after Registration

Share this awesome video!

Keep on Learning!

Automatically Authenticating after Registration¶

4 Comments

Delete comment?

What PHP libraries does this tutorial use?