Chapters

27 Chapters | 2:54:11 |

01

API Platform Installation!

6:42
02

Our First ApiResource

5:37
03

Swagger: Instant, Interactive API Docs

8:32
04

OpenAPI Specification

6:32
05

JSON-LD: Context for your Data

10:30
06

Hydra: Describing API Classes, Operations & More

6:01
07

API Debugging with the Profiler

3:17
08

Operations

5:21
09

The Serializer

9:13
10

Serialization Groups

9:34
11

@SerializedName & Constructor Args

7:15
12

Filtering & Searching

6:02
13

PropertyFilter: Sparse Fieldsets

5:34
14

Pagination

4:34
15

More Formats: HAL & CSV

6:05
16

Validation

6:29
17

Creating the User Entity

5:07
18

User API Resource

7:20
19

Relating Resources

7:38
20

Relations and IRIs

4:39
21

Embedded Relation

7:54
22

Embedded Write

8:22
23

Adding Items to a Collection Property

4:38
24

Creating Embedded Objects

7:06
25

Removing Items from a Collection

5:29
26

Filtering on Relations

5:06
27

Subresources

3:36

This tutorial has a new version, check it out!

> Symfony 5 > API Platform 2 Part 1: Serious RESTful APIs

Buy Access to Course

17.

Creating the User Entity

Autoplay

Keep on Learning!

If you liked what you've learned so far, dive in! Subscribe to get
access to this tutorial plus video, code and script downloads.

Start your All-Access Pass

Buy just this tutorial for $12.00

Previous Chapter

Next Chapter

With a Subscription, click any sentence in the script to jump to that part of the video!

We're not going to talk specifically about security in this tutorial - we'll do that in our next course and give it proper attention. But, even forgetting about security and logging in and all that, there's a pretty good chance that your API will have some concept of "users". In our case, a "user" will post a cheese listing and becomes its "owner". And maybe later, in order to buy a CheeseListing, one User might send a message to another User. It's time to take our app to the next level by creating that entity.

make:user

And even though I'm telling you not to think about security, instead of creating the user entity with make:entity like I normally would, I'm actually going to use make:user,

php bin/console make:user

Yea, this will set up a few security-related things... but nothing that we'll use yet. Watch part 2 of this series for all that stuff.

Anyways, call the class User, and I do want to store users in the database. For the unique display name, I'm going to have users log in via email, so use that. And then:

Does this app need to hash or check user passwords?

We'll talk more about this in the security tutorial. But if users will need to log in to your site via a password and your app will be responsible for checking to see if that password is valid - you're not just sending the password to some other service to be verified - then answer yes. It doesn't matter if the user will enter the password via an iPhone app that talks to your API or via a login form - answer yes if your app is responsible for managing user passwords.

I'll use the Argon2i password hasher. But! If you don't see this question, that's ok! Starting in Symfony 4.3, you don't need to choose a password hashing algorithm because Symfony can choose the best available automatically. Really cool stuff.

Let's go see what this did! I'm happy to say... not much! First, we now have a User entity. And... there's nothing special about it: it does have a few extra security-related methods, like getRoles(), getPassword(), getSalt() and eraseCredentials(), but they won't affect what we're doing. Mostly we have a normal, boring entity with $id, $email, a $roles array property, and $password, which will eventually store the hashed password.

            
Copy Code

Show All Lines

                        114 lines
            |
            src/Entity/User.php
        
Show Lines

                                                    // ... lines 1 - 2
                            
            namespace App\Entity;
        
            use Doctrine\ORM\Mapping as ORM;
        
            use Symfony\Component\Security\Core\User\UserInterface;
        
            /**
        
             * @ORM\Entity(repositoryClass="App\Repository\UserRepository")
        
             */
        
            class User implements UserInterface
        
            {
        
                /**
        
                 * @ORM\Id()
        
                 * @ORM\GeneratedValue()
        
                 * @ORM\Column(type="integer")
        
                 */
        
                private $id;
        
                /**
        
                 * @ORM\Column(type="string", length=180, unique=true)
        
                 */
        
                private $email;
        
                /**
        
                 * @ORM\Column(type="json")
        
                 */
        
                private $roles = [];
        
                /**
        
                 * @var string The hashed password
        
                 * @ORM\Column(type="string")
        
                 */
        
                private $password;
        
Show Lines

                                                    // ... lines 35 - 112
                            
            }

This also created the normal UserRepository and made a couple of changes to security.yaml: it set up encoders - this might say auto for you, thanks to the new Symfony 4.3 feature - and the user provider. All things to talk more about later. So... just forget they're here and instead say... yay! We have a User entity!

            
Copy Code

Show All Lines

                        33 lines
            |
            config/packages/security.yaml
        
            security:
        
                encoders:
        
                    App\Entity\User:
        
                        algorithm: argon2i
        
Show Lines

                                                    // ... lines 5 - 6
                            
                providers:
        
                    # used to reload user from session & other features (e.g. switch_user)
        
                    app_user_provider:
        
                        entity:
        
                            class: App\Entity\User
        
                            property: email
        
Show Lines

                                                    // ... lines 13 - 33

            
Copy Code

Show All Lines

                        51 lines
            |
            src/Repository/UserRepository.php
        
Show Lines

                                                    // ... lines 1 - 2
                            
            namespace App\Repository;
        
            use App\Entity\User;
        
            use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
        
            use Symfony\Bridge\Doctrine\RegistryInterface;
        
            /**
        
             * @method User|null find($id, $lockMode = null, $lockVersion = null)
        
             * @method User|null findOneBy(array $criteria, array $orderBy = null)
        
             * @method User[]    findAll()
        
             * @method User[]    findBy(array $criteria, array $orderBy = null, $limit = null, $offset = null)
        
             */
        
            class UserRepository extends ServiceEntityRepository
        
            {
        
                public function __construct(RegistryInterface $registry)
        
                {
        
                    parent::__construct($registry, User::class);
        
                }
        
Show Lines

                                                    // ... lines 21 - 49
                            
            }

Adding username Field

Thanks to the command, the entity has an email property, and I'm planning to make users log in by using that. But I also want each user to have a "username" that we can display publicly. Let's add that: find your terminal and run:

php bin/console make:entity

Update User and add username as a string, 255, not nullable in the database, and hit enter to finish.

Now open up User... and scroll down to getUsername(). The make:user command generated this and returned $this->email... because that's what I chose as my "display" name for security. Now that we really do have a username field, return $this->username.

            
Copy Code

Show All Lines

                        126 lines
            |
            src/Entity/User.php
        
Show Lines

                                                    // ... lines 1 - 10
                            
            class User implements UserInterface
        
            {
        
Show Lines

                                                    // ... lines 13 - 35
                            
                /**
        
                 * @ORM\Column(type="string", length=255)
        
                 */
        
                private $username;
        
Show Lines

                                                    // ... lines 40 - 62
                            
                public function getUsername(): string
        
                {
        
                    return (string) $this->username;
        
                }
        
Show Lines

                                                    // ... lines 67 - 124
                            
            }

Oh, and while we're making this class, just, amazing, the make:user command knew that email should be unique, so it added unique=true. Let's also add that to username: unique=true.

            
Copy Code

Show All Lines

                        126 lines
            |
            src/Entity/User.php
        
Show Lines

                                                    // ... lines 1 - 35
                            
                /**
        
                 * @ORM\Column(type="string", length=255, unique=true)
        
                 */
        
                private $username;
        
Show Lines

                                                    // ... lines 40 - 126

That is a nice entity! Let's sync up our database by running:

php bin/console make:migration

Move over... and double-check the SQL: CREATE TABLE user - looks good!

            
Copy Code

Show All Lines

                        36 lines
            |
            src/Migrations/Version20190509185722.php
        
Show Lines

                                                    // ... lines 1 - 12
                            
            final class Version20190509185722 extends AbstractMigration
        
            {
        
Show Lines

                                                    // ... lines 15 - 19
                            
                public function up(Schema $schema) : void
        
                {
        
                    // this up() migration is auto-generated, please modify it to your needs
        
                    $this->abortIf($this->connection->getDatabasePlatform()->getName() !== 'mysql', 'Migration can only be executed safely on \'mysql\'.');
        
                    $this->addSql('CREATE TABLE user (id INT AUTO_INCREMENT NOT NULL, email VARCHAR(180) NOT NULL, roles JSON NOT NULL, password VARCHAR(255) NOT NULL, username VARCHAR(255) NOT NULL, UNIQUE INDEX UNIQ_8D93D649E7927C74 (email), UNIQUE INDEX UNIQ_8D93D649F85E0677 (username), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci ENGINE = InnoDB');
        
                }
        
Show Lines

                                                    // ... lines 27 - 34
                            
            }

Run it with:

php bin/console doctrine:migration:migrate

Perfect! We have a gorgeous new Doctrine entity... but as far as API Platform is concerned, we still only have one API resource: CheeseListing.

Next: let's expose User as an API Resource and use all of our new knowledge to perfect that new resource in... about 5 minutes.

20 Comments

Sort By

Steven L. 3 years ago edited

If you're running mariadb and getting the error "SQLSTATE[42000]: Syntax error or access violation: 1071 Specified key was too long; max key length is 767 bytes" when running the migration, edit User.php and limit the username length to 191:
` /**

 * @ORM\Column(type="string", length=191, unique=true)
 */
private $username;`

1 | Reply |

Victor SFCASTS Steven L. 3 years ago

Hey Steve,

Thanks for this tip!

Cheers!

| Reply |

Jonas 1 year ago

Using the latest Symfony binary and following along the tutorial for API Platform (which is still based on Symfony 4/5), I get the following error:

>bin/console make:entitiy   

In SecurityExtension.php line 307:
                                                                       
  Invalid firewall "main": user provider "users_in_memory" not found.

It seems that the command bin/console make:user replaces

    providers:
        users_in_memory: { memory: null }

with

    providers:
        # used to reload user from session & other features (e.g. switch_user)
        app_user_provider:
            entity:
                class: App\Entity\User
                property: email

but leaves

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            anonymous: true
            provider: users_in_memory

intact. We no longer have a users_in_memory provider, which leads to the error.

The make:user command should probably result in a coherent state of the security.yaml file, so either users_in_memory or app_user_provider, not a mix of both.

TL:DR:

Replace provider: users_in_memory with provider: app_user_provider in security.yaml under security:firewalls:main

I hope this does not cause problems down the road, but so far everything worked as expected.

| Reply |

weaverryan SFCASTS Jonas 1 year ago

Hi Jonas!

Thanks for posting this! It seems like a bug in MakerBundle - it's possible it's still a bug, or it may have been fixed (I work on MakerBundle, but we do so much that I can't remember when we do things 🙃). Anyways - thanks for posting - and if you ARE using the latest version of MakerBundle, it would be awesome if you could open an issue about this on https://github.com/symfony/maker-bundle

Cheers!

| Reply |

Jonas weaverryan 1 year ago

Hi Ryan, thanks for the quick answer!

My maker bundle version is not current, as I followed the advice in chapter 2 and installed version 1.11.

So maybe it is fixed, just not if you're following along with the course. :)

All the best,

Jonas

| Reply |

André P. 2 years ago edited

If you're using Symfony 5.3, you'll get the following error when trying to add new fields to the User entity:

PHP Fatal error: Class App\Entity\User contains 1 abstract method and must therefore be declared abstract or implement the remaining methods (Symfony\Component\Security\Core\User\UserInterface::getUsername) in /mnt/c/laragon/www/api-platform/src/Entity/User.php on line 13

This is because the method getUsername was deprecated in favor of getUserIdentifier, but the UserInterface still implements the old method, not the new one.

You can find more information here: <a href="https://github.com/symfony/symfony/pull/41493">https://github.com/symfony/symfony/pull/41493</a>.

Just add the following code and then try again:
`
/**

 * @deprecated in Symfony 5.3
 */
public function getUsername(): string
{
 return $this->getUserIdentifier();
}

| Reply |

Victor SFCASTS André P. 2 years ago

Hey Andre,

Thank you for sharing the solution with others! Looks like you also need to implement that 1 abstract method as well as I can see from the error message. I think we will add a note about it, thanks!

Cheers!

| Reply |

weaverryan SFCASTS Victor 2 years ago

Yep, this is my bad. Well, once 5.3.1 came out, we needed to merge and tag this PR- https://github.com/symfony/...

That's my job - I've been really busy, but it will happen soon!

Cheers!

| Reply |

Mohammed 3 years ago

Hello!

I'm using MongoDB instead of MySQL and I figured I couldn't use the make command to create a Document.
But I wanted to use the Symfony built-in authentication mechanism with json_login.

Is it possible for it to work by simply replacing Entity with Document in the app_user_provider?
Thanks!

| Reply |

weaverryan SFCASTS Mohammed 3 years ago

Hey @Med!

Yep! Symfony's security system doesn't care if your User object is loaded via Doctrine ORM, Doctrine ODM or via an alien spaceship ;). So that's good. However, I don't believe that the ODM integrates *that* well - you can't just change the config. But, it's still pretty easy:

1) Create a class called UserProvider and make it implement UserProviderInterface
2) Fill in the methods - loadUserByUsername() is the key method that json_login will call
3) Pass your service id (well, class name) to the "providers" config in security.yaml

My answer is a big vague, because the docs are here! https://symfony.com/doc/cur...

Let me know if that helps!

Cheers!

| Reply |

sadikoff SFCASTS 4 years ago edited

Hi there

Could you please share your mysql(mariadb) server version?

Cheers!

| Reply |

hanen sadikoff 4 years ago

10.1.3 mariaDB
The JSON alias was added in maria DB 10.2.7 so I have to upgrade mariaDB? is that correct

| Reply |

sadikoff SFCASTS hanen 4 years ago edited

in this case you have 2 options.
First is to upgrade your server
Second is more interesting you can try configure doctrine.dbal.server_version to correspond you server version
Example:


doctrine:
    dbal:
        server_version: 'mariadb-10.1.3'

Hope it will help you, Cheers!

| Reply |

hanen sadikoff 4 years ago

I choose the second option and I changed the server version but I got the following error: SQLSTATE[HY000] [1045] Access denied for user 'root'@'localhost' (using password: NO)
I added a password in .env file DATABASE_URL=mysql://root:0000@127.0.0.1:3306/Glabre.
An exception occurred in driver: SQLSTATE[HY000] [1045] Access denied for user 'root'@'localhost' (using password: YES)

1 | Reply |

sadikoff SFCASTS hanen 4 years ago edited

Hey hanen

Oh I'm so sorry for late message, I missed your comment at all =(
I hope you you solved this issue, because honestly I have no Idea why this error occurred, Probably it was some user password misconfiguration

Cheers!

1 | Reply |

hanen sadikoff 4 years ago

I finally fixed it ;)

| Reply |

sadikoff SFCASTS hanen 4 years ago

Great! If it's not a secret, what was the solution?

| Reply |

hanen sadikoff 4 years ago

upgrading mariadb from 10.1 to 10.2.x & of course setup a new MySQL root user password by default run as administrator :))))

| Reply |

sadikoff SFCASTS hanen 4 years ago

Awesome! Sounds like an easy fix =)

Cheers!

| Reply |

hanen sadikoff 4 years ago

;))
Serveur : 127.0.0.1 via TCP/IP
Type de serveur : MariaDB
Connexion au serveur : SSL n'est pas utilisé Documentation
Version du serveur : 10.2.9-MariaDB - mariadb.org binary distribution
Version du protocole : 10
Utilisateur : root@localhost

| Reply |

This tutorial works great for Symfony 5 and API Platform 2.5/2.6.

Symfony 4 API Platform 2.4

What PHP libraries does this tutorial use?

// composer.json
{
    "require": {
        "php": "^7.1.3",
        "ext-ctype": "*",
        "ext-iconv": "*",
        "api-platform/core": "^2.1", // v2.4.3
        "composer/package-versions-deprecated": "^1.11", // 1.11.99
        "doctrine/annotations": "^1.0", // 1.10.2
        "doctrine/doctrine-bundle": "^1.6", // 1.11.2
        "doctrine/doctrine-migrations-bundle": "^2.0", // v2.0.0
        "doctrine/orm": "^2.4.5", // v2.7.2
        "nelmio/cors-bundle": "^1.5", // 1.5.5
        "nesbot/carbon": "^2.17", // 2.19.2
        "phpdocumentor/reflection-docblock": "^3.0 || ^4.0", // 4.3.1
        "symfony/asset": "4.2.*|4.3.*|4.4.*", // v4.3.11
        "symfony/console": "4.2.*", // v4.2.12
        "symfony/dotenv": "4.2.*", // v4.2.12
        "symfony/expression-language": "4.2.*|4.3.*|4.4.*", // v4.3.11
        "symfony/flex": "^1.1", // v1.21.6
        "symfony/framework-bundle": "4.2.*", // v4.2.12
        "symfony/security-bundle": "4.2.*|4.3.*", // v4.3.3
        "symfony/twig-bundle": "4.2.*|4.3.*", // v4.2.12
        "symfony/validator": "4.2.*|4.3.*", // v4.3.11
        "symfony/yaml": "4.2.*" // v4.2.12
    },
    "require-dev": {
        "symfony/maker-bundle": "^1.11", // v1.11.6
        "symfony/stopwatch": "4.2.*|4.3.*", // v4.2.9
        "symfony/web-profiler-bundle": "4.2.*|4.3.*" // v4.2.9
    }
}

Previous Chapter

Next Chapter

Creating the User Entity

Share this awesome video!

Keep on Learning!

make:user

Adding username Field

20 Comments

Delete comment?

What PHP libraries does this tutorial use?

Show Lines	// ... lines 1 - 2
	namespace App\Entity;

	use Doctrine\ORM\Mapping as ORM;
	use Symfony\Component\Security\Core\User\UserInterface;

	/**
	* @ORM\Entity(repositoryClass="App\Repository\UserRepository")
	*/
	class User implements UserInterface
	{
	/**
	* @ORM\Id()
	* @ORM\GeneratedValue()
	* @ORM\Column(type="integer")
	*/
	private $id;

	/**
	* @ORM\Column(type="string", length=180, unique=true)
	*/
	private $email;

	/**
	* @ORM\Column(type="json")
	*/
	private $roles = [];

	/**
	* @var string The hashed password
	* @ORM\Column(type="string")
	*/
	private $password;
Show Lines	// ... lines 35 - 112
	}

	security:
	encoders:
	App\Entity\User:
	algorithm: argon2i
Show Lines	// ... lines 5 - 6
	providers:
	# used to reload user from session & other features (e.g. switch_user)
	app_user_provider:
	entity:
	class: App\Entity\User
	property: email
Show Lines	// ... lines 13 - 33

Show Lines	// ... lines 1 - 2
	namespace App\Repository;

	use App\Entity\User;
	use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
	use Symfony\Bridge\Doctrine\RegistryInterface;

	/**
	* @method User\|null find($id, $lockMode = null, $lockVersion = null)
	* @method User\|null findOneBy(array $criteria, array $orderBy = null)
	* @method User[] findAll()
	* @method User[] findBy(array $criteria, array $orderBy = null, $limit = null, $offset = null)
	*/
	class UserRepository extends ServiceEntityRepository
	{
	public function __construct(RegistryInterface $registry)
	{
	parent::__construct($registry, User::class);
	}
Show Lines	// ... lines 21 - 49
	}

Show Lines	// ... lines 1 - 10
	class User implements UserInterface
	{
Show Lines	// ... lines 13 - 35
	/**
	* @ORM\Column(type="string", length=255)
	*/
	private $username;
Show Lines	// ... lines 40 - 62
	public function getUsername(): string
	{
	return (string) $this->username;
	}
Show Lines	// ... lines 67 - 124
	}

Show Lines	// ... lines 1 - 35
	/**
	* @ORM\Column(type="string", length=255, unique=true)
	*/
	private $username;
Show Lines	// ... lines 40 - 126

Show Lines	// ... lines 1 - 12
	final class Version20190509185722 extends AbstractMigration
	{
Show Lines	// ... lines 15 - 19
	public function up(Schema $schema) : void
	{
	// this up() migration is auto-generated, please modify it to your needs
	$this->abortIf($this->connection->getDatabasePlatform()->getName() !== 'mysql', 'Migration can only be executed safely on \'mysql\'.');

	$this->addSql('CREATE TABLE user (id INT AUTO_INCREMENT NOT NULL, email VARCHAR(180) NOT NULL, roles JSON NOT NULL, password VARCHAR(255) NOT NULL, username VARCHAR(255) NOT NULL, UNIQUE INDEX UNIQ_8D93D649E7927C74 (email), UNIQUE INDEX UNIQ_8D93D649F85E0677 (username), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci ENGINE = InnoDB');
	}
Show Lines	// ... lines 27 - 34
	}