WEBVTT NOTE Created by CaptionSync from Automatic Sync Technologies www.automaticsync.com 00:00:01.086 --> 00:00:07.006 align:middle With FOSUserBundle setup, the only things we can't do is login and logout. 00:00:07.196 --> 00:00:14.606 align:middle FOSUserBundle does give us a /login page, but it's just a static HTML form: 00:00:14.736 --> 00:00:20.466 align:middle setting up the actual authentication part is entirely up to us. 00:00:20.946 --> 00:00:25.076 align:middle And that's why, if you try to login now, you get this angry message! 00:00:26.636 --> 00:00:31.236 align:middle To prove how little FOSUserBundle is doing, go to /login. 00:00:31.236 --> 00:00:35.246 align:middle If you hover over your web debug toolbar, 00:00:35.606 --> 00:00:39.326 align:middle you can see that the controller behind this page is called SecurityController. 00:00:40.906 --> 00:00:47.726 align:middle Cool! In my editor, I'll find that file by filename - Shift+Shift in PHP Storm. 00:00:50.306 --> 00:00:54.356 align:middle Sweet! See loginAction? 00:00:54.726 --> 00:00:56.696 align:middle This renders the login page. 00:00:57.836 --> 00:01:02.616 align:middle And all it does is check for any authentication errors stored 00:01:02.616 --> 00:01:05.036 align:middle in the session and render a template. 00:01:05.956 --> 00:01:11.826 align:middle It has no logic whatsoever for processing the form submit, logging in, 00:01:12.176 --> 00:01:14.506 align:middle or anything else related to security. 00:01:15.046 --> 00:01:21.736 align:middle So let's finally add some security goodness, starting with logging out. 00:01:23.976 --> 00:01:27.536 align:middle Right now, if you go to /logout, you see an error message. 00:01:28.176 --> 00:01:34.606 align:middle This is coming from that same controller: FOSUserBundle gives us a /logout route, 00:01:35.206 --> 00:01:38.526 align:middle but its controller is never supposed to be called. 00:01:38.526 --> 00:01:46.866 align:middle To fix this, in security.yml, add logout: ~. That's it. 00:01:48.606 --> 00:01:50.266 align:middle Try going to /logout again. 00:01:52.506 --> 00:01:55.666 align:middle It works! We are anonymous! 00:01:56.656 --> 00:02:01.916 align:middle By adding the logout key, Symfony is now waiting for us to go to /logout. 00:02:02.746 --> 00:02:07.456 align:middle When we do, it intercepts the request and logs us out. 00:02:08.566 --> 00:02:14.726 align:middle Other than giving us the /logout route, FOSUserBundle has nothing to do with this. 00:02:15.766 --> 00:02:16.646 align:middle What about logging in? 00:02:17.406 --> 00:02:19.056 align:middle It's the same thing. 00:02:19.896 --> 00:02:22.826 align:middle Under your firewall, add form_login. 00:02:24.016 --> 00:02:25.496 align:middle That's actually all you need. 00:02:26.136 --> 00:02:36.376 align:middle But, I'll add a bit more: csrf_token_generator: security.csrf.token_manager. 00:02:37.176 --> 00:02:43.056 align:middle That will make sure the CSRF token - which is already added 00:02:43.056 --> 00:02:47.316 align:middle in the FOSUserBundle login template - is verified when we submit. 00:02:48.706 --> 00:02:58.076 align:middle As soon as we do that, go to /login and login with aquanaut1 password turtles. 00:03:01.006 --> 00:03:03.196 align:middle Winning! We are in! 00:03:03.196 --> 00:03:09.396 align:middle FOSUserBundle gives us a login form, but we need to take care of the rest... 00:03:09.666 --> 00:03:11.066 align:middle which is pretty easy. 00:03:12.776 --> 00:03:16.666 align:middle Oh, and on the login form, we also have a remember me checkbox. 00:03:17.566 --> 00:03:25.146 align:middle If you want this to work, you'll need to add one more setting: remember_me: with secret: 00:03:26.606 --> 00:03:31.076 align:middle '%secret%' to use the secret from parameters.yml. 00:03:33.216 --> 00:03:38.096 align:middle Ok, so about 5 lines to get our entire security system working. 00:03:38.526 --> 00:03:40.666 align:middle That kicks butt! 00:03:41.916 --> 00:03:45.056 align:middle And now, we can hook up the login link for real. 00:03:47.176 --> 00:03:52.536 align:middle Open app/Resources/views/base.html.twig and find the static link. 00:03:54.646 --> 00:04:02.806 align:middle Add an if statement: if is_granted('ROLE_USER'), then else and endif. 00:04:04.836 --> 00:04:11.986 align:middle FOSUserBundle guarantees that every user always at least has ROLE_USER. 00:04:12.956 --> 00:04:16.836 align:middle So it's safe to use this to figure out whether or not the user is logged in. 00:04:22.056 --> 00:04:26.736 align:middle For the logout link, use the route fos_user_security_logout, 00:04:28.436 --> 00:04:30.196 align:middle then we'll say "Logout". 00:04:30.946 --> 00:04:33.806 align:middle Oh, put all of this stuff inside an li tag. 00:04:38.576 --> 00:04:44.536 align:middle If you run: php bin/console debug:router you can see that this is one of the routes we imported. 00:04:45.426 --> 00:04:53.036 align:middle Use a similar one for login: just copy the logout line, and change it to login. 00:04:58.606 --> 00:05:01.876 align:middle Nice! Go back, and refresh. 00:05:02.406 --> 00:05:07.266 align:middle Hit Logout! 00:05:07.696 --> 00:05:15.606 align:middle Woohoo! Next, let's see what this looks like in the database, and talk about roles.