Chapters
47 Chapters
|
4:41:51
|
Login to bookmark this video
-
Course Code
Subscribe to download the code!
Subscribe to download the code!
-
This Video
Subscribe to download the video!
Subscribe to download the video!
-
Subtitles
Subscribe to download the subtitles!
Subscribe to download the subtitles!
-
Course Script
Subscribe to download the script!
Subscribe to download the script!
Scroll down to the script below, click on any sentence (including terminal blocks) to jump to that spot in the video!
Subscribe to jump to this part in the video!
Keep on Learning!
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
This tutorial also works great for Symfony 6!
What PHP libraries does this tutorial use?
// composer.json
{
"require": {
"php": ">=8.2",
"ext-ctype": "*",
"ext-iconv": "*",
"babdev/pagerfanta-bundle": "^3.3", // v3.3.0
"composer/package-versions-deprecated": "^1.11", // 1.11.99.4
"doctrine/annotations": "^1.0", // 1.13.2
"doctrine/doctrine-bundle": "^2.1", // 2.6.3
"doctrine/doctrine-migrations-bundle": "^3.0", // 3.1.1
"doctrine/orm": "^2.7", // 2.10.1
"knplabs/knp-markdown-bundle": "^1.8", // 1.9.0
"knplabs/knp-time-bundle": "^1.11", // v1.16.1
"pagerfanta/doctrine-orm-adapter": "^3.3", // v3.3.0
"pagerfanta/twig": "^3.3", // v3.3.0
"phpdocumentor/reflection-docblock": "^5.2", // 5.2.2
"scheb/2fa-bundle": "^5.12", // v5.12.1
"scheb/2fa-qr-code": "^5.12", // v5.12.1
"scheb/2fa-totp": "^5.12", // v5.12.1
"sensio/framework-extra-bundle": "^6.0", // v6.2.0
"stof/doctrine-extensions-bundle": "^1.4", // v1.6.0
"symfony/asset": "5.3.*", // v5.3.4
"symfony/console": "5.3.*", // v5.3.7
"symfony/dotenv": "5.3.*", // v5.3.8
"symfony/flex": "^1.3.1", // v1.21.6
"symfony/form": "5.3.*", // v5.3.8
"symfony/framework-bundle": "5.3.*", // v5.3.8
"symfony/monolog-bundle": "^3.0", // v3.7.0
"symfony/property-access": "5.3.*", // v5.3.8
"symfony/property-info": "5.3.*", // v5.3.8
"symfony/rate-limiter": "5.3.*", // v5.3.4
"symfony/runtime": "5.3.*", // v5.3.4
"symfony/security-bundle": "5.3.*", // v5.3.8
"symfony/serializer": "5.3.*", // v5.3.8
"symfony/stopwatch": "5.3.*", // v5.3.4
"symfony/twig-bundle": "5.3.*", // v5.3.4
"symfony/ux-chartjs": "^1.3", // v1.3.0
"symfony/validator": "5.3.*", // v5.3.8
"symfony/webpack-encore-bundle": "^1.7", // v1.12.0
"symfony/yaml": "5.3.*", // v5.3.6
"symfonycasts/verify-email-bundle": "^1.5", // v1.5.0
"twig/extra-bundle": "^2.12|^3.0", // v3.3.3
"twig/string-extra": "^3.3", // v3.3.3
"twig/twig": "^2.12|^3.0" // v3.3.3
},
"require-dev": {
"doctrine/doctrine-fixtures-bundle": "^3.3", // 3.4.0
"symfony/debug-bundle": "5.3.*", // v5.3.4
"symfony/maker-bundle": "^1.15", // v1.34.0
"symfony/var-dumper": "5.3.*", // v5.3.8
"symfony/web-profiler-bundle": "5.3.*", // v5.3.8
"zenstruck/foundry": "^1.1" // v1.13.3
}
}
12 Comments
Hello,
I kindly request a help about one error: I have a controller as below:
My purpose is, when user logged in, url should redirect his page. I coded as below to LoginFormAuthenticator.
However, I am getting below error. Could you please help me to why ı am getting this?
Hey Mahmut,
Are you sure the error you see is related to the code you showed above? :) Because that code looks good to me, probably you have another spot in your app where you generate
app_main_homepageroute without parameters? Please, double-check it. You can easily debug it withdd()before and after that route generation:Make sure you hit "before" spot first, then comment it out and make sure you hit the "after". Also, probably you generate route that shows the error on the redirected page? I would recommend you to search for
app_main_homepageglobally in your project to see if there are any spots where you forgot that mandatory parameter. If everything looks good - hm, maybe try to clear the cache just in case, sometimes it helps!Also, make sure that the
$usernameyou're passing togenerate()is not null or empty string :)Cheers!
hello Victor,
I found the problem, ı was missing the parameter to path ( app_main_homepage). I added and fixed.
Hey Mahmut,
Great! Easy fix :)
Very happy with all these walkthroughs as always. One question - I have the following authenticate() method with a flag on the user to block login via the form for certain users.
As it currently behaves, it will check whether this block flag is on or not BEFORE the password is checked. This has the side effect that you can find out whether a user exists or not even if you don't pass the correct password.
Where would I put this deny-flag-check in order to do it only once the password is successfully checked (but before the user is authenticated... I understand that I could do it in the onAuthenticationSuccess method, but I want it before the session is approved)
Hey MattWelander!
Happy new year! This is an excellent question. Take this logic out of your authenticator and instead, add it to an event subscriber on the
CheckPassportEvent::classevent. ThePasswordCredentialsthemselves are actually checked via a listener on this event: https://github.com/symfony/symfony/blob/6.3/src/Symfony/Component/Security/Http/EventListener/CheckCredentialsListener.php - you can use it as a guide. To be sure that you're running AFTER the password check, you could set your priority to-1for this subscriber - so like this:Let me know if that works out! Btw, a side effect of this (which is probably good) is that if you have any other ways for a user to authenticate (including, iirc, via a "remember me cookie"), those will also be "subject" to this check. In other words, no matter how your user tries to log in, if they fail this check, they will fail authentication. If this is NOT what you want (and you only want this check to happen for this ONE authenticator), that's no problem. Do this:
A) Create a new badge class - e.g.
CheckDenyFormLoginBadge. It can basically be emptyB) Add this to your
PassportC) In your subscriber, only run the check if this badge is present.
Cheers!
Hello.
Great guide. it's really helping me a lot.
I am writing this comment because while I was trying this step "AbstractLoginFormAuthenticator & Redirecting to Previous URL", after all the changes the authentication process did not seem to take place.
the solution I found was to change the LoginFormAuthenticator class
adding the motodo
this
it returned false and did not make the magic work.
Hey Andrea Gelmini !
It look like you have a tiny error in your first code example. This is how we do the
supports()checkYou can notice we hardcode the "/login" string
Cheers!
I'm confused =)
At one stage in this script you say:
"This means that... oh yea... we can remove code! Let's see: delete supports(), onAuthenticationFailure() and also start():"
In the resulting example, the method supports() is completely erased. Like Andrea Gelmini says above, this causes the authenticator to go completely disconnect. the login form is no longer attached to an authenticator, submitting the form will only render the login form anew.
By your answer to Andrea above, it seems that you confirm that the supports() method should still be in the LoginFormAuthenticator? Was it a mistake to tell us to remove it alltogether and the script needs amending? Or is there something in mine and Andreas environment that is configured differently than in your environment, causing the supports() method from the AbstractLoginFormAuthenticator to go disconnect?
Hmm, I see what you mean. Let me clarify what's going on. I think you likely already know some of this, but just to clear everything up:
A) Every authenticator DOES need a
supports()method.B) But, when we extend
AbstractLoginFormAuthenticator, you can remove thesupports()method in your class, simply because it already exists in the parent class.So yes, I think Diego's comment was not quite right.
Now, to the real question:
Yes, possibly :). For some reason, the
supports()method that you're inheriting is returningfalsewhen it should returntrue. You could add some debugging code to that method to find out why, though I might have an idea: are you running your site at the root of a domain - e.g.http://127.0.0.1:8000is your homepage? Or is it under a subdirectory - e.g.http://127.0.0.1:8000/siteis the homepage? If it is the latter, there is a known bug in that inherited method that makes it not match correctly. In that case, you should keep yoursupports()method so it works. Wow, and apparently I opened that issue - lol - https://github.com/symfony/symfony/issues/44893 - and it's fixed in Symfony 5.4.13, 6.0.14, 6.1.6 and 6.2.0 and higher.Anyways, that was just a guess at the problem. If I'm wrong, I'd love to know what you find going wrong in that parent
supports()method!Cheers!
That was in fact a pretty good guess - I'm testing it off of http://localhost:8888/mysite/ 😂 thanks
Yay! Well then I'm double glad that this will, at least, be fixed in later versions!
Have fun!
"Houston: no signs of life"
Start the conversation!