Chapters
47 Chapters
|
4:41:51
|
Login to bookmark this video
-
Course Code
Subscribe to download the code!
Subscribe to download the code!
-
This Video
Subscribe to download the video!
Subscribe to download the video!
-
Subtitles
Subscribe to download the subtitles!
Subscribe to download the subtitles!
-
Course Script
Subscribe to download the script!
Subscribe to download the script!
Scroll down to the script below, click on any sentence (including terminal blocks) to jump to that spot in the video!
Subscribe to jump to this part in the video!
Keep on Learning!
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
This tutorial also works great for Symfony 6!
What PHP libraries does this tutorial use?
// composer.json
{
"require": {
"php": ">=8.2",
"ext-ctype": "*",
"ext-iconv": "*",
"babdev/pagerfanta-bundle": "^3.3", // v3.3.0
"composer/package-versions-deprecated": "^1.11", // 1.11.99.4
"doctrine/annotations": "^1.0", // 1.13.2
"doctrine/doctrine-bundle": "^2.1", // 2.6.3
"doctrine/doctrine-migrations-bundle": "^3.0", // 3.1.1
"doctrine/orm": "^2.7", // 2.10.1
"knplabs/knp-markdown-bundle": "^1.8", // 1.9.0
"knplabs/knp-time-bundle": "^1.11", // v1.16.1
"pagerfanta/doctrine-orm-adapter": "^3.3", // v3.3.0
"pagerfanta/twig": "^3.3", // v3.3.0
"phpdocumentor/reflection-docblock": "^5.2", // 5.2.2
"scheb/2fa-bundle": "^5.12", // v5.12.1
"scheb/2fa-qr-code": "^5.12", // v5.12.1
"scheb/2fa-totp": "^5.12", // v5.12.1
"sensio/framework-extra-bundle": "^6.0", // v6.2.0
"stof/doctrine-extensions-bundle": "^1.4", // v1.6.0
"symfony/asset": "5.3.*", // v5.3.4
"symfony/console": "5.3.*", // v5.3.7
"symfony/dotenv": "5.3.*", // v5.3.8
"symfony/flex": "^1.3.1", // v1.21.6
"symfony/form": "5.3.*", // v5.3.8
"symfony/framework-bundle": "5.3.*", // v5.3.8
"symfony/monolog-bundle": "^3.0", // v3.7.0
"symfony/property-access": "5.3.*", // v5.3.8
"symfony/property-info": "5.3.*", // v5.3.8
"symfony/rate-limiter": "5.3.*", // v5.3.4
"symfony/runtime": "5.3.*", // v5.3.4
"symfony/security-bundle": "5.3.*", // v5.3.8
"symfony/serializer": "5.3.*", // v5.3.8
"symfony/stopwatch": "5.3.*", // v5.3.4
"symfony/twig-bundle": "5.3.*", // v5.3.4
"symfony/ux-chartjs": "^1.3", // v1.3.0
"symfony/validator": "5.3.*", // v5.3.8
"symfony/webpack-encore-bundle": "^1.7", // v1.12.0
"symfony/yaml": "5.3.*", // v5.3.6
"symfonycasts/verify-email-bundle": "^1.5", // v1.5.0
"twig/extra-bundle": "^2.12|^3.0", // v3.3.3
"twig/string-extra": "^3.3", // v3.3.3
"twig/twig": "^2.12|^3.0" // v3.3.3
},
"require-dev": {
"doctrine/doctrine-fixtures-bundle": "^3.3", // 3.4.0
"symfony/debug-bundle": "5.3.*", // v5.3.4
"symfony/maker-bundle": "^1.15", // v1.34.0
"symfony/var-dumper": "5.3.*", // v5.3.8
"symfony/web-profiler-bundle": "5.3.*", // v5.3.8
"zenstruck/foundry": "^1.1" // v1.13.3
}
}
9 Comments
Hi,
I want to ask that you are configuring plainpassword in UseFactory as hard coded. However if I do in AppFixtures as below,
do you suggest this? I want to push User's data from one file.( AppFixtures)
Hey @Mahmut-A
If I correctly understood your question you can just load your file in fixtures and process it like you want, for example read all users with passwords and create them with factory
Cheers!
Hi sadikoff,
I fixed as below: thank you.
` UserFactory::createOne([
Ryan I have very strange one.
I am using symfony forms everywhere and also security is based on your tutorials and documentation for my 5.4, 6.4 projects.
Now, in my new project I am not using symfony forms so I have to implement CSRF protection and here is my question, where I am failing but it seems that it is also issue here and everywhere in my other projects where I am using symfony forms with csrf tokens.
I wanted to test my solution for CSRF implementation if it is working and then I started to question why is it not working like I am expecting so I tested other projects if I am able to replicate it there and it is exactly the same issue so I have this login form and went to developer tools and added "1" in front of _csrf_token value.
I submitted form and it is letting me. Token is valid BUT when I add more characters or change completely _csrf_token value, it will output CSRF Token is Invalid.
I thought it must be perfect match, not just partial or how does it work?
You can try it too. Just clone this code go to developer tools update _csrf_token field value by adding ONE random letter in front of current value
Submit form... it will NOT print CSRF token is invalid but let you progress but if you change completely _csrf_token field value to "Hi,thisisRyan" it will output invalid token so whats the point of implementing CSRF if there does not have to be EXACT match?
Hey @Peter-K!
What an interesting find! I don't know the answer, but:
1) I don't see an attack vector here, even if it is true
2) Though I don't see a "smoking gun", it's possible that the (de)randomization (https://github.com/symfony/symfony/blob/7.3/src/Symfony/Component/Security/Csrf/CsrfTokenManager.php#L118) or splitting on
.(https://github.com/symfony/symfony/blob/7.3/src/Symfony/Component/Security/Csrf/CsrfTokenManager.php#L120) could allow for this.If you dig in further and learn more, I'd love to know!
i am working in project reast api and i don't kow how to implement csrf beccause i have not the parte frondend so what i can do kow?thanks
Hi there!
Sorry for the slow reply! Do your frontend and API live on the same domain name? Or different domain names? Are you using session-based authentication or something different?
Cheers!
How CSRF protection work in Symfony? How app know what CSRF token was send to form and after that validate it ?
Hey!
Somehow we completely missed your comment! Bah - sorry!
The answer is that, when generating a CSRF token, Symfony stores that value in the session. Then, when the user submits the CSRF token, we check that it matches what was in the session. This isn't the only want to do CSRF tokens, but it's the most standard and the one Symfony uses by default.
Cheers!
"Houston: no signs of life"
Start the conversation!