Security & the User Class

Video not working?

It looks like your browser may not support the H264 codec. If you're using Linux, try a different browser or try installing the gstreamer0.10-ffmpeg gstreamer0.10-plugins-good packages.

Thanks! This saves us from needing to use Flash or encode videos in multiple formats. And that let's us get back to making more videos :). But as always, please feel free to message us.

Yeaaaa! You've done it! You've made it to the tutorial where we get to build a security system with Symfony. This stuff is cool. Seriously, these days, the topic of security is gigantic! Just think about authentication: you might need to build a traditional login form, or a token-based API authentication system, or two-factor authentication or authentication across an API to a Single Sign-On server or something I've never even dreamed of before! For authorization, there are roles, access controls and more.

Woh. So we're going to write some seriously fun code in this tutorial. And it will be especially fun, because there are some new cool toys in Symfony's security system that make it nicer than ever to work with.

Coding Along!

As always, to become a true Symfony security geek... and to obtain the blueprint to the Deathstar, you should definitely code along with me. Download the course code from this page. When you unzip it, you'll find a start/ directory that has the same code that you see here. Follow the file for all the important setup details.

Oh, and if you've been coding along with me in the Symfony series so far, um, you're amazing! But also, be sure to download the new code: I made a few changes since the last tutorial, including upgrading to Symfony 4.1 and improving our fixture system. More on that later.

Anyways, the last setup step will be to open a terminal, move into the project and run:

php bin/console server:run

to start the built in web server. Ok: head back to your browser and open our app by going to http://localhost:8000.

Hello The SpaceBar! Our awesome intergalactic real news site that helps connect alien species across this side of the Milky Way.

Installing Security & Upgrading MakerBundle

Our first goal in this tutorial is to create an authentication system. In other words: a way for the user to login. No matter how you want your users to authenticate - whether it's a login form, API authentication or something crazier - the first step is always the same: brew some coffee or tea. The second step is also always the same: create a User class.

To do this, we're going to use a brand-spanking new feature! Woo! Find your terminal and run:

composer update symfony/maker-bundle

Version 1.7 of MakerBundle comes with a new command that will make our life much easier. Yep, there it is: 1.7. The new command is called make:user - try it:

php bin/console make:user

Ah! It explodes! Of course! Remember: in Symfony 4, our project starts small. If you need a feature, you need to install it. Run:

composer require security

Ah, check it out: this library has a recipe! When Composer finishes... find out what it did by running:

git status

A new config file! Check it out: config/packages/security.yaml. This file is super important. We'll start talking about it soon.

Creating the User Class with make:user

Before we run make:user again, add all the changed files to git and commit with a message about upgrading MakerBundle & adding security:

git add .
git commit -m "Upgraded MakerBundle and added security"

I'm doing this because I want to see exactly what the make:user command does.

Ok already, let's try it!

php bin/console make:user

Call the class User. Second question:

Do you want to store user data in the database

For most apps, this is an easy yes... because most apps store user data in a local database table. But, what if your user data is stored on some other server, like an LDAP server or a single sign-on server? Well, even in those cases, if you want to store any extra information about your users in a local database table, you should still answer yes. Answer "no" only if you don't need to store any user information to your database.

So, "yes" for us! Next: choose one property on your user that will be its unique display name. This can be anything - it's usually an email or username. We'll talk about how it's used later. Choose email.

And, the last question: is our app responsible for checking the user's password? In some apps - like a pure API with only token authentication, users might not even have a password. And even if your users will be able to login with a password, only answer yes if this app will be responsible for directly checking the user's password. If you actually send the password to a third-party server and it checks if it's valid, choose no.

Remember when I mentioned how complex & different modern authentication systems can be? That's why this command exists: to help walk us through exactly want we need.

I'm going to choose "No" for now. We will add a password later, but we'll keep things extra simple to start.

And... we're done! Awesome! This created a User entity, a Doctrine UserRepository for it, and updated the security.yaml file.

Let's check out these changes next!

Leave a comment!

  • 2020-06-12 Victor Bocharsky

    Hey Raed,

    Haha, glad you got it working :) Yeah, it depends on project but sometimes you need to do some minor tweaks after packages upgrade, and fixing errors step by step should help moving forward.


  • 2020-06-11 Zool

    Hey Victor Bocharsky ,

    Thanks a lot for your reply & help !

    Yes it helped so much that we could kill the first error successfully :-)

    - looks like you upgraded too much, YES ,i thought upgrading would help me solve the problem, afterwards, i did change typehint from "RegistryInterface" to "ManagerRegistry" only in "ArticleRepository" ignoring that i should have also changed it in all other repositories,
    finally, i re-started the project with only installing the composer, and no error showed after.
    I'm glad that i made this type of error :-) Because you just uncovered a lot behind the scene ! Thanks again !

  • 2020-06-09 Victor Bocharsky

    Hey Raed,

    Well, actually, it helped as far as I see, right? At least, you have a different error now :) So I believe you do have that "make:user" command, run "bin/console make:user --help" to make sure it is available. Or just "bin/console make:" one and look it in the list of available commands from Maker bundle.

    About another error you see - looks like you upgraded too much, I suppose you did "composer update"? If so, it looks like it upgraded not only the Maker bundle but all your packages, including Doctrine package. Basically, you need to do what the error message suggest you, change typehint from "RegistryInterface" to "ManagerRegistry" in your "ArticleRepository" (and probably in other entity repositories too).

    I hope this helps!


  • 2020-06-06 Zool

    Hey @Victor Bocharsky,

    Thank you so much for your prompt reply, i did re-update the maker-bundle and
    run composer require security but it was not helpful
    i got this output:
    Cannot autowire service "App\Repository\ArticleRepository": argument "$registry" of method "__construct()" references interface "Symfony\Bridg
    e\Doctrine\RegistryInterface" but no such service exists. Try changing the type-hint to "Doctrine\Persistence\ManagerRegistry" instead.

    Infos after running composer info symfony/maker-bundle

    Symfony\Bundle\MakerBundle\ => src/

    doctrine/inflector ^1.2
    nikic/php-parser ^4.0
    php ^7.1.3
    symfony/config ^3.4|^4.0|^5.0
    symfony/console ^3.4|^4.0|^5.0
    symfony/dependency-injection ^3.4|^4.0|^5.0
    symfony/filesystem ^3.4|^4.0|^5.0
    symfony/finder ^3.4|^4.0|^5.0
    symfony/framework-bundle ^3.4|^4.0|^5.0
    symfony/http-kernel ^3.4|^4.0|^5.0

    requires (dev)
    doctrine/doctrine-bundle ^1.8|^2.0
    doctrine/orm ^2.3
    friendsofphp/php-cs-fixer ^2.8
    friendsoftwig/twigcs ^3.1.2
    symfony/http-client ^4.3|^5.0
    symfony/phpunit-bridge ^4.3|^5.0
    symfony/process ^3.4|^4.0|^5.0
    symfony/security-core ^3.4|^4.0|^5.0
    symfony/yaml ^3.4|^4.0|^5.0

    ArticleRepository class

    namespace App\Repository;

    use App\Entity\Article;
    use Doctrine\ORM\QueryBuilder;
    use Doctrine\Common\Collections\Criteria;
    use Symfony\Bridge\Doctrine\RegistryInterface;
    use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;

    * @method Article|null find($id, $lockMode = null, $lockVersion = null)
    * @method Article|null findOneBy(array $criteria, array $orderBy = null)
    * @method Article[] findAll()
    * @method Article[] findBy(array $criteria, array $orderBy = null, $limit = null, $offset = null)
    class ArticleRepository extends ServiceEntityRepository
    public function __construct(RegistryInterface $registry)
    parent::__construct($registry, Article::class);

    I appreciate your help ! Thanks

  • 2020-06-04 Victor Bocharsky

    Hey Raed,

    If you don't have "make:user" command but have other commands from MakerBundle like "make:auth", "make:entity", etc. - you probably have an old version MakerBundle that just does not have that command. Try to upgrade maker, you can do it with:

    $ composer update symfony/maker-bundle

    It should help. If not - let me know what version of MakerBundle you have installed, this command should help with this:

    $ composer info symfony/maker-bundle

    The 2nd error means that looks like you don't have symfony security package that is required to be able to generate Guard authenticator with "make:auth" command. First, try to do exactly what the command says - install security package with:

    $ composer require security

    And see what output does it show you. Probably there was some failed installation of it.


  • 2020-06-03 Zool

    Hi all,
    I'm enjoying this course so far!
    Command "make:user" is not defined.
    Did you mean one of these?

    i tried to run make:auth
    but i got this error Missing package: to use the make:auth command, run: composer require security,
    Despite i've already run composer require security

  • 2020-04-28 Vladimir Sadicov

    Hey anoniempje

    Looks like you got outdated code, can you re-download it and try again? if you will get same notice again, than share please your php and doctrine/orm versions


  • 2020-04-27 anoniempje


    I'm trying to set up the starting code of this lesson to follow along by following the steps in the ReadMe.

    Everything goes without a problem, until i try to execute bin/console doctrine:fixtures:load.

    Then I get this notice: Notice: Trying to access array offset on value of type null. This prevents the fixtures from being loaded.

    Any idea why this is happening?


  • 2020-04-22 Diego Aguiar

    you could create a branch per each directory

  • 2020-04-22 Pleaseenteryourname

    So, it appears I was confusing a branch and a worktree in git workflow. So I started over in a new directory and everything is working fine now.

    Now my question is: How can I get these two different directories on the same repository but a different working tree?

  • 2020-04-22 Diego Aguiar

    Hey Pleaseenteryourname

    Let me see if I got it right. You copied all the files from the start directory to a new folder in your system? Then, you ran composer install without any problems until you ran php bin/console server:run?

    If that's the case, I think something went wrong during the process. Try clearing the cache manually and re-install your vendors
    I hope it does the job but if not, please let me know


  • 2020-04-21 Pleaseenteryourname

    Ok, I've coded along since the first episode of this course. I did not know how to best start a new project so I started a new branch and copied all the files from the source code to that branch. I don't know if this is the best way to do this.

    When installing everything ran rather smooth until I tried to run the server and I get this huge error:

    Exception thrown when handling an exception (Symfony\Component\Config\Exception\FileLoaderLoadException: Unable to find file "@FrameworkBundle/Resources/config/routing/errors.xml" in @FrameworkBundle/Resources/config/routing/errors.xml (which is being imported from "C:\Bitnami\wampstack-7.3.11-0\apache2\htdocs\the_spacebar\config\routes\dev\framework.yaml"). Make sure the "FrameworkBundle/Resources/config/routing/errors.xml" bundle is correctly registered and loaded in the application kernel class. If the bundle is registered, make sure the bundle path "@FrameworkBundle/Resources/config/routing/errors.xml" is not empty.)

    I tried looking into the config files but I am rather confused about where to find this certain config

  • 2019-12-25 Victor Bocharsky

    Hey AbelardoLG,

    Yes, according to this deprecation warning: - you need to use "\Doctrine\Persistence\ManagerRegistry" instead of "Doctrine\Common\Persistence\ManagerRegistry" since doctrine/persistence 1.3.

    I hope this helps!


  • 2019-12-16 Diego Aguiar

    Ohh, that's an incompatibility with PHP7.3 but if you upgrade only Doctrine it should work. composer update doctrine/orm


  • 2019-12-16 AbelardoLG

    Hi there, Victor Bocharsky : Thanks for your words! ;)

  • 2019-12-16 Victor Bocharsky

    Hey Alexandre,

    Thank you for this tip! Actually, there's even easier solution, check Composer docs for more info:


  • 2019-12-16 Victor Bocharsky

    Hey AbelardoLG,

    Yeah, now when symfony/lts package is abandoned - you can get rid of it. First, make sure you have symfony/flex in your dependencies and then you can remove it with "composer remove symfony/lts". But it's not required, so you skip this warning, especially if you're working on a demo project you downloaded from SymfonyCasts.


  • 2019-12-15 AbelardoLG

    Hi there!
    When you run this command:
    composer require security
    is possible that Symfony warns you:
    Package symfony/lts is abandoned, you should avoid using it. Use symfony/flex instead.

    Simply you should remove from composer.json since symfony/flex is installed by default since its version 4

  • 2019-12-14 AbelardoLG

    Hi there!

    With Symfony 4.4, the ManagerRegistry class is deprecated (found on UserRepository). Take into consideration. :)

    What should the replacement be?

    Best regards.

  • 2019-12-13 Alexandre Leprêtre

    For some reason, installing the security bundle failed with:
    PHP Fatal error: Allowed memory size of 1610612736 bytes exhausted (tried to allocate 67108864 bytes) in phar:///usr/local/Cellar/composer/1.9.1/bin/composer/src/Composer/DependencyResolver/Solver.php on line 223

    If you have the same problem, you can fix it running the following:
    php -d memory_limit=-1 $(which composer) require security

    It basically allows Composer to eat all the memory it wants. I don't know why it happens or if there's a better fix though.

  • 2019-12-13 Henintsoa Randrianasolo

    Hey,Yes I followed it but got the same problems after running composer install

    !! In UnitOfWork.php line 2718:
    !! Warning: "continue" targeting switch is equivalent to "break". Did you mean
    !! to use "continue 2"?
    Script @auto-scripts was called via post-install-cmd

  • 2019-12-11 Diego Aguiar

    Hey Henintsoa Randrianasolo

    Could you restore your composer.lock and just run composer install? That bundle changed in a badly way recently, I suppose it will get fix soon

  • 2019-12-11 Henintsoa Randrianasolo

    Yes I run composer update

  • 2019-12-09 weaverryan

    Hi Henintsoa Randrianasolo!

    Sorry about the issue! It's due to a change made in that bundle - - but it should not affect you if you only run composer install. Did you (by chance) run composer update?

    Let me know!


  • 2019-12-09 Henintsoa Randrianasolo

    Hi,I have already downloaded the courses,and while installing it.After composer install.I have got this error.

    In ContainerBuilder.php line 1062:

    Circular reference detected for service "nexy_slack.client", path: "nexy_slack.client -> Nexy\Slack\Client -> nexy_slack.client".

    Can someone help me please

  • 2019-09-04 Vladimir Sadicov

    Hey Tac Tacelosky

    Yeah it's cool to have updated dependencies, but you should know that some parts of course could work not as expected. That's why we recommend to use composer install on downloaded code.

    However if you still want to update all dependencies, than first step is to comment Nexy\Slack\Client: '@nexy_slack.client' as you did, and after it, change composer.json "php-http/guzzle6-adapter": "^1.1", to version ^2.0 and it should work!

    Note: There is no guarantee that everything will work after such upgrade =)


  • 2019-09-03 Tac Tacelosky

    I commented out the configuration in services.yaml and composer install works now.

    # custom aliases for autowiring
    # Nexy\Slack\Client: '@nexy_slack.client'

    I'd still like to know the solution for php-http, as I've seen it now a few times with other projects.

  • 2019-09-03 Tac Tacelosky

    I like to work with the updated components, so after downloading the source code, I ran 'composer update'. It's complaining about the nexy slack client, so I tried to install the slack bundle with

    composer require nexylan/slack-bundle php-http/guzzle6-adapter

    This has a dependency failure, even after changing composer.json to allow for 2.0:

    "php-http/guzzle6-adapter": "^1.1|^2.0",

    tac@tac-xps13:/var/www/symfonycasts/authenication/auth-start$ composer require nexylan/slack-bundle php-http/guzzle6-adapter
    Using version ^2.2 for nexylan/slack-bundle
    Using version ^2.0 for php-http/guzzle6-adapter
    ./composer.json has been updated
    Loading composer repositories with package information
    Updating dependencies (including require-dev)
    Your requirements could not be resolved to an installable set of packages.

    Problem 1
    - Installation request for php-http/httplug (locked at v1.1.0) -> satisfiable by php-http/httplug[v1.1.0].
    - php-http/guzzle6-adapter v2.0.0 requires php-http/httplug ^2.0 -> satisfiable by php-http/httplug[v2.0.0].
    - php-http/guzzle6-adapter v2.0.1 requires php-http/httplug ^2.0 -> satisfiable by php-http/httplug[v2.0.0].
    - Conclusion: don't install php-http/httplug v2.0.0
    - Installation request for php-http/guzzle6-adapter ^2.0 -> satisfiable by php-http/guzzle6-adapter[v2.0.0, v2.0.1].

  • 2019-08-05 Victor Bocharsky

    Hey John,

    Thank you for reporting this! It sounds like you're talking about this known bug: here. In short, PHP has a BC break in the latest versions: v7.3.7 and v7.2.20. A few possible workarounds are available:
    1. Temporarily install required packages as you did;
    2. Downgrade you PHP version;
    3. Or wait for the new release of PHP where this was reverted.


  • 2019-08-02 John Christensen

    After downloading the course code and running composer install, I get two separate 'class not found' errors.

    To fix, I had to install 'symfony/form' and 'symfony/validator':

    composer require form
    composer require validator

  • 2019-05-12 AbelardoLG

    I solved my issue.

    Thanks for replying a Sunday evening! :)

    Best regards.

  • 2019-05-12 AbelardoLG

    I am building a login form with security bundle (yes, I am trying to replicate your example but for my app). I understand you mean I should export the creation script of the table user in dev and import into the mysql in prod environment, right?

    I have to create a table in prod in order to pair my entity user into mysql (it's the engine database I am using).

  • 2019-05-12 weaverryan

    Hey AbelardoLG!

    Hmm, you want to create some code in the production environment? What's your use-case? Normally you should do all coding in the dev environment. Can you tell me?

    To answer your question - MakerBundle is only (by default) enabled in the dev environment - because it's a tool for development. You *could* override that (though I don't recommend it) by modifying the config/bundles.php and changing the 'dev' => true to 'all' => true next to the MakerBundle entry.


  • 2019-04-12 weaverryan

    Hey superbull!

    I think I understand! Here's my recommendation. But, this makes one big assumption, employees and third-party users will more-or-less be accessing the same pages on the site. Sure, there may be entire sections that are protected by a role that only some employees have. But, there will also be a lot of pages that both types of users will access, and they'll have pretty much the same experience, except that one group originally authenticated via LDAP and the other from the database. Sound about right?

    Here are some points:

    A) I would create a single User class. The only difference between employees and third-party users is that, when they login, you'll probably assign them different roles. The password field will also need to be "nullable", as employees will not have a password stored in the database. If you want some additional field to say whether or not this user is an employee or not, you can totally add that if you want.

    B) I would also create a single Guard authenticator. It just makes things easier. Your Guard authenticator would basically have all the logic you listed above : items 1-4. You would be able to read the flow very easily. You could create 2 authenticators, but I don't see much benefit.

    There are a few other details, like perhaps preventing employees from "changing their password" in your system, as the password is managed by LDAP and not in your database.

    Let me know if that make sense!


  • 2019-04-10 superbull

    Awesome course!
    I would like to ask for some advise.

    We have two kinds of users in our application:
    1. company employee with account information in LDAP
    2. third party users who can register and account information stored in database

    What we want to achieve is following:
    1. User try to login with their username and password
    2. The system will first connect to LDAP server to check the credentials
    3. If the user is found in the LDAP server and the credential is OK, save the account info to database, and the authentication is successfully done.
    4. Else if the user is not found in LDAP server, the system will check the credentials against the database.

    What is the right way to implement this with Symfony Security?

  • 2019-04-09 Diego Aguiar

    The problem is your DB version, that's a known problem on MySQL 5.6. I don't know to which MaridaDB version you have to upgrade but probably you can discover it and tell me :)

  • 2019-04-08 Daniel Gustaw

    im migration Version20180501142420.php you should change slug VARCHAR(255) to slug VARCHAR(191), and in Tag entity too. Please weaverryan update source code. My database mariadb. This is described:


    Why this problem: because on slug there is index, and indexing varchar 255 is prohibited.

  • 2019-03-07 Christian

    Solution for MySql 5.5 and 5.6:

    Change the innoDB file format to Barracuda (as it is the default since MySql 5.7)

    in my.cnf:
    innodb_large_prefix = 1
    innodb_file_format = Barracuda

    then convert your table to DYNAMIC or COMPRESSED:
    mysql> ALTER TABLE yourtable ROW_FORMAT=DYNAMIC;

  • 2019-03-04 Victor Bocharsky

    Hey Saroj,

    We're glad you found this course interesting for you! ;)


  • 2019-03-02 Saroj Shrestha

    Thanks for the course.

  • 2019-02-28 Victor Bocharsky

    Hey Tselkovskii,

    As I understand you did "composer update" but it didn't help? Hm, what PHP version do you have? And what command do you run when see this error?

    Btw, did you download the course code? I just double checked and it works for me, I don't see we have "security:check" in the code download from this course. As a workaround, I think you can remove "security:check" from your @auto-scripts, you can call it manually when needed.


  • 2019-02-28 Tselkovskii

    Don't help remove and update

  • 2019-02-28 Tselkovskii

    Executing script security-checker security:check [KO]
    Script security-checker security:check returned with error code 255
    Script @auto-scripts was called via post-update-cmd

  • 2019-01-14 Emin

    Hey Vladimir Sadicov,

    Thank you it worked by updating the security-checker! :)


  • 2019-01-11 Vladimir Sadicov

    Hey Emin

    It's coming from outdated "sensiolabs/security-checker" you have 2 options
    1) update security-checker
    edit your composer.json find "sensiolabs/security-checker": "^4.1" row and change it to "sensiolabs/security-checker": "^5.0" then run
    composer update sensiolabs/security-checker
    2) remove security-checker run
    composer remove sensiolabs/security-checker


  • 2019-01-11 Emin


    When i added .env file to make it work i get the following error:

    Executing script security-checker security:check [KO]
    Script security-checker security:check returned with error code 1
    !! The web service did not return alerts count.
    Script @auto-scripts was called via post-install-cmd

    And i dont understand where this error is coming from? :(

    Or i can use the code from the last course to keep going

  • 2018-12-03 weaverryan

    Hey walter pothof!

    I'm glad you got it figured out and thanks for posting your solution! Keep going! :)


  • 2018-12-03 weaverryan

    Dream come true! Thanks for the victory update! ❤️

  • 2018-12-02 walter pothof

    I have set the env var to export DATABASE_URL=mysql://root:YouPassword@
    It seems my root user allready had an password, so adjust YouPassword

  • 2018-12-02 walter pothof

    I downloaded the coursecode and did composer install

    When i try to create the database:php bin/console doctrine:database:create i get error:
    Access denied for user 'root'@'localhost' (using password: NO)

    This occures in the folowing 3 times files:
    In AbstractMySQLDriver.php line 113:
    In PDOConnection.php line 50:
    In PDOConnection.php line 46:

    I have tried to copy the env vars from the .env file
    export DATABASE_URL=mysql://root:@
    so they are on my computer aswell and i can see them when i do: printenv

    Can anyone tell me why i have no access to the database
    I cannot start the database now

    I have a local environment in wich i have other symfony projects running, so i know that is working correct.
    Both apache and mysql are also running as service on this computer.

  • 2018-12-02 CharlES

    Thank you for this awesome course. This weekend I was able to remove FosUserBundle and do it natively. Thank you.

  • 2018-11-20 Victor Bocharsky

    Hey Tomek,

    Thanks for sharing your ideas about solving this issue!


  • 2018-11-19 Tomek Persona

    looks like its InnoDB + using utf8mb4 encoding, double check encoding.

    Solution (changing encoding not needed, so it will help you):
    For learnig just make column length a little shorter for Tag for example like length=160:
    1) check \src\migrations\ and search for file with ( $this->addSql('CREATE TABLE tag)...) change length to 160 for name & slug
    columns [for me it was \src\migrations\Version20180501142420.php]
    2) \scr\Entity\Tag for name & slug property change length=255 to length=160

    Hope it helps

  • 2018-10-02 Diego Aguiar

    Hmm, interesting. Did you re-create your database?

  • 2018-10-02 Mamunur Rashid

    Hey Diego Aguiar I am using xampp control version 3.2.2,
    I have changed the charset to utf8,
    still I am facing this problem, please help me?

  • 2018-10-01 Diego Aguiar

    Hey Mamunur Rashid

    Oh, that problem is related to the charset of your DB. Symfony4 by default set it to "utf8mb4" which uses more bytes per character (4 bytes), so what you can do is to upgrade your MySQL version to 5.7 or higher, or use a different charset, probably "utf8"


  • 2018-10-01 Mamunur Rashid

    During the setup process, when I try to migrate database and table, I am acing the following problems,
    $ php bin/console doctrine:migrations:migrate

    Application Migrations

    WARNING! You are about to execute a database migration that could result in sche
    ma changes and data loss. Are you sure you wish to continue? (y/n)y
    Migrating up to 20180501143055 from 0

    ++ migrating 20180413174059

    NOT NULL, slug VARCHAR(100) NOT NULL, content LONGTEXT DEFAULT NULL, published_
    utf8mb4_unicode_ci ENGINE = InnoDB

    ++ migrated (0.11s)

    ++ migrating 20180413174154

    -> CREATE UNIQUE INDEX UNIQ_23A0E66989D9B62 ON article (slug)

    ++ migrated (0.03s)

    ++ migrating 20180414171443

    -> ALTER TABLE article ADD author VARCHAR(255) NOT NULL, ADD heart_count IN
    T NOT NULL, ADD image_filename VARCHAR(255) DEFAULT NULL

    ++ migrated (0.07s)

    ++ migrating 20180418130337

    -> ALTER TABLE article ADD created_at DATETIME DEFAULT NULL, ADD updated_at
    -> UPDATE article SET created_at = NOW(), updated_at = NOW()

    ++ migrated (0.06s)

    ++ migrating 20180418130730

    -> ALTER TABLE article CHANGE created_at created_at DATETIME NOT NULL, CHAN
    GE updated_at updated_at DATETIME NOT NULL

    ++ migrated (0.1s)

    ++ migrating 20180426184910

    R(255) NOT NULL, content LONGTEXT NOT NULL, created_at DATETIME NOT NULL, update
    tf8mb4_unicode_ci ENGINE = InnoDB

    ++ migrated (0.04s)

    ++ migrating 20180426185536

    -> ALTER TABLE comment ADD article_id INT NOT NULL
    -> ALTER TABLE comment ADD CONSTRAINT FK_9474526C7294869C FOREIGN KEY (arti
    cle_id) REFERENCES article (id)
    -> CREATE INDEX IDX_9474526C7294869C ON comment (article_id)

    ++ migrated (0.17s)

    ++ migrating 20180430194518

    -> ALTER TABLE comment ADD is_deleted TINYINT(1) NOT NULL

    ++ migrated (0.05s)

    ++ migrating 20180501142420

    NULL, slug VARCHAR(255) NOT NULL, created_at DATETIME NOT NULL, updated_at DATET
    CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci ENGINE = InnoDB
    Migration 20180501142420 failed during Execution. Error An exception occurred wh
    ile executing 'CREATE TABLE tag (id INT AUTO_INCREMENT NOT NULL, name VARCHAR(25
    5) NOT NULL, slug VARCHAR(255) NOT NULL, created_at DATETIME NOT NULL, updated_a
    DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci ENGINE = InnoDB':

    SQLSTATE[42000]: Syntax error or access violation: 1071 Specified key was too lo
    ng; max key length is 767 bytes

    In AbstractMySQLDriver.php line 126:

    An exception occurred while executing 'CREATE TABLE tag (id INT AUTO_INCREM
    ENT NOT NULL, name VARCHAR(255) NOT NULL, slug VARCHAR(255) NOT NULL, creat
    9B783989D9B62 (slug), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8mb4 COLLAT
    E utf8mb4_unicode_ci ENGINE = InnoDB':

    SQLSTATE[42000]: Syntax error or access violation: 1071 Specified key was t
    oo long; max key length is 767 bytes

    In PDOConnection.php line 109:

    SQLSTATE[42000]: Syntax error or access violation: 1071 Specified key was t
    oo long; max key length is 767 bytes

    In PDOConnection.php line 107:

    SQLSTATE[42000]: Syntax error or access violation: 1071 Specified key was t
    oo long; max key length is 767 bytes

    doctrine:migrations:migrate [--write-sql [WRITE-SQL]] [--dry-run] [--query-time]
    [--allow-no-migration] [--configuration [CONFIGURATION]] [--db-configuration [D
    B-CONFIGURATION]] [--db DB] [--em EM] [--shard SHARD] [-h|--help] [-q|--quiet] [
    -v|vv|vvv|--verbose] [-V|--version] [--ansi] [--no-ansi] [-n|--no-interaction] [
    -e|--env ENV] [--no-debug] [--] <command> [<version>]

  • 2018-09-26 Victor Bocharsky

    Hey Kim,

    Thanks for sharing your solution! I think you can continue using MySQL 5.5 but you need to specify your version in the doctrine configuration, see this "server_version" key:


  • 2018-09-26 Kim

    I was getting this ( error with mysqlserver versions 5.5 and 5.6, switching to 5.7 solved this.

  • 2018-09-17 Victor Bocharsky

    Hey Vlad,

    Not sure :) Didn't that example fit you?


  • 2018-09-15 Vlad

    Any other options?

  • 2018-09-14 Victor Bocharsky

    Hey Vlad,

    Here's how simulate HTTP authentication in a functional test, see docs:


  • 2018-09-13 Vlad

    How do I simulate user authentication in order to test authenticated actions using PHPUnit? I know how to do that for JWT authentication, but not regular user authentication. Please help!

  • 2018-09-11 Victor Bocharsky

    Hey Direktorius,

    We're going to release a new video every day! Working on it right now.


  • 2018-09-11 Direktorius

    Very excited for new tutorials.

    When can we expect the followup videos?

  • 2018-09-10 weaverryan

    Hey Stéphane!

    Ah, thanks for noting that! I had a little "pointer" on the wrong commit for generating the "start" code for this tutorial. I just fixed that and it should be reflected in just a few minutes. The start code you downloaded will also be missing a few CSS files and some fixtures changes. All will be better now. Sorry about that - but thanks again for pointing it out!


  • 2018-09-10 Stéphane

    Thank for this new tuto.
    When I install the application with start folder, the version of Sf4 is 4.0.14 not 4.1 like you say in video ? It's normal ?

  • 2018-09-10 weaverryan

    Yo Peter Kosak!

    > Will we touch account lockout. Example if someone/bot will try to submit 1000 times your login form the account should be locked for 15 minutes. After 3 incorrect passwords, another 3 would be 30mins then for a day so is there any easy pre-build function for this?

    This was NOT planned. But, it's interesting. Mostly, this would probably be accomplished by adding a few extra fields to your User entity so you could track number of failed attempts, and when the last attempt was. Then, probably inside a checkCredentials() method that we'll learn about in a few days, I'd check that and fail if you have one of those conditions. For the "submit the login form 1000" times, that's a bit harder. You could store a counter in the session very easily - but probably the "attacker" is using a programmatic client with no session. So, you'd probably need a new table to tracks logins by "IP".

    Anyways, when you learn about the "authenticator", you'll see that it's very easy to add custom logic and add "exit" points.

    > Second question is more general but I was thinking about it when I saw lesson 3 of this course. JSON field.

    VERY good question. It comes down to the complexity of your role system. For example, here on KnpUniversity, we have 2 roles: ROLE_USER and ROLE_ADMIN. And, there are 4 of us with ROLE_ADMIN. It's really simple, so the roles field works GREAT. But, you're right that if you want to have a lot of control over roles - listing who has what role, even adding a description in the database for what a role does - then a relationship setup will be better. This is a very valid point. It's not a matter of performance - just choosing how much complexity your app needs.

    If you *did* want this setup, then yea, you could have a `Role` entity or even a Group entity that has an json array of roles (or a Group entity that is ManyToMany to a Role entity) and then a User can be ManyToMany to Group. You can see that this can scale up to a lot of different levels of complexity. The cool thing is that Symfony only cares that your User has a getRoles() method that returns a string of roles. If you have a really complex setup, your getRoles() method would ultimately just be looping over its related Role entity objects (or looping over its related Group objects... and *their* Role objects) to create this array of strings. Performance is not really a problem because getRoles() is only called on login and then stored in the session (though, there is a pull request - - to change this behavior).

    I hope that clarifies a bit. Great question! :D


  • 2018-09-10 Peter Kosak

    Ryan, first of all thank you soooo much for this course I've been waiting for like the other one regarding forms.

    Anyway I have 2 questions that comes to my mind.

    First one:
    Will we touch account lockout. Example if someone/bot will try to submit 1000 times your login form the account should be locked for 15 minutes. After 3 incorrect passwords, another 3 would be 30mins then for a day so is there any easy pre-build function for this?

    Second question is more general but I was thinking about it when I saw lesson 3 of this course. JSON field.
    This is soo powerfull field these days that I think will drive people into wrong database schema setup in the future. (instead of creating linked tables for manytomanythey will store it in one entity) I am will be probably one of them. We/You are going to be storing roles in DB as JSON value. Before json we would have ManyToMany reletionship between roles and user. So the question is; is it actually good practise to store them as a JSON. What if I want to list all the users where ROLE is "admin" and not "user"? Why we/you/symfony is not using this elsewhere for ManyToMany relationship but usually we have to create this manytomany relationship (2 entities)? Whats the difference between following relationships Student & Course vs User & Roles (why we dont use JSON to store the courses in student class?).

    Is it just inconsistency or does it have some logical answer? I think only the performace will be the answer so the next question is: is it actually better approach to store Roles in separate table/entity?