Chapters
47 Chapters
|
4:41:51
|
Login to bookmark this video
-
Course Code
Subscribe to download the code!
Subscribe to download the code!
-
This Video
Subscribe to download the video!
Subscribe to download the video!
-
Subtitles
Subscribe to download the subtitles!
Subscribe to download the subtitles!
-
Course Script
Subscribe to download the script!
Subscribe to download the script!
Scroll down to the script below, click on any sentence (including terminal blocks) to jump to that spot in the video!
Subscribe to jump to this part in the video!
Keep on Learning!
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
This tutorial also works great for Symfony 6!
What PHP libraries does this tutorial use?
// composer.json
{
"require": {
"php": ">=8.2",
"ext-ctype": "*",
"ext-iconv": "*",
"babdev/pagerfanta-bundle": "^3.3", // v3.3.0
"composer/package-versions-deprecated": "^1.11", // 1.11.99.4
"doctrine/annotations": "^1.0", // 1.13.2
"doctrine/doctrine-bundle": "^2.1", // 2.6.3
"doctrine/doctrine-migrations-bundle": "^3.0", // 3.1.1
"doctrine/orm": "^2.7", // 2.10.1
"knplabs/knp-markdown-bundle": "^1.8", // 1.9.0
"knplabs/knp-time-bundle": "^1.11", // v1.16.1
"pagerfanta/doctrine-orm-adapter": "^3.3", // v3.3.0
"pagerfanta/twig": "^3.3", // v3.3.0
"phpdocumentor/reflection-docblock": "^5.2", // 5.2.2
"scheb/2fa-bundle": "^5.12", // v5.12.1
"scheb/2fa-qr-code": "^5.12", // v5.12.1
"scheb/2fa-totp": "^5.12", // v5.12.1
"sensio/framework-extra-bundle": "^6.0", // v6.2.0
"stof/doctrine-extensions-bundle": "^1.4", // v1.6.0
"symfony/asset": "5.3.*", // v5.3.4
"symfony/console": "5.3.*", // v5.3.7
"symfony/dotenv": "5.3.*", // v5.3.8
"symfony/flex": "^1.3.1", // v1.21.6
"symfony/form": "5.3.*", // v5.3.8
"symfony/framework-bundle": "5.3.*", // v5.3.8
"symfony/monolog-bundle": "^3.0", // v3.7.0
"symfony/property-access": "5.3.*", // v5.3.8
"symfony/property-info": "5.3.*", // v5.3.8
"symfony/rate-limiter": "5.3.*", // v5.3.4
"symfony/runtime": "5.3.*", // v5.3.4
"symfony/security-bundle": "5.3.*", // v5.3.8
"symfony/serializer": "5.3.*", // v5.3.8
"symfony/stopwatch": "5.3.*", // v5.3.4
"symfony/twig-bundle": "5.3.*", // v5.3.4
"symfony/ux-chartjs": "^1.3", // v1.3.0
"symfony/validator": "5.3.*", // v5.3.8
"symfony/webpack-encore-bundle": "^1.7", // v1.12.0
"symfony/yaml": "5.3.*", // v5.3.6
"symfonycasts/verify-email-bundle": "^1.5", // v1.5.0
"twig/extra-bundle": "^2.12|^3.0", // v3.3.3
"twig/string-extra": "^3.3", // v3.3.3
"twig/twig": "^2.12|^3.0" // v3.3.3
},
"require-dev": {
"doctrine/doctrine-fixtures-bundle": "^3.3", // 3.4.0
"symfony/debug-bundle": "5.3.*", // v5.3.4
"symfony/maker-bundle": "^1.15", // v1.34.0
"symfony/var-dumper": "5.3.*", // v5.3.8
"symfony/web-profiler-bundle": "5.3.*", // v5.3.8
"zenstruck/foundry": "^1.1" // v1.13.3
}
}
22 Comments
I love your intonations. You might as well have become an audio book speaker.
Ah, thanks for the kind words! And I hope you still think so... if you end up watching a LOT of the videos 😀.
Cheers! ❤️❤️❤️
Hey Ryan. I actually watched a lot :D. I am a symfonycasts member since I guess 7 years now? Since I startet learning symfony. Most of the things I know already but I like to watch you anyways. When I want to be in a good mood - I watch symfonycasts :D. 3-4 Years ago I had some episodes in my mp3 player for jogging :D.
Ha! MP3 player, I love that! I remember being REAL excited (a LONG time ago) about getting the first MP3 player that could hold (wait for it) 8 SONGS :p.
7 years - that's incredible. THANK YOU for the support - we love our jobs - people like you make it possible.
Cheers!
I love Micheal's idea (audio book speaker) <3 , I'm also one of your fans Ryan, I discovered you 3 years ago (via soundofsymfony Podcast), and the way you explain things in your videos make learning joyful :D, even if I am not using symfony in my daily work (yet), I watch symfonyCast and your youtube conferences because I like how you explain things. big thanks to u and ur team
That is SO nice - thank you for posting this - you made my week (and this makes my job so awesome) ❤️❤️❤️
Hi, i have a problem, i do all but my profiler have (authenticated No).
Hey @Saam,
I guess you missed some step, you can check profiler and previous request, probably there will be mentioned that you are redirected to this page, and you will see an error or something related to security blocking you from authentication. Also you can check logs in
var/log/dev.logand see if there is any error related to authentication (maybe wrong password)Cheers
Hi
Is there a way to skip session refresh at every call?
Thanks!
Hey GianlucaF!
Apologies for my slow reply! The answer is... yes! But based on your needs, it could mean 2 different things:
A) Firewalls are already "lazy" (that's the
lazy: trueunder the firewall). This means that if, during a request, nothing in your code "asks for the user" or tries to perform any security checks, then the entire security system won't be activated. And so, the user will never be loaded from the session.B) But, what I think you are really asking is: could we load the user from the session on every request... but only SOMETIMES "refresh" it from its data source (e.g. database or something else). The answer is also yes. You would do this by creating a custom user provider (instead of using the built-in "entity" provider like we are). On each request, Symfony will all the
refreshUser(UserInterface $user)method on your user provider and pass you the User object that it just loaded from the session. Normally, you would use this (e.g. read its id) and fetch a fresh User object and return it. But, nothing is stopping you from just returning the User object that was just passed to you (the one from the session). Or, to give a more realistic example, you could store (somewhere) the last time that you refreshed the user. Then, in your method, if you refreshed it recently, you return the User that was passed to you. If it's been too long, then you do whatever your logic is to refresh it.Let me know if that helps :). I would be careful avoiding refreshing (if you are talking about situation B)... just because your data could get out-of-date.
Cheers!
Hi,
Could you more clarify "A)" - in your code "asks for the user"?
What does it mean, we make request directly to "table users/entity User" with acrion (read or change)?
Will Does Security refresh a user data if , the user opens a page with some user's data and payments histry?( Users - OneToMany Payment relation )
Hey @Ruslan
Suppose you have this line somewhere in a controller's action
$this->getUser();It asks Symfony for the currently logged user, it will fetch the data from the session and then refresh the user object. So, if you never interact with that User object, Symfony won't refresh its dataThe security system does ask for the logged-in user so that it will trigger a user object refresh
I hope it is more clear now. Cheers!
Thank you.
I understand it.
Seems there is a bug on this page I have tried to deploy the hidden lines of code and the full page gets reloaded inside the code snippets.
FYI bug is fixed, thanks for your report again!
Hello Juan E.
Nice catch! Thank you for reporting we are working to fix it as soon as possible
Cheers!
there Thank's for theses very cool videos.
How can i limit the number of connection of a user. for instance, deny another connection maybe from another device...when the user is already connected? Thank's.
@Frdiscipolat ,
in one of my projects I just added a boolean field to the db holding the user data. Set this to true when the user is logged in and set it to 0 if he or she looges out. When logging in check if the field is set and if so deny a new login.
But be aware of this field if the user is logged out because the remember me runs out of time!
HTH
Ok ok. Thank's i understand the idea. This was what is was planning to do. I thought symfony the new auth system came with such a feature.
Hey discipolat!
Apologies for my slow reply! Hmm. I've never implemented this before. I would imagine that it would look something like this:
A) You would need a way to calculate some sort of "device id". I'm not sure the best way to do this - there are some suggestions here - https://stackoverflow.com/questions/54579405/get-unique-device-id-with-php-or-javascript#answers
B) To track which devices a user is currently logged in, I would create a new UserDevice entity. It would have a ManyToOne to the User entity, a deviceId property and probably a lastActiveAt DateTime property.
C) I would create an event listen on the RequestEvent (previously called kernel.request). This event happens very early in Symfony. In that listener, I would find/calculate the device id. I would then find or create the UserDevice for this device id.
At this point in the listener, you could also query to find any other UserDevice that have been active, for example, in the last 5 minutes. If you find one, and so want to deny access, you could do something like
$event->setResponse(new RedirectResponse(..))and redirect the user to some page with an error message.I hope this helps! Cheers!
I'm having troubles here. I'm using my custom authenticator and when i pass through LoginFormAuthenticator::onAuthenticationSuccess i do a redirect to the homepage as shown in the video. Debugging i could see the user info inside on $token and the session info seem alright too, but when i get to he homepage the debug toolbar says Authenticated:No. What am i doing wrong here?
Love the videos. Thanks
Hey saul
It's likely the security system is removing your session just after you authenticate because it reloads your user object on every request. I believe one of your "getters" in your User class is not correct. You can inspect the logs on each requests through the web profiler to gather more information. I hope it helps!
Cheers!
"Houston: no signs of life"
Start the conversation!