Chapters

33 Chapters | 3:34:13 |

01

Security & the User Class

6:30
02

All about the User class

3:18
03

Customizing the User Entity

6:28
04

The Login Form

8:36
05

Firewalls & Authenticator

6:59
06

Login Form Authenticator

8:33
07

Redirecting on Success & the User Provider

6:17
08

Authentication Errors

5:27
09

Customizing Errors & Logout

6:35
10

CSRF Protection

5:06
11

Adding Remember Me

3:47
12

Adding & Checking the User's Password

8:27
13

access_control Authorization & Roles

5:08
14

Target Path: Redirecting an Anonymous User

5:48
15

Deny Access in the Controller

3:06
16

Dynamic Roles

7:36
17

IS_AUTHENTICATED_ & Protecting All URLs

8:29
18

Fetch the User Object

7:30
19

Custom User Method

6:18
20

Fetching the User In a Service

4:37
21

Role Hierarchy

4:49
22

Impersonation (switch_user)

6:30
23

Serializer & API Endpoint

5:29
24

API Auth: Do you Need it? And its Parts

7:56
25

ApiToken Entity

7:06
26

Entry Point: Helping Users Authenticate

5:15
27

API Token Authenticator

7:01
28

API Token Authenticator Part 2!

8:18
29

Manual Authentication / Registration

11:19
30

Author ManyToOne Relation to User

7:07
31

Article Admin & Low-Level Access Controls

7:14
32

Voters

3:47
33

Adding a Custom Voter

7:47

This tutorial has a new version, check it out!

> Symfony 4 > Symfony Security: Beautiful Authentication, Powerful Authorization

Buy Access to Course

08.

Authentication Errors

Autoplay

Keep on Learning!

If you liked what you've learned so far, dive in! Subscribe to get
access to this tutorial plus video, code and script downloads.

Start your All-Access Pass

Buy just this tutorial for $12.00

Previous Chapter

Next Chapter

With a Subscription, click any sentence in the script to jump to that part of the video!

Go back to the login page. I wonder what happens if we fail the login... which, is only possible right now if we use a non-existent email address. Oh!

Cannot redirect to an empty URL

Filling in getLoginUrl()

Hmm: this is coming from AbstractFormLoginAuthenticator our authenticator's base class. If you dug a bit, you'd find out that, on failure, that authenticator class is calling getLoginUrl() and trying to redirect there. And, yea, that makes sense: if we fail login, the user should be redirected back to the login page. To make this actually work, all we need to do is fill in this method.

No problem: return $this->router->generate('app_login'):

            
Copy Code

Show All Lines

                        61 lines
            |
            src/Security/LoginFormAuthenticator.php
        
Show Lines

                                                    // ... lines 1 - 13
                            
            class LoginFormAuthenticator extends AbstractFormLoginAuthenticator
        
            {
        
Show Lines

                                                    // ... lines 16 - 55
                            
                protected function getLoginUrl()
        
                {
        
                    return $this->router->generate('app_login');
        
                }
        
            }

Ok, try it again: refresh and... perfect! Hey! You can even see an error message on top:

Username could not be found.

We get that exact error because of where the authenticator fails: we failed to return a user from getUser():

            
Copy Code

Show All Lines

                        61 lines
            |
            src/Security/LoginFormAuthenticator.php
        
Show Lines

                                                    // ... lines 1 - 13
                            
            class LoginFormAuthenticator extends AbstractFormLoginAuthenticator
        
            {
        
Show Lines

                                                    // ... lines 16 - 39
                            
                public function getUser($credentials, UserProviderInterface $userProvider)
        
                {
        
                    return $this->userRepository->findOneBy(['email' => $credentials['email']]);
        
                }
        
Show Lines

                                                    // ... lines 44 - 59
                            
            }

In a little while, we'll learn how to customize this message because... probably saying "Email" could not be found would make more sense.

The other common place where your authenticator can fail is in the checkCredentials() method:

            
Copy Code

Show All Lines

                        61 lines
            |
            src/Security/LoginFormAuthenticator.php
        
Show Lines

                                                    // ... lines 1 - 13
                            
            class LoginFormAuthenticator extends AbstractFormLoginAuthenticator
        
            {
        
Show Lines

                                                    // ... lines 16 - 44
                            
                public function checkCredentials($credentials, UserInterface $user)
        
                {
        
                    // only needed if we need to check a password - we'll do that later!
        
                    return true;
        
                }
        
Show Lines

                                                    // ... lines 50 - 59
                            
            }

Try returning false here for a second:

// ...
    public function checkCredentials($credentials, UserInterface $user)
    {
        return false;
    }
// ...

Then, login with a legitimate user. Nice!

Invalid credentials.

Anyways, go change that back to true:

            
Copy Code

Show All Lines

                        61 lines
            |
            src/Security/LoginFormAuthenticator.php
        
Show Lines

                                                    // ... lines 1 - 13
                            
            class LoginFormAuthenticator extends AbstractFormLoginAuthenticator
        
            {
        
Show Lines

                                                    // ... lines 16 - 44
                            
                public function checkCredentials($credentials, UserInterface $user)
        
                {
        
                    // only needed if we need to check a password - we'll do that later!
        
                    return true;
        
                }
        
Show Lines

                                                    // ... lines 50 - 59
                            
            }

How Authentication Errors are Stored

What I really want to find out is: where are these errors coming from? In SecurityController, we're getting the error by calling some $authenticationUtils->getLastAuthenticationError() method:

            
Copy Code

Show All Lines

                        28 lines
            |
            src/Controller/SecurityController.php
        
Show Lines

                                                    // ... lines 1 - 6
                            
            use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
        
            class SecurityController extends AbstractController
        
            {
        
Show Lines

                                                    // ... lines 11 - 13
                            
                public function login(AuthenticationUtils $authenticationUtils)
        
                {
        
                    // get the login error if there is one
        
                    $error = $authenticationUtils->getLastAuthenticationError();
        
Show Lines

                                                    // ... lines 18 - 21
                            
                    return $this->render('security/login.html.twig', [
        
Show Lines

                                                    // ... line 23
                            
                        'error'         => $error,
        
                    ]);
        
                }
        
            }

We're passing that into the template and rendering its messageKey property... with some translation magic we'll talk about soon too:

            
Copy Code

Show All Lines

                        32 lines
            |
            templates/security/login.html.twig
        
Show Lines

                                                    // ... lines 1 - 10
                            
            {% block body %}
        
                <form class="form-signin" method="post">
        
                    {% if error %}
        
                        <div class="alert alert-danger">{{ error.messageKey|trans(error.messageData, 'security') }}</div>
        
                    {% endif %}
        
Show Lines

                                                    // ... lines 16 - 29
                            
                </form>
        
            {% endblock %}

The point is: we magically fetch the "error" from... somewhere and render it. Let's demystify that. Go back to the top of your authenticator and hold command or control to click into AbstractFormLoginAuthenticator.

In reality, when authentication fails, this onAuthenticationFailure() method is called. It's a bit technical, but when authentication fails, internally, it's because something threw an AuthenticationException, which is passed to this method. And, ah: this method stores that exception onto a special key in the session! Then, back in the controller, the lastAuthenticationError() method is just a shortcut to read that key off of the session!

So, it's simple: our authenticator stores the error in the session and then we read the error from the session in our controller and render it:

            
Copy Code

Show All Lines

                        28 lines
            |
            src/Controller/SecurityController.php
        
Show Lines

                                                    // ... lines 1 - 8
                            
            class SecurityController extends AbstractController
        
            {
        
Show Lines

                                                    // ... lines 11 - 13
                            
                public function login(AuthenticationUtils $authenticationUtils)
        
                {
        
                    // get the login error if there is one
        
                    $error = $authenticationUtils->getLastAuthenticationError();
        
Show Lines

                                                    // ... lines 18 - 25
                            
                }
        
            }

The last thing onAuthenticationFailure() does is call our getLoginUrl() method and redirect there.

Filling in the Last Email

Go back to the login form and fail authentication again with a fake email. We see the error... but the email field is empty - that's not ideal. For convenience, it should pre-fill with the email I just entered.

Look at the controller again. Hmm: we are calling a getLastUsername() method and passing that into the template:

            
Copy Code

Show All Lines

                        32 lines
            |
            templates/security/login.html.twig
        
Show Lines

                                                    // ... lines 1 - 10
                            
            {% block body %}
        
                <form class="form-signin" method="post">
        
Show Lines

                                                    // ... lines 13 - 18
                            
                    <input type="email" name="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus>
        
Show Lines

                                                    // ... lines 20 - 29
                            
                </form>
        
            {% endblock %}

Oh, but I forgot to render it! Add value= and print last_username:

            
Copy Code

Show All Lines

                        32 lines
            |
            templates/security/login.html.twig
        
Show Lines

                                                    // ... lines 1 - 10
                            
            {% block body %}
        
                <form class="form-signin" method="post">
        
Show Lines

                                                    // ... lines 13 - 18
                            
                    <input type="email" value="{{ last_username }}" name="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus>
        
Show Lines

                                                    // ... lines 20 - 29
                            
                </form>
        
            {% endblock %}

But... we're not quite done. Unlike the error message, the last user name is not automatically stored to the session. This is something that we need to do inside of our LoginFormAuthenticator. But, it's super easy. Inside getCredentials(), instead of returning, add $credentials = :

            
Copy Code

Show All Lines

                        69 lines
            |
            src/Security/LoginFormAuthenticator.php
        
Show Lines

                                                    // ... lines 1 - 14
                            
            class LoginFormAuthenticator extends AbstractFormLoginAuthenticator
        
            {
        
Show Lines

                                                    // ... lines 17 - 32
                            
                public function getCredentials(Request $request)
        
                {
        
                    $credentials = [
        
                        'email' => $request->request->get('email'),
        
                        'password' => $request->request->get('password'),
        
                    ];
        
Show Lines

                                                    // ... lines 39 - 45
                            
                }
        
Show Lines

                                                    // ... lines 47 - 67
                            
            }

Now, set the email onto the session with $request->getSession()->set(). Use a special key: Security - the one from the Security component - ::LAST_USERNAME and set this to $credentials['email']:

            
Copy Code

Show All Lines

                        69 lines
            |
            src/Security/LoginFormAuthenticator.php
        
Show Lines

                                                    // ... lines 1 - 14
                            
            class LoginFormAuthenticator extends AbstractFormLoginAuthenticator
        
            {
        
Show Lines

                                                    // ... lines 17 - 32
                            
                public function getCredentials(Request $request)
        
                {
        
                    $credentials = [
        
                        'email' => $request->request->get('email'),
        
                        'password' => $request->request->get('password'),
        
                    ];
        
                    $request->getSession()->set(
        
                        Security::LAST_USERNAME,
        
                        $credentials['email']
        
                    );
        
Show Lines

                                                    // ... lines 44 - 45
                            
                }
        
Show Lines

                                                    // ... lines 47 - 67
                            
            }

Then, at the bottom, return $credentials:

            
Copy Code

Show All Lines

                        69 lines
            |
            src/Security/LoginFormAuthenticator.php
        
Show Lines

                                                    // ... lines 1 - 14
                            
            class LoginFormAuthenticator extends AbstractFormLoginAuthenticator
        
            {
        
Show Lines

                                                    // ... lines 17 - 32
                            
                public function getCredentials(Request $request)
        
                {
        
                    $credentials = [
        
                        'email' => $request->request->get('email'),
        
                        'password' => $request->request->get('password'),
        
                    ];
        
                    $request->getSession()->set(
        
                        Security::LAST_USERNAME,
        
                        $credentials['email']
        
                    );
        
                    return $credentials;
        
                }
        
Show Lines

                                                    // ... lines 47 - 67
                            
            }

Try it! Go back, login with that same email address and... nice! Both the error and the last email are read from the session and displayed.

Next: let's learn how to customize these error messages. And, we really need a way to logout.

35 Comments

Sort By

Chamal P. 3 years ago

Hi,

I'm using DynamoDB as my database. And I have created Account.php class which implements UserInterface. I have created the LoginFormAuthenticator class which implements AbstractFormLoginAuthenticator. And have implemented all the methods and written the logic to validate the user. The login functionality works fine until the OnAuthenticationSuccess methods. After the OnAuthenticationSuccess methods gets executed, symfony shows me the following error;

Class "App\Entity\Account" is not a valid entity or mapped super class.

As I know, this is because of doctrine ORM. But my question is I don't need doctrine, as I am using DynamoDB for my database. Is there a way I can work around this issue ?

Thanks.

| Reply |

Victor SFCASTS Chamal P. 3 years ago

Hey Chamal,

Hm, first of all, your Account should implement UserInterface, and it does not matter if it's an entity or no, it just should work. I'd recommend you to look closer to the error stacktrace to find the exact place where the system handling your Account as an entity. Most probably you need to tweak your business logic somewhere.

Cheers!

| Reply |

Farshad 3 years ago

When I try to login it gives me: TODO: provide a valid redirect inside '.__FILE__ at LoginFormAuthenticator.php inside checkCredentials() function.

| Reply |

weaverryan SFCASTS Farshad 3 years ago edited

Hey @Farry7!

It sounds like you're using the bin/console make:auth command - an excellent thing to use! The one thing that the generated code does not complete for you (and it leaves you this TODO) is the onAuthenticationSuccess() method - the method that decides what should happen on success (usually you redirect to some page). We talk about that method here - https://symfonycasts.com/screencast/symfony-security/success-user-provider#redirecting-on-success

Cheers!

| Reply |

Farshad 3 years ago

I see that there is an annotation in the User class: @Groups("main") can you explain what it is or in which episode it gets explained?

| Reply |

weaverryan SFCASTS Farshad 3 years ago

Hey @Farry7!

We talk about this in a later chapter - it relates to if you want to be able to serializer your User object to JSON for an API endpoint - https://symfonycasts.com/sc...

Cheers!

| Reply |

Álvaro R. 3 years ago

Hello! I have a problem, when I try to login with a different user that does not exist the variable error is still null so i dont see the message. I dont know what to do to get that working. I can sign in without any problems.

| Reply |

Thibaut Álvaro R. 2 years ago

For those who might encounter the same problem: make sure you're not overriding the onAuthenticationFailure method from the AbstractFormLoginAuthenticator class extended from your LoginFormAuthenticator security guard.

| Reply |

sadikoff SFCASTS Thibaut 2 years ago edited

Hey Thibaut

Nice catch and thanks for sharing your experience! I'd like to re-phrase it like:

If you are overriding onAuthenticationFailure then don't forget to call parent method.

Cheers!

1 | Reply |

Thomas J Álvaro R. 3 years ago

same here... :/ $error is not returning

| Reply |

sadikoff SFCASTS Thomas J 3 years ago edited

Hey Thomas J

Have you checked Diego's answer? Does it helps?

Cheers!

| Reply |

Álvaro R. Álvaro R. 3 years ago

it is like getLastAuthenticationError is not doing anything

| Reply |

MolloKhan SFCASTS Álvaro R. 3 years ago edited

Hey Álvaro R.

That's odd. Can you double-check that you imported the right class? Symfony\Component\Security\Http\Authentication\AuthenticationUtils
then, try clearing the cache manually rm -f var/cache/* and try again. If the problem persist let us know

Cheers!

| Reply |

Wuwu 4 years ago

Anyone got this?
Undefined class constant 'LAST_USERNAME'

| Reply |

wuwu Wuwu 4 years ago

it's ok, 'used' wrong class

| Reply |

MolloKhan SFCASTS wuwu 4 years ago

It happens :)

| Reply |

Mike P. 4 years ago edited

Goal:
I want to submit comments to my article via Ajax.
At the moment, depending on the http status code, $.ajax know if the submit was successful or not.

$.ajax({
type: 'POST',
url: $link,
data: { …},
success: function(data, status) {
…

},
error: function (result) {

…

Only user can submit comments, so I chooses the * @IsGranted("ROLE_USER") annotation for the createNewComment() method in my controller.

Problem:
If the user is not logged in, I get a 200 Status code as result of the Ajax request (with the content of the /login page).
JS thinks the submit was successful and goes into the success: function(data, status), when it should instead go into the error: function(result).

Possible solutions:
1.) Return another status code (405?) on the getLoginUrl() method? (As far as I know, the getLoginUrl() action is called if the user check via isGranted fails)
But I haven't found a way to add a status code to: return $this->urlGenerator->generate('app_login');

2.) "Manually" check if it is a user in my createNewComment() action. But this seems to be "over engineered/not suitable", because I already have the isGranted annotation which should check exactly that.

Question:
Whats the right way, in an Ajax submit, to tell JS that the request was unsuccessful due to @isGranted("ROLE_USER") failed?

UPDATE://
I've found a great way, my solution is to override the start() method of LoginFormAuthenticator:

 
    /**
     * Override to control what happens when the user hits a secure page
     * but isn't logged in yet.
     *
     * @return JsonResponse|RedirectResponse
     */
    public function start(Request $request, AuthenticationException $authException = null)
    {
        if ( $request -> isXmlHttpRequest() ) {
            $data = [
                'message' => 'Authentication Required'
            ];

            return new JsonResponse($data, Response::HTTP_UNAUTHORIZED);
        } else {
            $url = $this->getLoginUrl();

            return new RedirectResponse($url);
        }
    }

It works this way.
Is that the right way of doing it?

| Reply |

MolloKhan SFCASTS Mike P. 4 years ago edited

Hey Mike P.

Good question! And there is a better way to do it. What you need to do is to implement your own AuthenticationFailureHandler which should implement the interface Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface. So, whenever a request fails, the method onAuthenticationFailure() will be executed. You can read about security events here: https://symfony.com/doc/current/components/security/authentication.html#authentication-success-and-failure-events

I hope it helps. Cheers!

| Reply |

Dung L. 4 years ago

Hello all,

I do not follow tutorial from beginning to the end, the way I use these tutorials is just read chapter(s) I am interested in, so when I want to test the code provided in the downloads, where can I find the database? or do I have to follow all chapters in order to generate the database as I go along with the tutorial?

Thanks!

| Reply |

Victor SFCASTS Dung L. 4 years ago

Hey Dung,

You don't have to follow the whole course. We described what you have to do to bootstrap the project locally in README.md file in downloaded archive. Basically, it says you need to look into start/README.md or finish/README.md, depends on what you need - start or finish project code. There will be some instructions you need to execute to create the DB and its schema - Symfony has a few commands.

So, basically, look into README files inside the archive :)

Cheers!

| Reply |

Dung L. Victor 4 years ago edited

Thanks victor, Symfonnycast is awesome (I wish public/school libraries own a copy :). I found the README.md, I will follow that to setup a practice project. BTW, in the READ has a text "<3 Your friends at KnpUniversity" what is the meaning of "<3"?

| Reply |

Victor SFCASTS Dung L. 4 years ago

Hey Dung,

Haha, that's a good plan, we definitely should think about it til the next September when the new school round begin :p ;)

About "<3" - this has a super very important meaning, but also it's a HUGE secret, so don't tell anyone, please! This means "heart", like <3 is equal to ❤ but is written in old-school chars... this was even before any Emoji, etc. So, I hope it makes sense to you ;)

Cheers!

| Reply |

Dung L. Victor 4 years ago edited

Thanks for all the replies! victor . BTW, the tutorials made into a few minutes long sections makes it easy to learn/digest the materials, great idea!

| Reply |

Victor SFCASTS Dung L. 4 years ago

Hey Dung,

Yes, that's our main goal, make short and clear tutorials about complex topics. Glad you like it ;)

Cheers!

| Reply |

Pablo G. 5 years ago

Hi, when you store the username in the session, why did you use "Security::LAST_USERNAME" instead of "$request->request->get('email')" as a few lines above?

Thanks!

| Reply |

Victor SFCASTS Pablo G. 5 years ago

Hey Diego,

Wait, but "Security::LAST_USERNAME" is just a sting, i.e. just a key that Symfony will use internally to fetch the last entered username, i.e. email in our case. So, we use it instead of hardcoding the specific "_security.last_username" key name manually.

Cheers!

| Reply |

Bahae O. 5 years ago

Hi friends,
first of all I want to say thanks for this great and very helpful work!!
My problem is i can't find the error message when i try to login with a false email. even if my template have "error.messageKey", and my controller have also rendered the "error" key!
any solution for that?

| Reply |

Bahae O. Bahae O. 5 years ago

Hi again friends,
i find the solution of this dummy problem, when i generated my LoginFormAuthenticator, the console generate lot of methods like [supports(),getCredentials(),...] one of them named (onAuthenticationFailure()) this is the problem !! delete it and everything works great.
Cheers! XD

| Reply |

weaverryan SFCASTS Bahae O. 5 years ago edited

Hey Bahae O.!

Nice work! Yes, the AbstractFormLoginAuthenticator class that your authenticator extends implements the onAuthenticationFailure() method and IT is responsible for taking the error and putting it onto the session so that it's accessible via the error.messageKey. So, your solution was perfect - you were overriding this functionality on accident - but you definitely want it :).

Cheers!

1 | Reply |

Ronald V. Bahae O. 5 years ago

I got this too and looking a solution for this problem until i checked the comments. :)

| Reply |

Emakina F. 5 years ago

It seems we have to check if a session exists before getting it since Symfony 4.1:
https://symfony.com/blog/ne...

So, to set the email onto the session, we have to do:
if ($request->hasSession() && ($session = $request->getSession())) {
$session->set(Security::LAST_USERNAME, $credentials['email']);
}

Is that correct ?

| Reply |

weaverryan SFCASTS Emakina F. 5 years ago edited

Hey Emakina F.!

Hmm, that's a bit misleading. If you've configured your app to have a session (which is the default in a new application thanks to this line in the recipe: https://github.com/symfony/... then you don't need to worry about this. What changed is that, until now, if you did NOT have a session configured, calling $request->getSession() was allowed, but it would return null. In Symfony 5, instead of returning null, it will throw an exception.

So, if you know that your app uses a session, you're fine to just se things directly on the session. But if you were building some re-usable bundle, you would want to check first that the session exists.

Cheers!

1 | Reply |

axelverdruye 5 years ago

Hi, im completing the course without the videos (as they are not yet implemented). But how do i complete the certificate? As the course % depends on the amount of videos you viewed.

Thanks !

| Reply |

Otto K. axelverdruye 5 years ago

Hey Axel,

We count progress on video watching, so it's impossible to get a certificate for an unfinished course, since since it does not have all the videos. Moreover, the chapters that are not released yet is just a draft, that can be changed. But yeah, most of the time it does not change or we do very minor changes in it. So, if you won't want to watch the new videos when they are released - ping us again when this course is completely released and we'll give you the certificate.

Cheers!

1 | Reply |

axelverdruye Otto K. 5 years ago

thanks! No its fine :) I'll rewatch the videos. Always good to refresh the memory. ty for the response. Great tutorials btw !

| Reply |

Symfony 4

What PHP libraries does this tutorial use?

// composer.json
{
    "require": {
        "php": "^7.1.3",
        "ext-iconv": "*",
        "composer/package-versions-deprecated": "^1.11", // 1.11.99
        "doctrine/annotations": "^1.0", // 1.10.2
        "doctrine/doctrine-bundle": "^1.6.10", // 1.10.2
        "doctrine/doctrine-migrations-bundle": "^1.3|^2.0", // v2.0.0
        "doctrine/orm": "^2.5.11", // v2.7.2
        "knplabs/knp-markdown-bundle": "^1.7", // 1.7.0
        "knplabs/knp-paginator-bundle": "^2.7", // v2.8.0
        "knplabs/knp-time-bundle": "^1.8", // 1.8.0
        "nexylan/slack-bundle": "^2.0,<2.2.0", // v2.0.0
        "php-http/guzzle6-adapter": "^1.1", // v1.1.1
        "phpdocumentor/reflection-docblock": "^3.0|^4.0", // 4.3.0
        "sensio/framework-extra-bundle": "^5.1", // v5.2.0
        "stof/doctrine-extensions-bundle": "^1.3", // v1.3.0
        "symfony/asset": "^4.0", // v4.1.4
        "symfony/cache": "^3.3|^4.0", // v4.1.4
        "symfony/console": "^4.0", // v4.1.4
        "symfony/flex": "^1.0", // v1.21.6
        "symfony/framework-bundle": "^4.0", // v4.1.4
        "symfony/lts": "^4@dev", // dev-master
        "symfony/property-access": "^3.3|^4.0", // v4.1.4
        "symfony/property-info": "^3.3|^4.0", // v4.1.4
        "symfony/security-bundle": "^4.0", // v4.1.4
        "symfony/serializer": "^3.3|^4.0", // v4.1.4
        "symfony/twig-bundle": "^4.0", // v4.1.4
        "symfony/web-server-bundle": "^4.0", // v4.1.4
        "symfony/yaml": "^4.0", // v4.1.4
        "twig/extensions": "^1.5" // v1.5.2
    },
    "require-dev": {
        "doctrine/doctrine-fixtures-bundle": "^3.0", // 3.0.2
        "easycorp/easy-log-handler": "^1.0.2", // v1.0.7
        "fzaninotto/faker": "^1.7", // v1.8.0
        "symfony/debug-bundle": "^3.3|^4.0", // v4.1.4
        "symfony/dotenv": "^4.0", // v4.1.4
        "symfony/maker-bundle": "^1.0", // v1.7.0
        "symfony/monolog-bundle": "^3.0", // v3.3.0
        "symfony/phpunit-bridge": "^3.3|^4.0", // v4.1.4
        "symfony/stopwatch": "^3.3|^4.0", // v4.1.4
        "symfony/var-dumper": "^3.3|^4.0", // v4.1.4
        "symfony/web-profiler-bundle": "^3.3|^4.0" // v4.1.4
    }
}

Previous Chapter

Next Chapter

Authentication Errors

Share this awesome video!

Keep on Learning!

Filling in getLoginUrl()

How Authentication Errors are Stored

Filling in the Last Email

35 Comments

Delete comment?

What PHP libraries does this tutorial use?

Show Lines	// ... lines 1 - 13
	class LoginFormAuthenticator extends AbstractFormLoginAuthenticator
	{
Show Lines	// ... lines 16 - 55
	protected function getLoginUrl()
	{
	return $this->router->generate('app_login');
	}
	}

Show Lines	// ... lines 1 - 6
	use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;

	class SecurityController extends AbstractController
	{
Show Lines	// ... lines 11 - 13
	public function login(AuthenticationUtils $authenticationUtils)
	{
	// get the login error if there is one
	$error = $authenticationUtils->getLastAuthenticationError();
Show Lines	// ... lines 18 - 21
	return $this->render('security/login.html.twig', [
Show Lines	// ... line 23
	'error' => $error,
	]);
	}
	}

Show Lines	// ... lines 1 - 10
	{% block body %}
	<form class="form-signin" method="post">
	{% if error %}
	<div class="alert alert-danger">{{ error.messageKey\|trans(error.messageData, 'security') }}</div>
	{% endif %}
Show Lines	// ... lines 16 - 29
	</form>
	{% endblock %}

Show Lines	// ... lines 1 - 8
	class SecurityController extends AbstractController
	{
Show Lines	// ... lines 11 - 13
	public function login(AuthenticationUtils $authenticationUtils)
	{
	// get the login error if there is one
	$error = $authenticationUtils->getLastAuthenticationError();
Show Lines	// ... lines 18 - 25
	}
	}

Show Lines	// ... lines 1 - 14
	class LoginFormAuthenticator extends AbstractFormLoginAuthenticator
	{
Show Lines	// ... lines 17 - 32
	public function getCredentials(Request $request)
	{
	$credentials = [
	'email' => $request->request->get('email'),
	'password' => $request->request->get('password'),
	];
Show Lines	// ... lines 39 - 45
	}
Show Lines	// ... lines 47 - 67
	}