Chapters
33 Chapters
|
3:34:13
|
Login to bookmark this video
-
Course Code
Subscribe to download the code!Compatible PHP versions: ^7.1.3
Subscribe to download the code!Compatible PHP versions: ^7.1.3
-
This Video
Subscribe to download the video!
Subscribe to download the video!
-
Subtitles
Subscribe to download the subtitles!
Subscribe to download the subtitles!
-
Course Script
Subscribe to download the script!
Subscribe to download the script!
17.
IS_AUTHENTICATED_ & Protecting All URLs
Scroll down to the script below, click on any sentence (including terminal blocks) to jump to that spot in the video!
Subscribe to jump to this part in the video!
Keep on Learning!
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
What PHP libraries does this tutorial use?
// composer.json
{
"require": {
"php": "^7.1.3",
"ext-iconv": "*",
"composer/package-versions-deprecated": "^1.11", // 1.11.99
"doctrine/annotations": "^1.0", // 1.10.2
"doctrine/doctrine-bundle": "^1.6.10", // 1.10.2
"doctrine/doctrine-migrations-bundle": "^1.3|^2.0", // v2.0.0
"doctrine/orm": "^2.5.11", // v2.7.2
"knplabs/knp-markdown-bundle": "^1.7", // 1.7.0
"knplabs/knp-paginator-bundle": "^2.7", // v2.8.0
"knplabs/knp-time-bundle": "^1.8", // 1.8.0
"nexylan/slack-bundle": "^2.0,<2.2.0", // v2.0.0
"php-http/guzzle6-adapter": "^1.1", // v1.1.1
"phpdocumentor/reflection-docblock": "^3.0|^4.0", // 4.3.0
"sensio/framework-extra-bundle": "^5.1", // v5.2.0
"stof/doctrine-extensions-bundle": "^1.3", // v1.3.0
"symfony/asset": "^4.0", // v4.1.4
"symfony/cache": "^3.3|^4.0", // v4.1.4
"symfony/console": "^4.0", // v4.1.4
"symfony/flex": "^1.0", // v1.21.6
"symfony/framework-bundle": "^4.0", // v4.1.4
"symfony/lts": "^4@dev", // dev-master
"symfony/property-access": "^3.3|^4.0", // v4.1.4
"symfony/property-info": "^3.3|^4.0", // v4.1.4
"symfony/security-bundle": "^4.0", // v4.1.4
"symfony/serializer": "^3.3|^4.0", // v4.1.4
"symfony/twig-bundle": "^4.0", // v4.1.4
"symfony/web-server-bundle": "^4.0", // v4.1.4
"symfony/yaml": "^4.0", // v4.1.4
"twig/extensions": "^1.5" // v1.5.2
},
"require-dev": {
"doctrine/doctrine-fixtures-bundle": "^3.0", // 3.0.2
"easycorp/easy-log-handler": "^1.0.2", // v1.0.7
"fzaninotto/faker": "^1.7", // v1.8.0
"symfony/debug-bundle": "^3.3|^4.0", // v4.1.4
"symfony/dotenv": "^4.0", // v4.1.4
"symfony/maker-bundle": "^1.0", // v1.7.0
"symfony/monolog-bundle": "^3.0", // v3.3.0
"symfony/phpunit-bridge": "^3.3|^4.0", // v4.1.4
"symfony/stopwatch": "^3.3|^4.0", // v4.1.4
"symfony/var-dumper": "^3.3|^4.0", // v4.1.4
"symfony/web-profiler-bundle": "^3.3|^4.0" // v4.1.4
}
}
6 Comments
Why is checking for role ROLE_USER equivalent to checking for IS_AUTHENTICATED_FULLY and not IS_AUTHENTICATED_REMEMBERED?
I would expect the latter
Hey Matteo S.
Yeah in some cases probably you are right, however
IS_AUTHENTICATED_...constants are system attributes, andROLE_..are object roles, so you may not have roles but you can be authenticated. Return back to your question, if I got correct place related to your question Ryan said in that moment using ROLE_USER and IS_AUTHENTICATED_FULLY is an equivalent check, and that is true, and in that place we are not speaking about REMEMBERED attribute, because it will be introduced later.However I agree that it may confuse a little while watching video!
Cheers!
How to customize the form returned by "IS_AUTHENTICATED_FULLY"? I would like to make it to require just the password [twice] not the email. Thanks
Hey Alex,
If you're talking about Login form - it lives in templates/security/login.html.twig Twig template.
Cheers!
Yes, but is there any way to create another form that is returned by "IS_AUTHENTICATED_FULLY"? Thanks
Hey Alexandru!
Interesting question! When a user only has IS_AUTHENTICATED_REMEMBERED, and they try to access a page that requires IS_AUTHENTICATED_FULLY, then they will be redirected to the login page - e.g. /login. In that controller (because you are 100% in control of this controller & template), I would check to see if the user has "IS_AUTHENTICATED_REMEMBERED". If they do, pass a flag into Twig that says this and then render the form differently. Or, perhaps better, in your controller, render an entirely different template for those users :).
Now, the only trick is that you will also need to update your authenticator to be able to handle the new form. I've never done this before, but it shouldn't be too hard. Basically, inject the
Securityclass into your authenticator so that you can check if the user has IS_AUTHENTICATED_REMEMBERED. If they do, then you know that they are submitting the "authenticated" version of the form. And you can change the logic in your authenticator based on this - e.g. get the User object via $this->security->getUser() instead of reading a submitting email field and querying the database.Let me know if that helps!
Cheers!
"Houston: no signs of life"
Start the conversation!