1000 search results

Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Security Voter
40 lines | src/Security/Voter/DragonTreasureVoter.php
// ... lines 1 - 9
class DragonTreasureVoter extends Voter
{
// ... lines 12 - 19
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
{
return false;
// ... lines 23 - 37
}
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Security Voter
40 lines | src/Security/Voter/DragonTreasureVoter.php
// ... lines 1 - 9
class DragonTreasureVoter extends Voter
{
// ... lines 12 - 19
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
{
return false;
$user = $token->getUser();
// if the user is anonymous, do not grant access
if (!$user instanceof UserInterface) {
return false;
}
// ... (check conditions and return true to grant permission) ...
switch ($attribute) {
case self::EDIT:
// logic to determine if the user can EDIT
// return true or false
break;
}
return false;
}
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Security Voter
43 lines | src/Security/Voter/DragonTreasureVoter.php
// ... lines 1 - 9
class DragonTreasureVoter extends Voter
{
// ... lines 12 - 19
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
{
$user = $token->getUser();
// if the user is anonymous, do not grant access
if (!$user instanceof UserInterface) {
return false;
}
assert($subject instanceof DragonTreasure);
// ... (check conditions and return true to grant permission) ...
// ... lines 31 - 40
}
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Security Voter
43 lines | src/Security/Voter/DragonTreasureVoter.php
// ... lines 1 - 9
class DragonTreasureVoter extends Voter
{
// ... lines 12 - 19
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
{
// ... lines 22 - 29
// ... (check conditions and return true to grant permission) ...
switch ($attribute) {
case self::EDIT:
if ($subject->getOwner() === $user) {
return true;
}
break;
}
return false;
}
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Security Voter
52 lines | src/Security/Voter/DragonTreasureVoter.php
// ... lines 1 - 5
use Symfony\Bundle\SecurityBundle\Security;
// ... lines 7 - 10
class DragonTreasureVoter extends Voter
{
// ... lines 13 - 14
public function __construct(private Security $security)
{
}
// ... lines 18 - 50
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Security Voter
52 lines | src/Security/Voter/DragonTreasureVoter.php
// ... lines 1 - 10
class DragonTreasureVoter extends Voter
{
// ... lines 13 - 24
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
{
// ... lines 27 - 35
switch ($attribute) {
case self::EDIT:
if (!$this->security->isGranted('ROLE_TREASURE_EDIT')) {
return false;
}
if ($subject->getOwner() === $user) {
return true;
}
break;
}
// ... lines 48 - 49
}
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Security Voter
56 lines | src/Security/Voter/DragonTreasureVoter.php
// ... lines 1 - 10
class DragonTreasureVoter extends Voter
{
// ... lines 13 - 24
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
{
// ... lines 27 - 32
if ($this->security->isGranted('ROLE_ADMIN')) {
return true;
}
assert($subject instanceof DragonTreasure);
// ... lines 38 - 53
}
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Security Voter
45 lines | src/Security/Voter/DragonTreasureVoter.php
// ... lines 1 - 2
namespace App\Security\Voter;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\User\UserInterface;
class DragonTreasureVoter extends Voter
{
public const EDIT = 'POST_EDIT';
public const VIEW = 'POST_VIEW';
protected function supports(string $attribute, mixed $subject): bool
{
// replace with your own logic
// https://symfony.com/doc/current/security/voters.html
return in_array($attribute, [self::EDIT, self::VIEW])
&& $subject instanceof \App\Entity\DragonTreasure;
}
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
{
$user = $token->getUser();
// if the user is anonymous, do not grant access
if (!$user instanceof UserInterface) {
return false;
}
// ... (check conditions and return true to grant permission) ...
switch ($attribute) {
case self::EDIT:
// logic to determine if the user can EDIT
// return true or false
break;
case self::VIEW:
// logic to determine if the user can VIEW
// return true or false
break;
}
return false;
}
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Access Token Authenticator
15 lines | src/Security/ApiTokenHandler.php
// ... lines 1 - 2
namespace App\Security;
use Symfony\Component\Security\Http\AccessToken\AccessTokenHandlerInterface;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
class ApiTokenHandler implements AccessTokenHandlerInterface
{
public function getUserBadgeFrom(#[\SensitiveParameter] string $accessToken): UserBadge
{
// TODO: Implement getUserBadgeFrom() method.
}
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Access Token Authenticator
27 lines | src/Security/ApiTokenHandler.php
// ... lines 1 - 4
use App\Repository\ApiTokenRepository;
// ... lines 6 - 9
class ApiTokenHandler implements AccessTokenHandlerInterface
{
public function __construct(private ApiTokenRepository $apiTokenRepository)
{
}
// ... lines 15 - 25
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Access Token Authenticator
27 lines | src/Security/ApiTokenHandler.php
// ... lines 1 - 9
class ApiTokenHandler implements AccessTokenHandlerInterface
{
// ... lines 12 - 15
public function getUserBadgeFrom(#[\SensitiveParameter] string $accessToken): UserBadge
{
$token = $this->apiTokenRepository->findOneBy(['token' => $accessToken]);
// ... lines 19 - 24
}
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Access Token Authenticator
27 lines | src/Security/ApiTokenHandler.php
// ... lines 1 - 5
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
// ... lines 7 - 9
class ApiTokenHandler implements AccessTokenHandlerInterface
{
// ... lines 12 - 15
public function getUserBadgeFrom(#[\SensitiveParameter] string $accessToken): UserBadge
{
$token = $this->apiTokenRepository->findOneBy(['token' => $accessToken]);
if (!$token) {
throw new BadCredentialsException();
}
// ... lines 23 - 24
}
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Access Token Authenticator
27 lines | src/Security/ApiTokenHandler.php
// ... lines 1 - 7
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
class ApiTokenHandler implements AccessTokenHandlerInterface
{
// ... lines 12 - 15
public function getUserBadgeFrom(#[\SensitiveParameter] string $accessToken): UserBadge
{
// ... lines 18 - 23
return new UserBadge($token->getOwnedBy()->getUserIdentifier());
}
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Access Token Authenticator
32 lines | src/Security/ApiTokenHandler.php
// ... lines 1 - 6
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
// ... lines 8 - 10
class ApiTokenHandler implements AccessTokenHandlerInterface
{
// ... lines 13 - 16
public function getUserBadgeFrom(#[\SensitiveParameter] string $accessToken): UserBadge
{
// ... lines 19 - 24
if (!$token->isValid()) {
throw new CustomUserMessageAuthenticationException('Token expired');
}
return new UserBadge($token->getOwnedBy()->getUserIdentifier());
}
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

API Token Scopes
34 lines | src/Security/ApiTokenHandler.php
// ... lines 1 - 10
class ApiTokenHandler implements AccessTokenHandlerInterface
{
// ... lines 13 - 16
public function getUserBadgeFrom(#[\SensitiveParameter] string $accessToken): UserBadge
{
// ... lines 19 - 28
$token->getOwnedBy()->markAsTokenAuthenticated($token->getScopes());
return new UserBadge($token->getOwnedBy()->getUserIdentifier());
}
}
See Code Block in Script
Code

Learn Symfony 5

 >

Symfony 5 Security: Authenticators

 >

Custom Redirect when "Email Not Verified"
10 lines | src/Security/AccountNotVerifiedAuthenticationException.php
// ... lines 1 - 2
namespace App\Security;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
class AccountNotVerifiedAuthenticationException extends AuthenticationException
{
}
See Code Block in Script
Code

Learn Symfony 5

 >

Symfony 5 Security: Authenticators

 >

2 Factor Authentication & Authentication Tokens
83 lines | src/Security/LoginFormAuthenticator.php
// ... lines 1 - 15
use Symfony\Component\Security\Http\Authenticator\AbstractLoginFormAuthenticator;
// ... lines 17 - 26
class LoginFormAuthenticator extends AbstractLoginFormAuthenticator
{
// ... lines 29 - 81
}
See Code Block in Script
Code

Learn Symfony 5

 >

Netgen Layouts: Building Pages with Symfony

 >

Creating & Mapping Layouts
39 lines | templates/security/login.html.twig
{% extends nglayouts.layoutTemplate %}
// ... lines 2 - 39
See Code Block in Script
Code

Learn Symfony 6

 >

Upgrading & What's New in Symfony 6!

 >

Hunting Down the Final Deprecations
86 lines | src/Security/LoginFormAuthenticator.php
// ... lines 1 - 21
class LoginFormAuthenticator extends AbstractLoginFormAuthenticator
{
// ... lines 24 - 27
public function __construct(private EntityManagerInterface $entityManager, private UrlGeneratorInterface $urlGenerator)
{
}
// ... lines 31 - 84
}
See Code Block in Script
Code

Learn Symfony 6

 >

Upgrading & What's New in Symfony 6!

 >

Hunting Down the Final Deprecations
86 lines | src/Security/LoginFormAuthenticator.php
// ... lines 1 - 60
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): Response
{
if ($targetPath = $this->getTargetPath($request->getSession(), $firewallName)) {
// ... line 64
}
// ... lines 66 - 67
}
// ... lines 69 - 86
See Code Block in Script
27 28 29 30 31