1000 search results

Code

Learn Symfony 5

 >

API Platform 2 Part 3: Custom Resources

 >

Validating Who/When Can Publish
55 lines | src/Security/Voter/CheeseListingVoter.php
// ... lines 1 - 10
class CheeseListingVoter extends Voter
{
// ... lines 13 - 19
protected function supports($attribute, $subject)
{
// replace with your own logic
// https://symfony.com/doc/current/security/voters.html
return in_array($attribute, ['EDIT'])
&& $subject instanceof CheeseListing;
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
$user = $token->getUser();
// if the user is anonymous, do not grant access
if (!$user instanceof UserInterface) {
return false;
}
/** @var CheeseListing $subject */
// ... (check conditions and return true to grant permission) ...
switch ($attribute) {
case 'EDIT':
if ($subject->getOwner() === $user) {
return true;
}
if ($this->security->isGranted('ROLE_ADMIN')) {
return true;
}
return false;
}
throw new \Exception(sprintf('Unhandled attribute "%s"', $attribute));
}
}
See Code Block in Script
Code

Learn Symfony 5

 >

Upgrading & What's New in Symfony 5!

 >

Migrate Password Hashing
95 lines | src/Security/LoginFormAuthenticator.php
// ... lines 1 - 17
use Symfony\Component\Security\Guard\PasswordAuthenticatedInterface;
// ... lines 19 - 20
class LoginFormAuthenticator extends AbstractFormLoginAuthenticator implements PasswordAuthenticatedInterface
{
// ... lines 23 - 93
}
See Code Block in Script
Code

Learn Symfony 5

 >

Upgrading & What's New in Symfony 5!

 >

Migrate Password Hashing
95 lines | src/Security/LoginFormAuthenticator.php
// ... lines 1 - 20
class LoginFormAuthenticator extends AbstractFormLoginAuthenticator implements PasswordAuthenticatedInterface
{
// ... lines 23 - 75
public function getPassword($credentials): ?string
{
// ... line 78
}
// ... lines 80 - 93
}
See Code Block in Script
Code

Learn Symfony 5

 >

Upgrading & What's New in Symfony 5!

 >

Migrate Password Hashing
95 lines | src/Security/LoginFormAuthenticator.php
// ... lines 1 - 20
class LoginFormAuthenticator extends AbstractFormLoginAuthenticator implements PasswordAuthenticatedInterface
{
// ... lines 23 - 44
public function getCredentials(Request $request)
{
$credentials = [
'email' => $request->request->get('email'),
'password' => $request->request->get('password'),
'csrf_token' => $request->request->get('_csrf_token'),
];
$request->getSession()->set(
Security::LAST_USERNAME,
$credentials['email']
);
return $credentials;
}
// ... lines 60 - 93
}
See Code Block in Script
Code

Learn Symfony 5

 >

Upgrading & What's New in Symfony 5!

 >

Migrate Password Hashing
95 lines | src/Security/LoginFormAuthenticator.php
// ... lines 1 - 20
class LoginFormAuthenticator extends AbstractFormLoginAuthenticator implements PasswordAuthenticatedInterface
{
// ... lines 23 - 75
public function getPassword($credentials): ?string
{
return $credentials['password'];
}
// ... lines 80 - 93
}
See Code Block in Script
Code

Learn Symfony 4

 >

Symfony Security: Beautiful Authentication, Powerful Authorization

 >

Manual Authentication / Registration
43 lines | templates/security/register.html.twig
{% extends 'base.html.twig' %}
{% block title %}Login!{% endblock %}
{% block stylesheets %}
{{ parent() }}
<link rel="stylesheet" href="{{ asset('css/login.css') }}">
{% endblock %}
{% block body %}
<div class="container">
<div class="row">
<div class="col-sm-12">
<form class="form-signin" method="post">
{% if error %}
<div class="alert alert-danger">{{ error.messageKey|trans(error.messageData, 'security') }}</div>
{% endif %}
<h1 class="h3 mb-3 font-weight-normal">Please sign in</h1>
<label for="inputEmail" class="sr-only">Email address</label>
<input type="email" value="{{ last_username }}" name="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required>
<input type="hidden" name="_csrf_token"
value="{{ csrf_token('authenticate') }}"
>
<div class="checkbox mb-3">
<label>
<input type="checkbox" name="_remember_me"> Remember me
</label>
</div>
<button class="btn btn-lg btn-primary btn-block" type="submit">
Sign in
</button>
</form>
</div>
</div>
</div>
{% endblock %}
See Code Block in Script
Code

Learn Symfony 4

 >

Symfony Security: Beautiful Authentication, Powerful Authorization

 >

Manual Authentication / Registration
36 lines | templates/security/register.html.twig
// ... lines 1 - 2
{% block title %}Register!{% endblock %}
// ... lines 4 - 10
{% block body %}
<div class="container">
<div class="row">
<div class="col-sm-12">
{# todo - replace with a Symfony form! #}
<form class="form-signin" method="post">
// ... lines 17 - 30
</form>
</div>
</div>
</div>
{% endblock %}
See Code Block in Script
Code

Learn Symfony 4

 >

Symfony Security: Beautiful Authentication, Powerful Authorization

 >

Manual Authentication / Registration
36 lines | templates/security/register.html.twig
// ... lines 1 - 2
{% block title %}Register!{% endblock %}
// ... lines 4 - 10
{% block body %}
<div class="container">
<div class="row">
<div class="col-sm-12">
{# todo - replace with a Symfony form! #}
<form class="form-signin" method="post">
<h1 class="h3 mb-3 font-weight-normal">Register</h1>
<label for="inputEmail" class="sr-only">Email address</label>
<input type="email" name="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required>
// ... lines 22 - 30
</form>
</div>
</div>
</div>
{% endblock %}
See Code Block in Script
Code

Learn Symfony 4

 >

Symfony Security: Beautiful Authentication, Powerful Authorization

 >

Manual Authentication / Registration
36 lines | templates/security/register.html.twig
// ... lines 1 - 2
{% block title %}Register!{% endblock %}
// ... lines 4 - 10
{% block body %}
<div class="container">
<div class="row">
<div class="col-sm-12">
{# todo - replace with a Symfony form! #}
<form class="form-signin" method="post">
<h1 class="h3 mb-3 font-weight-normal">Register</h1>
<label for="inputEmail" class="sr-only">Email address</label>
<input type="email" name="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required>
<div class="checkbox mb-3">
<label>
<input type="checkbox" name="_remember_me" required> Agree to terms I for sure read
</label>
</div>
// ... lines 28 - 30
</form>
</div>
</div>
</div>
{% endblock %}
See Code Block in Script
Code

Learn Symfony 4

 >

Symfony Security: Beautiful Authentication, Powerful Authorization

 >

Manual Authentication / Registration
36 lines | templates/security/register.html.twig
// ... lines 1 - 2
{% block title %}Register!{% endblock %}
// ... lines 4 - 10
{% block body %}
<div class="container">
<div class="row">
<div class="col-sm-12">
{# todo - replace with a Symfony form! #}
<form class="form-signin" method="post">
<h1 class="h3 mb-3 font-weight-normal">Register</h1>
<label for="inputEmail" class="sr-only">Email address</label>
<input type="email" name="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required>
<div class="checkbox mb-3">
<label>
<input type="checkbox" name="_remember_me" required> Agree to terms I for sure read
</label>
</div>
<button class="btn btn-lg btn-primary btn-block" type="submit">
Register
</button>
</form>
</div>
</div>
</div>
{% endblock %}
See Code Block in Script
Code

Learn Symfony 4

 >

Symfony Security: Beautiful Authentication, Powerful Authorization

 >

Manual Authentication / Registration
89 lines | src/Security/LoginFormAuthenticator.php
// ... lines 1 - 19
class LoginFormAuthenticator extends AbstractFormLoginAuthenticator
{
// ... lines 22 - 74
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
{
if ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) {
return new RedirectResponse($targetPath);
}
return new RedirectResponse($this->router->generate('app_homepage'));
}
// ... lines 83 - 87
}
See Code Block in Script
Code

Developer Tools

 >

Blackfire.io: Revealing Performance Secrets with Profiling

 >

Service Subscribers
96 lines | src/Security/LoginFormAuthenticator.php
// ... lines 1 - 21
class LoginFormAuthenticator extends AbstractFormLoginAuthenticator
{
// ... lines 24 - 30
public function __construct(EntityManagerInterface $entityManager, UrlGeneratorInterface $urlGenerator, CsrfTokenManagerInterface $csrfTokenManager, UserPasswordEncoderInterface $passwordEncoder)
{
$this->entityManager = $entityManager;
$this->urlGenerator = $urlGenerator;
$this->csrfTokenManager = $csrfTokenManager;
$this->passwordEncoder = $passwordEncoder;
}
// ... lines 38 - 94
}
See Code Block in Script
Code

Developer Tools

 >

Blackfire.io: Revealing Performance Secrets with Profiling

 >

Service Subscribers
102 lines | src/Security/LoginFormAuthenticator.php
// ... lines 1 - 21
use Symfony\Contracts\Service\ServiceSubscriberInterface;
class LoginFormAuthenticator extends AbstractFormLoginAuthenticator implements ServiceSubscriberInterface
{
// ... lines 26 - 100
}
See Code Block in Script
Code

Developer Tools

 >

Blackfire.io: Revealing Performance Secrets with Profiling

 >

Service Subscribers
102 lines | src/Security/LoginFormAuthenticator.php
// ... lines 1 - 23
class LoginFormAuthenticator extends AbstractFormLoginAuthenticator implements ServiceSubscriberInterface
{
// ... lines 26 - 91
public static function getSubscribedServices()
{
// ... lines 94 - 99
}
}
See Code Block in Script
Code

Developer Tools

 >

Blackfire.io: Revealing Performance Secrets with Profiling

 >

Service Subscribers
102 lines | src/Security/LoginFormAuthenticator.php
// ... lines 1 - 23
class LoginFormAuthenticator extends AbstractFormLoginAuthenticator implements ServiceSubscriberInterface
{
// ... lines 26 - 91
public static function getSubscribedServices()
{
return [
EntityManagerInterface::class,
UrlGeneratorInterface::class,
CsrfTokenManagerInterface::class,
UserPasswordEncoderInterface::class,
];
}
}
See Code Block in Script
Code

Developer Tools

 >

Blackfire.io: Revealing Performance Secrets with Profiling

 >

Service Subscribers
102 lines | src/Security/LoginFormAuthenticator.php
// ... lines 1 - 6
use Psr\Container\ContainerInterface;
// ... lines 8 - 23
class LoginFormAuthenticator extends AbstractFormLoginAuthenticator implements ServiceSubscriberInterface
{
// ... lines 26 - 29
public function __construct(ContainerInterface $container)
{
// ... line 32
}
// ... lines 34 - 100
}
See Code Block in Script
Code

Developer Tools

 >

Blackfire.io: Revealing Performance Secrets with Profiling

 >

Service Subscribers
102 lines | src/Security/LoginFormAuthenticator.php
// ... lines 1 - 23
class LoginFormAuthenticator extends AbstractFormLoginAuthenticator implements ServiceSubscriberInterface
{
// ... lines 26 - 27
private $container;
public function __construct(ContainerInterface $container)
{
$this->container = $container;
}
// ... lines 34 - 100
}
See Code Block in Script
Code

Developer Tools

 >

Blackfire.io: Revealing Performance Secrets with Profiling

 >

Service Subscribers
102 lines | src/Security/LoginFormAuthenticator.php
// ... lines 1 - 23
class LoginFormAuthenticator extends AbstractFormLoginAuthenticator implements ServiceSubscriberInterface
{
// ... lines 26 - 55
public function getUser($credentials, UserProviderInterface $userProvider)
{
// ... line 58
if (!$this->container->get(CsrfTokenManagerInterface::class)->isTokenValid($token)) {
// ... line 60
}
// ... lines 62 - 70
}
// ... lines 72 - 100
}
See Code Block in Script
Code

Developer Tools

 >

Blackfire.io: Revealing Performance Secrets with Profiling

 >

Service Subscribers
102 lines | src/Security/LoginFormAuthenticator.php
// ... lines 1 - 23
class LoginFormAuthenticator extends AbstractFormLoginAuthenticator implements ServiceSubscriberInterface
{
// ... lines 26 - 55
public function getUser($credentials, UserProviderInterface $userProvider)
{
// ... line 58
if (!$this->container->get(CsrfTokenManagerInterface::class)->isTokenValid($token)) {
// ... line 60
}
$user = $this->container->get(EntityManagerInterface::class)->getRepository(User::class)->findOneBy(['email' => $credentials['email']]);
// ... lines 64 - 70
}
public function checkCredentials($credentials, UserInterface $user)
{
return $this->container->get(UserPasswordEncoderInterface::class)->isPasswordValid($user, $credentials['password']);
}
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
{
// ... lines 80 - 83
return new RedirectResponse($this->container->get(UrlGeneratorInterface::class)->generate('app_homepage'));
}
protected function getLoginUrl()
{
return $this->container->get(UrlGeneratorInterface::class)->generate('app_login');
}
// ... lines 91 - 100
}
See Code Block in Script
Code

Developer Tools

 >

Blackfire.io: Revealing Performance Secrets with Profiling

 >

Spotting Heavy Object Instantiation
96 lines | src/Security/LoginFormAuthenticator.php
// ... lines 1 - 2
namespace App\Security;
// ... lines 4 - 21
class LoginFormAuthenticator extends AbstractFormLoginAuthenticator
{
use TargetPathTrait;
private $entityManager;
private $urlGenerator;
private $csrfTokenManager;
private $passwordEncoder;
public function __construct(EntityManagerInterface $entityManager, UrlGeneratorInterface $urlGenerator, CsrfTokenManagerInterface $csrfTokenManager, UserPasswordEncoderInterface $passwordEncoder)
{
$this->entityManager = $entityManager;
$this->urlGenerator = $urlGenerator;
$this->csrfTokenManager = $csrfTokenManager;
$this->passwordEncoder = $passwordEncoder;
}
public function supports(Request $request)
{
return 'app_login' === $request->attributes->get('_route')
&& $request->isMethod('POST');
}
public function getCredentials(Request $request)
{
$credentials = [
'email' => $request->request->get('email'),
'password' => $request->request->get('password'),
'csrf_token' => $request->request->get('_csrf_token'),
];
$request->getSession()->set(
Security::LAST_USERNAME,
$credentials['email']
);
return $credentials;
}
public function getUser($credentials, UserProviderInterface $userProvider)
{
$token = new CsrfToken('authenticate', $credentials['csrf_token']);
if (!$this->csrfTokenManager->isTokenValid($token)) {
throw new InvalidCsrfTokenException();
}
$user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => $credentials['email']]);
if (!$user) {
// fail authentication with a custom error
throw new CustomUserMessageAuthenticationException('Email could not be found.');
}
return $user;
}
public function checkCredentials($credentials, UserInterface $user)
{
return $this->passwordEncoder->isPasswordValid($user, $credentials['password']);
}
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
{
if ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) {
return new RedirectResponse($targetPath);
}
return new RedirectResponse($this->urlGenerator->generate('app_homepage'));
}
protected function getLoginUrl()
{
return $this->urlGenerator->generate('app_login');
}
}
See Code Block in Script
32 33 34 35 36