1000 search results

Comment

Learn Symfony 4

 >

Symfony Security: Beautiful Authentication, Powerful Authorization

 >

Customizing Errors & Logout
I tried the security.yaml configuration for logout (via a front-end Axios call) and I can see it does the 302 redirect - but the cookie remains (which isn't good). If I try to build my own symfony controller with this: ``` // clear the token…
Cameron
Cameron
Read Full Comment
Comment

Learn Symfony 5

 >

Charming Development in Symfony 5

 >

The Lovely bin/console Tool
php bin/console security:check The web service failed for an unknown reason (HTTP 403). T_T how to fix it?
Rizky A.
Rizky A.
Read Full Comment
Code

Learn Symfony 5

 >

API Platform 2 Part 3: Custom Resources

 >

Setting a Custom Field Via a Listener
41 lines | src/EventSubscriber/SetIsMeOnCurrentUserSubscriber.php
// ... lines 1 - 7
use Symfony\Component\Security\Core\Security;
class SetIsMeOnCurrentUserSubscriber implements EventSubscriberInterface
{
private $security;
public function __construct(Security $security)
{
$this->security = $security;
}
// ... lines 18 - 39
}
See Code Block in Script
Code

Learn Symfony 5

 >

API Platform 2 Part 3: Custom Resources

 >

Custom Item Data Provider
65 lines | src/DataPersister/UserDataPersister.php
// ... lines 1 - 9
use Symfony\Component\Security\Core\Security;
class UserDataPersister implements ContextAwareDataPersisterInterface
{
// ... lines 14 - 16
private $security;
public function __construct(DataPersisterInterface $decoratedDataPersister, UserPasswordEncoderInterface $userPasswordEncoder, LoggerInterface $logger, Security $security)
{
// ... lines 21 - 23
$this->security = $security;
}
// ... lines 26 - 63
}
See Code Block in Script
Code

Learn Symfony 5

 >

API Platform 2 Part 3: Custom Resources

 >

Adding & Populating the Custom Field
40 lines | src/DataProvider/UserDataProvider.php
// ... lines 1 - 8
use Symfony\Component\Security\Core\Security;
class UserDataProvider implements ContextAwareCollectionDataProviderInterface, RestrictedDataProviderInterface
{
// ... line 13
private $security;
public function __construct(CollectionDataProviderInterface $collectionDataProvider, Security $security)
{
// ... line 18
$this->security = $security;
}
// ... lines 21 - 38
}
See Code Block in Script
Comment

Learn Symfony 5

 >

Symfony 5 Fundamentals: Services, Config & Environments

 >

Environment Variables
…All I needed to do was `composer update` to update the Symfony components before I installed Sentry. I didn't get quite the same error as you (though it does say `Script security-checker security:check returned with error code 1`) but it's similar…
gothick
gothick
Read Full Comment
Code

Learn Symfony 5

 >

API Platform 2 Part 2: Security

 >

Security Logic in the Validator
66 lines | src/Validator/ValidIsPublishedValidator.php
// ... lines 1 - 6
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
// ... lines 8 - 11
class ValidIsPublishedValidator extends ConstraintValidator
{
// ... lines 14 - 22
public function validate($value, Constraint $constraint)
{
// ... lines 25 - 54
// we are UNpublishing
if (!$this->security->isGranted('ROLE_ADMIN')) {
// you can return a 403
throw new AccessDeniedException('Only admin users can unpublish');
// or a normal validation error
$this->context->buildViolation('Only admin users can unpublish')
->addViolation();
}
}
}
See Code Block in Script
Code

Learn Symfony 5

 >

API Platform 2 Part 3: Custom Resources

 >

Validating Who/When Can Publish
217 lines | src/Entity/CheeseListing.php
// ... lines 1 - 17
/**
* @ApiResource(
// ... lines 20 - 21
* itemOperations={
// ... lines 23 - 25
* "put"={
* "security"="is_granted('EDIT', object)",
* "security_message"="Only the creator can edit a cheese listing"
* },
// ... line 30
* },
// ... lines 32 - 43
* )
// ... lines 45 - 55
*/
class CheeseListing
{
// ... lines 59 - 215
}
See Code Block in Script
Comment

Learn Symfony 5

 >

Charming Development in Symfony 5

 >

Profiler: Your Debugging Best Friend
I got error from security checker when installing profiler. ` ➜ composer require profiler --dev 14s Using version ^1.0 for symfony/profiler-pack ./composer.json has been updated Loading composer repositories with package information Updating dependencies (including require-dev) Restricting packages listed in "symfony/symfony…
Sung L.
Sung L.
Read Full Comment
Code

Learn Symfony 5

 >

Upgrading & What's New in Symfony 5!

 >

Migrate Password Hashing
94 lines | src/Repository/UserRepository.php
// ... lines 1 - 7
use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
// ... lines 9 - 16
class UserRepository extends ServiceEntityRepository implements PasswordUpgraderInterface
{
// ... lines 19 - 92
}
See Code Block in Script
Code

Learn Symfony 5

 >

Upgrading & What's New in Symfony 5!

 >

Migrate Password Hashing
94 lines | src/Repository/UserRepository.php
// ... lines 1 - 8
use Symfony\Component\Security\Core\User\UserInterface;
// ... lines 10 - 16
class UserRepository extends ServiceEntityRepository implements PasswordUpgraderInterface
{
// ... lines 19 - 59
public function upgradePassword(UserInterface $user, string $newEncodedPassword): void
{
}
// ... lines 64 - 92
}
See Code Block in Script
Code

Learn Symfony 5

 >

Charming Development in Symfony 5

 >

Flex, Recipes & Aliases
69 lines | composer.json
{
// ... lines 2 - 3
"require": {
// ... lines 5 - 8
"sensiolabs/security-checker": "^6.0",
// ... lines 10 - 14
},
// ... lines 16 - 45
"scripts": {
"auto-scripts": {
// ... lines 48 - 49
"security-checker security:check": "script"
},
// ... lines 52 - 57
},
// ... lines 59 - 67
}
See Code Block in Script
Code

Learn Symfony 4

 >

Symfony Security: Beautiful Authentication, Powerful Authorization

 >

Manual Authentication / Registration
44 lines | src/Controller/SecurityController.php
// ... lines 1 - 8
class SecurityController extends AbstractController
{
// ... lines 11 - 35
/**
* @Route("/register", name="app_register")
*/
public function register()
{
return $this->render('security/register.html.twig');
}
}
See Code Block in Script
Code

Learn Symfony 4

 >

Symfony Security: Beautiful Authentication, Powerful Authorization

 >

Manual Authentication / Registration
60 lines | src/DataFixtures/UserFixture.php
// ... lines 1 - 7
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
class UserFixture extends BaseFixture
{
private $passwordEncoder;
public function __construct(UserPasswordEncoderInterface $passwordEncoder)
{
$this->passwordEncoder = $passwordEncoder;
}
protected function loadData(ObjectManager $manager)
{
$this->createMany(10, 'main_users', function($i) use ($manager) {
// ... lines 22 - 29
$user->setPassword($this->passwordEncoder->encodePassword(
$user,
'engage'
));
// ... lines 34 - 40
});
$this->createMany(3, 'admin_users', function($i) {
// ... lines 44 - 48
$user->setPassword($this->passwordEncoder->encodePassword(
$user,
'engage'
));
// ... lines 53 - 54
});
// ... lines 56 - 57
}
}
See Code Block in Script
Code

Learn Symfony 4

 >

Symfony Security: Beautiful Authentication, Powerful Authorization

 >

Manual Authentication / Registration
58 lines | src/Controller/SecurityController.php
// ... lines 1 - 8
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
// ... lines 10 - 11
class SecurityController extends AbstractController
{
// ... lines 14 - 41
public function register(Request $request, UserPasswordEncoderInterface $passwordEncoder)
{
// ... lines 44 - 55
}
}
See Code Block in Script
Code

Learn Symfony 4

 >

Symfony Security: Beautiful Authentication, Powerful Authorization

 >

Manual Authentication / Registration
71 lines | src/Controller/SecurityController.php
// ... lines 1 - 5
use App\Security\LoginFormAuthenticator;
// ... lines 7 - 10
use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;
// ... lines 12 - 13
class SecurityController extends AbstractController
{
// ... lines 16 - 43
public function register(Request $request, UserPasswordEncoderInterface $passwordEncoder, GuardAuthenticatorHandler $guardHandler, LoginFormAuthenticator $formAuthenticator)
{
// ... lines 46 - 68
}
}
See Code Block in Script
Code

Learn Symfony 5

 >

API Platform 2 Part 2: Security

 >

Auto-set the Owner: Entity Listener
28 lines | src/Doctrine/CheeseListingSetOwnerListener.php
// ... lines 1 - 5
use Symfony\Component\Security\Core\Security;
// ... line 7
class CheeseListingSetOwnerListener
{
private $security;
// ... line 11
public function __construct(Security $security)
{
$this->security = $security;
}
// ... lines 16 - 26
}
See Code Block in Script
Code

Learn Symfony 5

 >

API Platform 2 Part 2: Security

 >

Automatic 404 on Unpublished Items
34 lines | src/ApiPlatform/CheeseListingIsPublishedExtension.php
// ... lines 1 - 8
use Symfony\Component\Security\Core\Security;
// ... line 10
class CheeseListingIsPublishedExtension implements QueryCollectionExtensionInterface
{
private $security;
public function __construct(Security $security)
{
$this->security = $security;
}
// ... lines 19 - 33
}
See Code Block in Script
Code

Learn Symfony 5

 >

API Platform 2 Part 2: Security

 >

Data Persister: Encoding the Plain Password
48 lines | src/DataPersister/UserDataPersister.php
// ... lines 1 - 7
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
// ... line 9
class UserDataPersister implements DataPersisterInterface
{
// ... line 12
private $userPasswordEncoder;
// ... line 14
public function __construct(EntityManagerInterface $entityManager, UserPasswordEncoderInterface $userPasswordEncoder)
{
// ... line 17
$this->userPasswordEncoder = $userPasswordEncoder;
}
// ... lines 20 - 46
}
See Code Block in Script
Comment

Learn Symfony 4

 >

Symfony Security: Beautiful Authentication, Powerful Authorization

 >

Login Form Authenticator
Does it has any security benefits to use SF form over our standard html form, which would make the more work worth? (e.g. better protection against xss or mysql injection?)
Mike-Profile
Mike-Profile
Read Full Comment
46 47 48 49 50