Symfony's security system has always been flexible. But over the past few years, it's also become increasingly easy to tap into that power: by creating Guard authenticators and voters for complex authorization rules.

But, we can do more. For example, Symfony security users are so flexible, they can be confusing to set up. And creating a Guard authenticator, while clear and powerful, requires some work. Can we have both flexibility and rapid development? I think so - thanks to two new commands added to MakerBundle.

make:user¶

Contributed by
Ryan Weaver
in #250.

Ready to start your security system? First you need a user. But, does your entity need to be saved to the database? And is your app responsible for checking passwords? MakerBundle 1.7 will guide you through these decisions and generate exactly what you need:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

$ php bin/console make:user The name of the security user class (e.g. User) [User]: > User Do you want to store user data in the database (via Doctrine)? (yes/no) [yes]: > yes Enter a property name that will be the unique "display" name for the user (e.g. email, username, uuid) [email]: > email Will this app need to hash/check user passwords? Choose No if passwords are not needed or will be checked/hashed by some other system (e.g. a single sign-on server). Does this app need to hash/check user passwords? (yes/no) [yes]: > yes created: src/Entity/User.php created: src/Repository/UserRepository.php updated: src/Entity/User.php updated: config/packages/security.yaml

That's it! Depending on your answers, the command will create a User class/entity and update your security.yaml file to configure a secure password encoder (if needed) and a user provider. The generated code has clear comments so you can continue updating everything for your needs.

make:auth¶

Contributed by
Nicolas Philippe
in #266.

Now that you have a User class, it's time to let your users log in. Want a complete form login system in one command? In MakerBundle 1.8, it's no problem. The new make:auth command can create an entire form authentication system, or an empty authenticator, based on your answers:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

$ php bin/console make:auth What style of authentication do you want? [Empty authenticator]: [0] Empty authenticator [1] Login form authenticator > 1 The class name of the authenticator to create (e.g. AppCustomAuthenticator): > LoginFormAuthenticator Choose a name for the controller class (e.g. SecurityController) [SecurityController]: created: src/Security/LoginFormAuthenticator.php updated: config/packages/security.yaml created: src/Controller/SecurityController.php created: templates/security/login.html.twig

This creates the login route, controller and template as well as a Guard authenticator that handles the login submit, includes CSRF protection and redirects intelligently on success and error. Your authenticator class will have a few minor TODOs inside (usually just 1) that you'll need to finish. But, you won't need to modify any config files.

The result? A fully functional login system in minutes that you have full control over. Customize the template to match your look and update the code in your authenticator to add anything special you need during the login process.

You can also generate a "empty" authenticator to use for whatever other authentication you need. Want support to generate other kinds of authenticators? Just open a pull request!

Happy security!

17 Oct 2018 1:24pm GMT

The international Symfony conference is coming in less than 2 months, on December 6th and 7th in the fantastic Lisbon, Portugal. Pre-conference workshops at SymfonyCon Lisbon are organized on December 4th and 5th and all of them are almost sold out! If you want to get trained before the conference, you might secure your workshop ticket before there are all gone!

We're very pleased to announce that we have added a new workshop to the list:

Discover the Sylius plugin development with Symfony 4.1, one-day workshop. You will be trained by Sylius Core Team Members Mateusz Zalewski & Łukasz Chruściel. Learn all about how to implement a reusable plugin for your Sylius-based e-commerce application that will be crafted to your needs. We will use the most recent Symfony version, fulfilling its conventions and recommended practices. Using BDD methodology, we will not forget about tests that will describe your custom business logic and ensure us that we write clean and shiny code. During the workshop, we will be aiming to make plugin usable with Symfony Flex to make installation and configuration more developer-friendly.

You can combo this one-day workshop with the others one-day workshops already online but there are only a few seats left for the following workshops. Registration for these workshops is not available on both pre-conference workshop days as the workshops might already be sold out on selected dates:

• Writing Modern JavaScript with Symfony & Webpack Encore by Ryan Weaver - Symfony Core Team member & docs leader (one-day workshop). In this workshop, we'll use the Webpack Encore library from Symfony to quickly bootstrap a sophisticated asset setup, complete with minification, SASS processing, automatic versioning, Babel support and everything you need to start writing great JavaScript quickly. We'll also learn about using JavaScript modules, how to bootstrap a framework (like React) and other important modern practices. Give your assets a huge boost with Webpack Encore!

• Symfony 4 Best practices by Nicolas Grekas - Symfony Core Team member (one-day workshop). During this workshop, you will discover the new practices recommended by the Symfony Core Team. You will learn how to install third-party packages with Symfony Flex, configure your application with environment variables or exploit the new features of the dependency injection container. And much more! We'll build a demo app together so that you'll learn all the basic (and less basic) features that modern Symfony apps allow to build efficiently.

• Symfony Messenger by Samuel Rozé - Symfony Core Team member and creator of the component (one-day workshop). The Messenger component just landed in Symfony 4.1. In this workshop, you will learn about: 1. Creating and handling messages as a strategy to decouple your application; 2. Configure the message routing and asynchronously handle your messages; 3. Discovering the bus middleware and creating your owns to add your custom logic; 4. An overview of using Messenger in the CQRS context (command and query buses); 5. Specifics of the AMQP and Enqueue adapters for your asynchronous processing; 6. How to customise and write your own adapters.

• Building API-driven apps with API Platform by Kévin Dunglas - Symfony Core Team member (one-day workshop). After an overview of modern API patterns and formats (REST, Swagger, hypermedia, HATEOAS, JSON-LD, Hydra, Schema.org, GraphQL...), we'll learn how to use and extend the most popular features of the API Platform API component: Swagger documentation, pagination, validation, sorting, filtering, authentication, authorization, content negotiation, data model generation using the Schema.org vocabulary. Finally, we'll discover how easy it is to use the client-side (JavaScript) toolkit.

• Mastering OOP & Design Patterns by Hugo Hamon - lead dev at Dayuse.com, ex head of training at SensioLabs (two-day workshop). Object Oriented Design aka OOD is hard and not limited to designing just classes and interfaces. This workshop will help you better understand all the concepts and techniques to write cleaner, more robust and more testable object oriented code. You'll learn how to make your code respect the SOLID principles. You'll also discover the techniques to reduce the complexity of your code as well as making your classes thinner and more focused. You'll also learn how to recognize and leverage the power of design patterns (factory, adapter, composite, decorator, mediator, strategy, etc.) in order to make your code flexible, extensible, unit testable and less fragile.

  Check out the entire workshop schedule and get your combo workshop and conference ticket now! See you soon at the conference in Lisbon!

16 Oct 2018 8:10am GMT

This week development activity increased in preparation for the upcoming release of Symfony 4.2. We simplified form extensions to no longer require any configuration, improved the Finder component to allow reversing the previous sorting and added new features to the profiler to display logs context and allow to filter logs by level.

Symfony development highlights

This week, 80 pull requests were merged (57 in code and 23 in docs) and 89 issues were closed (68 in code and 21 in docs). Excluding merges, 45 authors made 5,430 additions and 4,171 deletions. See details for code and docs.

2.8 changelog:

• 270f496: [Form] fixed multi-digit seconds fraction handling
• 9fdc64b: [Process] fixed locking of pipe files on Windows
• bad4867: [Console] fixed multiselect choice question defaults in non-interactive mode

3.4 changelog:

• 2f0e5d7: [Security] do not deauthenticate user when the first refreshed user has changed
• f9aac64: [FrameworkBundle] added missing cache prefix seed attribute to XSD
• 60f6e91: [SecurityBundle] do not override custom access decision configs
• f89ef42: [FrameworkBundle] setting missing default paths under BC layer

Master changelog:

• d482f0a: [WebProfilerBundle] extracted server parameters into their own tab
• c10d2c0: [WebServerBundle] added ability to display the current hostname address when binding to 0.0.0.0
• 52b7239: [Form] simplified the form type extension registration
• 51f39b9: [Cache] added CacheInterface::delete() + improve CacheTrait
• 003499d: [OptionsResolver] passed Options argument to deprecation closure
• dce8f08: [Asset] added different protocols to be allowed as asset base_url
• 331a24e: [Security] added port in access_control
• bc816da, d13141f: [Finder] added a way to inverse a previous sorting
• ea0b807: [VarDumper] allowed to use a light theme out of the box
• d3fac86: [OptionsResolver] added support for nesting options definition
• 631d718: [Form] allowed additional http methods in form configuration
• 722c816: [Validator] provided file basename for FileValidator constraint messages
• 61d336b: [WebProfilerBundle] displayed the log context in the debug pages
• 6de1577: [WebProfilerBundle] filter logs by level
• 620094a: [Cache] added support for connecting to Redis clusters via DSN
• 4a4fda5: [Process] addde "wait until callback" to process class
• 9bec1fc: [Validator] deprecated checkMX and checkHost on Email validator

Newest issues and pull requests

• [RFC] Refactor caching of Translator component
• [RFC] Change form TimezoneType to Intl sources
• Adding possibility to add custom MimeTypeGuesser in configuration
• Improve the deprecation logs in the profiler
• [RFC] redesign the way flash messages work
• [HttpFoundation] create Request from string
• [Lock] Move enforcement of Key expiry to Lock

They talked about us

• Diving into Symfony's DependencyInjection - Part 1: First steps with the container
• Diving into Symfony's DependencyInjection - Part 2: Symbiosis with the Config component
• Diving into Symfony's DependencyInjection - Part 3: Advanced uses
• Sylius Week in Lille: summary
• SymfonyLive London 2018: summary
• Gitlab-CI using Panther and Symfony 4
• Introducing and installing API Platform on your machine
• Symfony. JMS Serializer y Sonata Media

Upcoming Symfony Events

• SymfonyDay 2018: Verona, Italy (October 19, 2018)
• 13th Symfony Bucharest Meetup: Bucharest, Romania (October 25, 2018)
• Symfony Meetup Frankfurt / Nov. 2018: Frankfurt am Main, Germany (November 6, 2018)
• PHP Symfony User Group Basel: Basel, Switzerland (November 8, 2018)
• Treffen der Symfony User Group Hamburg: Hamburg, Germany (December 4, 2018)

Call to Action

• Follow Symfony on Twitter and retweet this article.
• Follow Symfony on Medium and clap for this article.
• Subscribe to the Symfony blog RSS and never miss a Symfony story again.

14 Oct 2018 8:09am GMT