Chapters

10 Chapters | 53:52 |

01

Rock some FOSUserBundle!

12:02
02

Security Setup

5:17
03

Dynamic Roles and Canonical Fields

5:17
04

Layout and Template Customization

5:38
05

Customizing Text via Translations

2:42
06

Customizing the Forms

6:27
07

My Users don't have a Username!

2:22
08

Customize everything with Events

6:27
09

TargetPathTrait: Redirect to Previous Page

3:05
10

FOSUserBundle <3's Guard Authenticators

4:35

This course is archived!

> Symfony 3 > FOSUserBundle FTW!

10.

FOSUserBundle <3's Guard Authenticators

Autoplay

Previous Chapter

Browse Tutorials

We now understand that FOSUserBundle just gives us a nice User class and some routes & controllers for registration, reset password, edit profile and a few other things. The bundle does not provide any authentication. Open app/config/security.yml. The form_login authentication mechanism we're using is core to Symfony itself, not this bundle.

So, one of the questions we get a lot is: how can I use Guard authentication with FOSUserBundle? It turns out, it's simple! Guard authentication and FOSUserBundle solve different problems, and they work together beautifully. Teamwork makes the dream work!

But, why would you want to use Guard authentication with FOSUserBundle? Well, as easy as form_login is, it's a pain to customize. Guard is more work up front, but gives you a lot more control. You can also use Guard to add some sort of API authentication on top of form_login.

Creating the Authenticator

Let's replace form_login with a more flexible Guard authenticator. At the root of our project, you should have tutorial/ directory with a file called LoginFormAuthenticator.php. In src/AppBundle, create a new directory called Security and paste that file here.

            
Copy Code

Show All Lines

                        103 lines
            |
            src/AppBundle/Security/LoginFormAuthenticator.php
        
            <?php
        
Show Lines

                                                    // ... line 2
                            
            namespace AppBundle\Security;
        
Show Lines

                                                    // ... lines 4 - 19
                            
            class LoginFormAuthenticator extends AbstractFormLoginAuthenticator
        
            {
        
Show Lines

                                                    // ... lines 22 - 101
                            
            }

This LoginFormAuthenticator is almost an exact copy of the authenticator we created in our Symfony Security tutorial. I've just added CSRF token checking - since our HTML login form has a CSRF token in it - and made a few other minor tweaks. For example at the bottom, I updated the login route name to use the one from FOSUserBundle.

The authenticator is very straightforward: It looks for the submitted _username and _password fields from the login form. It doesn't care if you built that login form yourself, or if it comes from FOSUserBundle. Then, it queries for your User object by email only and checks to see if the password is valid. Obviously you can write your authenticator to do anything.

Registering the Authenticator

To get this to work, like all authenticators, we need to register it as a service. I'll add app.security.login_form_authenticator, set the class to LoginFormAuthenticator and use autowire: true.

            
Copy Code

Show All Lines

                        32 lines
            |
            app/config/services.yml
        
Show Lines

                                                    // ... lines 1 - 5
                            
            services:
        
Show Lines

                                                    // ... lines 7 - 28
                            
                app.security.login_form_authenticator:
        
                    class: AppBundle\Security\LoginFormAuthenticator
        
                    autowire: true

Copy that service ID. Then open app/config/security.yml. Ok, let's comment-out form_login entirely. And instead, add guard, authenticators, then paste the service ID.

            
Copy Code

Show All Lines

                        38 lines
            |
            app/config/security.yml
        
Show Lines

                                                    // ... lines 1 - 2
                            
            security:
        
Show Lines

                                                    // ... lines 4 - 12
                            
                firewalls:
        
Show Lines

                                                    // ... lines 14 - 18
                            
                    main:
        
Show Lines

                                                    // ... lines 20 - 27
                            
                        guard:
        
                            authenticators:
        
                                - app.security.login_form_authenticator
        
            #            form_login:
        
            #                csrf_token_generator: security.csrf.token_manager
        
Show Lines

                                                    // ... lines 34 - 38

That's it! FOSUserBundle doesn't care who or what is processing the login form submit.

Let's try it! Click log out, click login and login with admin@aquanote.com. Yea, this does still say "Username", but we know that our authenticator actually logs us in via email. So, we'll want to tweak that language. Use the password admin and... boom!

Congrats! You just used a Guard authenticator with FOSUserBundle. Wasn't that nice? You should feel empowered to use FOSUserBundle because you want things like a registration page or reset password system. But, you can still take control of your actual login mechanism and do whatever the heck you want.

The last part of this bundle that you'll need to customize are the emails: the reset password email and the registration confirmation email, if you want to send that one. The docs are good on this topic, and it's mostly a matter of overriding templates... which we already mastered.

All right guys, go use FOSUserBundle to quickly bootstrap your site! As long as you understand what it does... and does not give you, it's awesome. Seeya next time!

24 Comments

Sort By

elvismdev 5 years ago edited

I replaced the default login form from FOSUserBundle by a form created with the Symfony form builder. Here is the code for this new login form:

`namespace App\Form;

use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\FormBuilderInterface;
use Symfony\Component\Form\Extension\Core\Type\EmailType;
use Symfony\Component\Form\Extension\Core\Type\PasswordType;
use Eo\HoneypotBundle\Form\Type\HoneypotType;
use Symfony\Component\OptionsResolver\OptionsResolver;

class LoginFormType extends AbstractType
{

public function buildForm(FormBuilderInterface $builder, array $options)
{
	$builder
            ->add('_username', EmailType::class)
	->add('_password', PasswordType::class)
	->add('companyName', HoneypotType::class)
	;
}

public function configureOptions(OptionsResolver $resolver)
{
	$resolver->setDefaults([
		'translation_domain' => 'FOSUserBundle'
	]);
}

Since I'm already generating my form using the Symfony's form builder mechanism, and this one gives me out of the box CSRF protection. Do I still need to get and check the CSRF token in my Guard LoginFormAuthenticator with this?

`$csrfToken = $request->request->get($form->getName())['_token'];
if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken('authenticate', $csrfToken))) {

        throw new InvalidCsrfTokenException('Invalid CSRF token.');

| Reply |

Victor SFCASTS elvismdev 5 years ago

Hey Elvism,

If you use Symfony Forms for it - it will automatically check the CSRF protection on $form->isValid() call, so as long as you call isValid() method - you don't need to check for CSRF manually, just make sure that the CSRF protection is enabled for that form - you should have that hidden _token field rendered.

P.S. Symfony Forms FTW! :)

Cheers!

| Reply |

elvismdev Victor 5 years ago

Hi Victor,

Thanks for the feedback! So that means I DO NOT need to check $form->isValid() call inside my `LoginFormAuthenticator` class, my Symfony form will internally check for it as it comes built-in, and enabled by default. Is my assumption correct?

| Reply |

Victor SFCASTS elvismdev 5 years ago

Hey Elvism,

Wait, you do need to call $form->isValid() somewhere before you will extract some data from the submitted form. CSRF protection is checked on isValid() call, and you should call it, Symfony does not call this method internally by itself.

Cheers!

| Reply |

elvismdev Victor 5 years ago

Hi Victor,

Thanks for clarifying, so it's the opposite from what I was thinking.

Now this prompts me to another question. If $form->isValid() will return me only a boolean (true/false) how can I know exactly what failed in my form? If CSRF protection is what has failed, I want to get a "CSRF invalid token" message on the login form.

I'm looking for something like $form->isValidCSRF() or a way to verify the submitted token by this form which is created using the Symfony's Form builder.

Cheers,

| Reply |

Victor SFCASTS elvismdev 5 years ago

Hey Elvism,

Well, it works in a slightly different way - see form errors instead. You can find what exactly was wrong there. This might be helpful for you I think:
https://symfonycasts.com/bl...

Cheers!

| Reply |

Lavin Bassam 5 years ago

hello guys another question from me again

when i try to test on url /login i got this error message
ClassNotFoundException in LoginFormAuthenticator.php line 22:
Attempted to load trait "TargetPathTrait" from namespace "Symfony\Component\Security\Http\Util".
Did you forget a "use" statement for another namespace?

so what file i must modifying to solve this issue?

| Reply |

weaverryan SFCASTS Lavin Bassam 5 years ago edited

Hey Lavin Bassam!

Hmm. What version of Symfony are you using? I can see from your error that you ARE referring to that trait correctly (https://github.com/symfony/... so there is no reason it should be missing. Let me know!

Cheers!

| Reply |

Lavin Bassam weaverryan 5 years ago

hello im using symfony 2.8.3 and the link you give me it not currently active again

| Reply |

MolloKhan SFCASTS Lavin Bassam 5 years ago

Ohh that's because Disqus thinks that the ending parentheses is part of the URL, just remove it, or click here: https://github.com/symfony/...

| Reply |

Lavin Bassam MolloKhan 5 years ago

question again so... how i use the script? copy paste in LoginFormAuthenticator? or i make a new php file?

EDIT: found it where to save that php file and i got a new error message

FatalErrorException in LoginFormAuthenticator.php line 20:
Error: Class AppBundle\Security\LoginFormAuthenticator contains 1 abstract method and must therefore be declared abstract or implement the remaining methods (Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator::getDefaultSuccessRedirectUrl)

what line makes this error is this code line

class LoginFormAuthenticator extends AbstractFormLoginAuthenticator

| Reply |

MolloKhan SFCASTS Lavin Bassam 5 years ago edited

Oh, that comes from extending AbstractFormLoginAuthenticator class, you only have to implement such method and that should be it (But I may be wrong because you are on such an old Symfony version)

| Reply |

elvismdev 5 years ago

As of Symfony 4.2, is it still required to put autowire: true when registering the service?

| Reply |

Victor SFCASTS elvismdev 5 years ago

Hey Elvism,

No, all services should be autowired as also as private by default in Symfony 4.2

Cheers!

| Reply |

Michael H. 5 years ago

I am getting the error "You must configure the check path to be handled by the firewall using form_login in your security firewall configuration." with Symfony 4 - and after updating the LoginFormAuthenticator.php

I had login logout working via the "bin/console make:auth" but want to use the extra features from FOSUser. I can't get guard: authenticators: to work

| Reply |

MolloKhan SFCASTS Michael H. 5 years ago edited

Hey Chalice

Sorry for the delay. I'm not sure if I understand you right. Before adding FOSUserBundle your authenticator was working fine but after installing you started seeing that error?

| Reply |

Timothy J. 5 years ago

A coupe of issues Im having, using Symfony 4.First IntelliJ is unhappy with the line
- "class LoginFormAuthenticator extends AbstractFormLoginAuthenticator" with "class must be declared abstract or implement method supports" ... I now notice there is no supports method in this example, as there is in the new Symfony 4 Security tutorial. It seems like you've put the path/POST check in getCredentials.
- This in turn is highlighting the "return" in getCredentials and saying "Missing return argument".

I've updated the other parts of this LoginFormAuthenticator for Symfony 4, but not sure what to do about the above parts.

| Reply |

weaverryan SFCASTS Timothy J. 5 years ago edited

Hey Timothy J.!

Yes! You've actually done a really nice job summarizing the changes. Here are some details to help:

1) In Symfony 3, supports() didn't exist - only getCredentials()

2) In Symfony 4, getCredentials() was split into 2 methods: getCredentials() and supports(). Supports() controls whether or not your authenticator should be used on this request.

Basically, you'll move the beginning of getCredentials() into supports, but return true/or false


public function supports(Request $request)
{
       $isLoginSubmit = $request->getPathInfo() == '/login_check' && $request->isMethod('POST');
        if (!$isLoginSubmit) {
            // skip authentication
            return false;
        }

    return true;
}

Then, the first lines you'll need in getCredentials() will be the $username = lines.

Let me know if that helps! I hope it keeps you moving ;). Btw, you should also check out the new "php bin/console make:auth" command - as of about 1 hour ago, it can generate you a full login form system (without even needing FOSUserBundle).

Have fun! Cheers!

| Reply |

DennisdeBest 5 years ago

Hey, I'm trying to implement FOSUserBundle with guard on Symfony 4.1.

As steevenDS pointed out there are 2 errors with the constructor type hints : EntityManager and PasswordEncoder that need to be set to their Interface counterparts.

A new function needs to be implemented as well, the supports function, we remove the isLoginSubmit logic from getCredentials and put it inside this new function :

/**
* Does the authenticator support the given Request?
*
* If this returns false, the authenticator will be skipped.
*
* @param Request $request
*
* @return bool
*/
public function supports(Request $request)
{
if($request->attributes->get('_route') !== 'fos_user_security_login'){
return false;
}
}

Once all that is done, the old configuration commented out and replaced by :

guard:
authenticators:
- App\Security\LoginFormAuthenticator:

Whenever I go to login I get the following error :

"You must configure the check path to be handled by the firewall using form_login in your security firewall configuration."

I have the security-bundle installed and tried going through the steps provided in the official documentation :
https://symfony.com/doc/cur...

There must be something really obvious I'm not seeing.

Any advice would be very much appreciated.

| Reply |

MolloKhan SFCASTS DennisdeBest 5 years ago edited

Hey DennisdeBest

Hmm, that's strange... let's double check a couple of things first

The security config should live in

// security.yaml
security:

firewalls:
     guard:
         authenticators:
             - Your/Authenticator


-  The "Authenticator" service should implement `AbstractFormLoginAuthenticator` interface
- You must create a "login/logout" route

| Reply |

Steven 5 years ago

Hi, thanks for this awesome tutorial, i'm working with symfony 3.4, FOSUserBundle and guard it's not working, i don't know why, i have tried to found solutions but nothing...

In security.yml, i have

main:
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager

if i replace this with

guard:
authenticators:
- app.security.login_form_authenticator

i got this error:

Cannot autowire service "app.security.login_form_authenticator": argument "$em" of method "AppBundle\Security\LoginFormAuthenticator::__construct()" references class "Doctrine\ORM\EntityManager" but no such service exists. Try changing the type-hint to one of its parents: interface "Doctrine\ORM\EntityManagerInterface", or interface "Doctrine\Common\Persistence\ObjectManager".

Thanks and sorry for my bad english.

| Reply |

Victor SFCASTS Steven 5 years ago

Hey Steeven,

Hm, try to typehint your $em argument with "Doctrine\ORM\EntityManagerInterface" interface as suggested in error message, do you still have the same problem? Not sure 100% but probably Doctrine\ORM\EntityManager alias was removed that caused some BC breaks.

Cheers!

| Reply |

Steven Victor 5 years ago

I've just replace in constructor the typehint for $em with EntityManagerInterface and $passwordEncoder with UserPasswordEncoderInterface. Thanks, don't have errors now, but i don't know if it's working ! ;o)

1 | Reply |

Victor SFCASTS Steven 5 years ago

Hey Steeven,

Haha, well, if you don't see an error - it should work, but would be cool to have a functional test on it to be sure ;) Let us know if it does not work.

Cheers!

| Reply |

Symfony 3 FOSUserBundle 2

What PHP libraries does this tutorial use?

// composer.json
{
    "require": {
        "php": ">=5.5.9",
        "symfony/symfony": "3.3.*", // v3.3.18
        "doctrine/orm": "^2.5", // v2.7.0
        "doctrine/doctrine-bundle": "^1.6", // 1.10.3
        "doctrine/doctrine-cache-bundle": "^1.2", // 1.3.5
        "symfony/swiftmailer-bundle": "^2.3", // v2.5.4
        "symfony/monolog-bundle": "^2.8", // v2.12.1
        "symfony/polyfill-apcu": "^1.0", // v1.3.0
        "sensio/distribution-bundle": "^5.0", // v5.0.18
        "sensio/framework-extra-bundle": "^3.0.2", // v3.0.25
        "incenteev/composer-parameter-handler": "^2.0", // v2.1.2
        "knplabs/knp-markdown-bundle": "^1.4", // 1.5.1
        "doctrine/doctrine-migrations-bundle": "^1.1", // v1.3.2
        "composer/package-versions-deprecated": "^1.11", // 1.11.99
        "friendsofsymfony/user-bundle": "^2.0" // v2.0.0
    },
    "require-dev": {
        "sensio/generator-bundle": "^3.0", // v3.1.4
        "symfony/phpunit-bridge": "^3.0", // v3.2.7
        "nelmio/alice": "^2.1", // v2.3.1
        "doctrine/doctrine-fixtures-bundle": "^2.3", // v2.4.1
        "symfony/web-server-bundle": "^3.3"
    }
}

Previous Chapter

Browse Tutorials

FOSUserBundle <3's Guard Authenticators

Share this awesome video!

Creating the Authenticator

Registering the Authenticator

24 Comments

Delete comment?

What PHP libraries does this tutorial use?

	<?php
Show Lines	// ... line 2
	namespace AppBundle\Security;
Show Lines	// ... lines 4 - 19
	class LoginFormAuthenticator extends AbstractFormLoginAuthenticator
	{
Show Lines	// ... lines 22 - 101
	}

Show Lines	// ... lines 1 - 5
	services:
Show Lines	// ... lines 7 - 28
	app.security.login_form_authenticator:
	class: AppBundle\Security\LoginFormAuthenticator
	autowire: true

Show Lines	// ... lines 1 - 2
	security:
Show Lines	// ... lines 4 - 12
	firewalls:
Show Lines	// ... lines 14 - 18
	main:
Show Lines	// ... lines 20 - 27
	guard:
	authenticators:
	- app.security.login_form_authenticator

	# form_login:
	# csrf_token_generator: security.csrf.token_manager
Show Lines	// ... lines 34 - 38