Oh no, it's time to add security! Ahhh!
Wait, come back! Security in Symfony is awesome! Seriously, between things called "voters" and the Guard authentication system, you can do anything you want inside of Symfony, and the code to do it is simple and expressive.
Security has two sides: authentication (who are you?) and authorization (do you have access to do X). We'll talk about each of these, creating an traditional form login system and and API token authentication. Then, we'll turn to authorization, with roles, voters and other good stuff:
Making a User with the fancy new make:user command (ooOOOoo)
Security & Firewall Fundamentals
Creating a custom login form
CSRF protection
API token authentication system
All about Guard authentication
User Providers (why you need them, but don't care)
Password Encryption
Logging out!
Protecting entire URLs with access_control(s)
IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED
Checking access with roles! ROLE_USER
Denying access in a controller
What are voters?
Role hierarchies
Impersonation (switch_user)
Automatic Login (after Registration)
... and how to create a back door into your... spaceship... that will allow it to be destroyed with one careful shot. Just kidding! Let's make some secure sites / spaceships!
Overview
Syllabus
- 01. Security & the User Class
- 02. All about the User class
- 03. Customizing the User Entity
- 04. The Login Form
- 05. Firewalls & Authenticator
- 06. Login Form Authenticator
- 07. Redirecting on Success & the User Provider
- 08. Authentication Errors
- 09. Customizing Errors & Logout
- 10. CSRF Protection
- 11. Adding Remember Me
- 12. Adding & Checking the User's Password
- 13. access_control Authorization & Roles
- 14. Target Path: Redirecting an Anonymous User
- 15. Deny Access in the Controller
- 16. Dynamic Roles
- 17. IS_AUTHENTICATED_ & Protecting All URLs
- 18. Fetch the User Object
- 19. Custom User Method
- 20. Fetching the User In a Service
- 21. Role Hierarchy
- 22. Impersonation (switch_user)
- 23. Serializer & API Endpoint
- 24. API Auth: Do you Need it? And its Parts
- 25. ApiToken Entity
- 26. Entry Point: Helping Users Authenticate
- 27. API Token Authenticator
- 28. API Token Authenticator Part 2!
- 29. Manual Authentication / Registration
- 30. Author ManyToOne Relation to User
- 31. Article Admin & Low-Level Access Controls
- 32. Voters
- 33. Adding a Custom Voter
Taught by
Ryan Weaver