A Detailed Guide on Implementing Registration and Authentication in Symfony7(Part1)
This comprehensive guide provides a step-by-step walkthrough for creating a simple registration and authentication app in Symfony 7, a powerful PHP framework. I will cover everything from project creation to final touches. Since this will likely be a lengthy tutorial, I’ll divide it into two or three parts, starting with this one.
1-Creating the projects and installing the dependencies:
To begin, let’s start a new Symfony project. I’ll initiate it from my terminal, but you can use your preferred editor.
symfony new reg_authWith this command, Symfony will create a project named “reg_auth” with minimal dependencies (ensure Symfony is added to your PATH environment variable).
Next, navigate to the project folder and install some dependencies that we’ll need (we’ll install others as needed later on).
composer require maker orm validator security twigLet’s briefly explain each dependency:
- orm: This bundle allows us to use an ORM (Symfony defaults to Doctrine).
- validator: This bundle is used for input validation.
- maker: This package (referred to as a bundle in Symfony) is used for code generation.
- security: This bundle is responsible for all security aspects of our application and will be used for the authentication process.
- Twig: Twig is the default templating engine for Symfony.
2-Creating the user entity:
And now we need to create the pivotal part of our application , the user entity.
This user entity will represent the application’s users, who will need to register and authenticate. It will also correspond to the user table in the database, thanks to our ORM, Doctrine.
In Symfony , and thanks to the maker bundle we can generate a special user entity using this command.
symfony console make:userIf you’ve created an entity in Symfony before, you may wonder: what’s the difference between using this command and the well-known:
symfony console make:entityWell , to put it in simple terms, the user is an entity like any other entity, but it’s seamlessly integrated with the security bundle, which provides an easy authentication process out of the box.
After running the command, answer the prompts in your terminal to create your user entity.
Upon inspection, there’s a decent amount of information to digest so lets dive into our user entity.
First of all it’s telling me that an entity was created in the Entity Folder , let’s check that out.
The UserInterface and PasswordAuthenticatedUserInterface are two interfaces that exist under the Security namespace, indicating they belong to the security bundle, which we downloaded as a dependency.
The UserInterface provides three methods: getRoles(), eraseCredentials(), and getUserIdentifier(). The getRoles() method retrieves the user's roles, representing the authorization part of the application. However, we won't cover that in this tutorial. The eraseCredentials() and getUserIdentifier() methods will be discussed later, but keep in mind that they perform as their names suggest.
For the PasswordAuthenticatedUserInterface , it will provide a simple getPassword method that will return the password(we answered yes when we were asked to hash the password so the password that this method will return will be a hashed password).
Regarding the PasswordAuthenticatedUserInterface, it provides a simple getPassword method that returns the hashed password (since we answered "yes" when asked to hash the password during setup).
Apart from these interfaces, it’s just a normal entity.
Few other things to mention , the make command created a repository for our entity ,moreover , it has updated the security.yaml
As we can see it added the user class to the providers , if u don’t know what a provider in symfony is , just put in mind its the one responsible for retrieving the user later on in the app, in addition to other funcionnalities as well.
U can refer to the official security bundle documentation for more insights .
https://symfony.com/doc/current/security.html
3-Creating the private page:
The first step is to utilize the Maker bundle to generate the controller and template for our private page. This private page will only be accessible to authenticated users.
You’ll be prompted to enter the controller name. After that, as shown in the image, a controller and a template will be created for that controller. The template consists of simple HTML code with some Twig functions, which won’t be covered in this tutorial. Instead, we’ll focus on the controller, located under the src/Controller folder.
Now, let’s delve into the key aspects of this controller:
<?php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Attribute\Route;
class PrivateController extends AbstractController
{
#[Route('/private', name: 'app_private')]
public function index(): Response
{
$this->denyAccessUnlessGranted("IS_AUTHENTICATED_FULLY");
return $this->render('private/index.html.twig', [
'controller_name' => 'PrivateController',
]);
}
}Firstly, it extends the AbstractController class, which serves as a base class for all controllers. This abstract class provides numerous useful methods, including the render method that we'll be using.
Before Symfony 5.2, annotations were used for declaring routes. However, starting from version 5.2, using the attribute #[Route()] became a Symfony standard. This attribute takes two arguments. In our example, the first argument '/private' represents the route, and the second parameter represents the name of the route, which we can use in Twig or other methods such as redirections of the Abstract Controller.
Most importantly, the method following the route attribute represents the action that will be executed when a request to that route is made. As you can see, it simply renders the Twig template relative to that controller, which was created with the Maker.
To secure the private page and prevent unauthorized access, we use the denyAccessUnlessGranted method from the AbstractController class with the IS_AUTHENTICATED FULLY string. This method ensures that only users who are fully authenticated are granted access. I highly recommend referring to the official documentation to gain a deeper understanding of that method.
https://symfony.com/doc/current/security.html
Now whats left is to migrate our entity to our database.
First make sure ur connection string in your .env is setted up :
Secondly , we need to make a migration with this command:
symfony console make:migration
Note that the migration name follow consists of the keyword Version in addition to the full date and time.
And finally all whats’ left is to run the migration with this command:
symfony console doctrine:migration:migrateThat’s going to be all for this small tutorial , in the 2nd part we will talk about the registration system.And thank u for the read.
U can check the full code here: