Basic Authentication and Registration Steps with Symfony Security Bundle (Symfony 5)

We can separate our users in projects with roles such as customers and managers and restrict them from entering various pages. For this purpose, the most used bundle in Symfony projects for years has been the UserBundle developed by FriendsOfSymfony. Although using FOS User Bundle saves us time, it is a fact that it brings unnecessary loads and efforts at some points. It is worth looking at the blog post written by Damien Alexandre in this regard: https://jolicode.com/blog/do-not-use-fosuserbundle

In this article, we will look at how we can create our security layer with Symfony’s maker bundle. We will create our security layer very quickly without struggling with an extra bundle and its config files.

First of all, I will proceed by assuming that we are using the Symfony 5 website skeleton bundle. You can pull the most current version as follows.

composer create-project symfony/website-skeleton symfony5-workouts

When we pull this version, maker-bundle will come also. If you are developing on Symfony Flex, you should integrate symfony/maker-bundle into your project. For this:

composer require symfony/maker-bundle

Firstly, we create a user entity using a maker bundle.

php bin/console make:user

After running this command, the User entity and repository will automatically created. And there will be some additions to the security.yaml file, app_user_provider will be added here automatically.

Then we can create migration to add user table in the database with the migration diff command. (Assuming there is a database connection already done in your project)

php bin/console doctrine:migrations:diff
php bin/console doctrine:migrations:migrate

Then we will get a database image like this:

These columns auto-generated by the maker-bundle, we can expand them as we desire. Don’t forget migrate diffs after adding the new columns to the User entity!

Next job is creating our auth guard with the maker bundle. For this :

php bin/console make:auth

After running this command, there will be some questions on the screen that appears. It is very important that we name Authenticator here.

After completing these processes, security.yaml will be as follows:

We can write down a migration to add our first user. The most important issue here is to encode the password. For this one we can user security bundle’s encode-password command:

bin/console security:encode-password

After running this command, we will enter our password and it returns the encoded password to us.

We can take and use the password produced here and add to our migration.

After all this, we have created a user now.

I will continue assuming that EasyAdmin is installed in your project. We will make a change to the security.yaml file to restrict access to the admin panel.

access_control:
    - { path: ^/admin, roles: ROLE_ADMIN }
    # - { path: ^/profile, roles: ROLE_USER }

Under the access_control breakdown, we say: You have to be admin (ROLE_ADMIN) to access all of our endpoints starting with “/admin” prefix. From now on, when we go to the / admin endpoint in our project, it automatically assigns us to the login page.

This template automatically created by the template maker. To change this, you need to make changes in this “templates/security/login.html.twig” file.

Here we will be able to access the step after entering our information.

And yes, we provided access to admin after entering our login information properly!

Apart from that, creating a registration form with the maker bundle is very simple.

php bin/console make:registration-form

After running this command, on the screen that comes up, we are asked how we should do the unique user control and after the registration process, whether to trigger login directly.

After completing these processes, when we come to the / register endpoint, this form will meet us:

If you want to update this form and create a more pleasant look, it will be sufficient to update the “templates/registration/register.html.twig file.

After filling out the registration form, we will get an error on the screen. The reason for this is that Symfony asks us to indicate where to go after registration:

Here, we will pass this error by redirect to any route in our project and we will not have any problems again.

Some Notes:

• If you want to set a specific role during user registration you need write some codes in your RegistrationController:

• If you want to change your login endpoint you take a look this one:

• If you want to change your register endpoint you take a look this one:

Finally we have made basic user login registrations with symfony security bundle.

You can visit https://symfony.com/doc/current/security.html to explore the Security Bundle much deeper.