SymfonyCasts stands united with the people of Ukraine
If you liked what you've learned so far, dive in!
Subscribe to get access to this tutorial plus
video, code and script downloads.
With a Subscription, click any sentence in the script to jump to that part of the video!
Login SubscribeHead back over to /register. We built this in our security tutorial. It does work... but we kind of cheated. Back in your editor, open src/Controller/SecurityController.php and find the register() method. Yep, it's pretty obvious: we did not use the form component. Instead, we manually read and handled the POST data. The template - templates/security/register.html.twig - is just a hardcoded HTML form.
Ok, first: even if you use and love the Form component, you do not need to use it in every single situation. If you have a simple form and want to skip it, sure! You can totally do that. But... our registration form is missing one key thing that all forms should have: CSRF protection. When you use the Form component. you get CSRF protection for free! And, usually, that's enough of a reason for me to use it. But, you can add CSRF protection without the form system: check out our login from for an example.
Let's refactor our code to use the form system. Remember step 1? Create a form class... like we did with ArticleFormType. That's pretty easy. But to be even lazier, we can generate it! Find your terminal and run:
php bin/console make:form
Call the class, UserRegistrationFormType. This will ask if you want this form to be bound to a class. That's usually what we want, but it's optional. Bind our form to the User class.
Nice! It created one new file. Find that and open it up!
| ... lines 1 - 9 | |
| class UserRegistrationFormType extends AbstractType | |
| { | |
| public function buildForm(FormBuilderInterface $builder, array $options) | |
| { | |
| $builder | |
| ->add('email') | |
| ->add('roles') | |
| ->add('firstName') | |
| ->add('password') | |
| ->add('twitterUsername') | |
| ; | |
| } | |
| public function configureOptions(OptionsResolver $resolver) | |
| { | |
| $resolver->setDefaults([ | |
| 'data_class' => User::class, | |
| ]); | |
| } | |
| } |
Cool. It set the data_class to User and even looked at the properties on that class and pre-filled the fields! Let's see: we don't want roles or twitterUsername for registration. And, firstName is something that I won't include either - the current form has just these two fields: email and password.
| ... lines 1 - 11 | |
| public function buildForm(FormBuilderInterface $builder, array $options) | |
| { | |
| $builder | |
| ->add('email') | |
| ->add('password') | |
| ; | |
| } | |
| ... lines 19 - 27 |
Ok: step 2: go the controller and create the form! And, yes! I get to remove a "TODO" in my code - that never happens! Use the normal $form = this->createForm() and pass this UserRegistrationFormType::class. But don't pass a second argument: we want the form to create a new User object.
Then, add $form->handleRequest($request) and, for the if, use $form->isSubmitted() && $form->isValid().
| ... lines 1 - 14 | |
| class SecurityController extends AbstractController | |
| { | |
| ... lines 17 - 44 | |
| public function register(Request $request, UserPasswordEncoderInterface $passwordEncoder, GuardAuthenticatorHandler $guardHandler, LoginFormAuthenticator $formAuthenticator) | |
| { | |
| $form = $this->createForm(UserRegistrationFormType::class); | |
| $form->handleRequest($request); | |
| if ($form->isSubmitted() && $form->isValid()) { | |
| ... lines 51 - 72 | |
| } | |
| } |
Beautiful, boring, normal, code. And now that we're using the form system, instead of creating the User object like chumps, say $user = $form->getData(). I'll add some inline documentation so that PhpStorm knows what this variable is. Oh, and we don't need to set the email directly anymore: the form will do that! And I'll remove my firstName hack: we'll fix that in a minute.
| ... lines 1 - 44 | |
| public function register(Request $request, UserPasswordEncoderInterface $passwordEncoder, GuardAuthenticatorHandler $guardHandler, LoginFormAuthenticator $formAuthenticator) | |
| { | |
| ... lines 47 - 49 | |
| if ($form->isSubmitted() && $form->isValid()) { | |
| /** @var User $user */ | |
| $user = $form->getData(); | |
| ... lines 53 - 67 | |
| } | |
| ... lines 69 - 72 | |
| } | |
| ... lines 74 - 75 |
About the password: we do need to encode the password. But now, the plain text password will be stored on $user->getPassword(). Hmm. That is a little weird: the form system is setting the plaintext password on the password field. And then, a moment later, we're encoding that and setting it back on that same property! We're going to change this in a few minutes - but, it should work.
| ... lines 1 - 49 | |
| if ($form->isSubmitted() && $form->isValid()) { | |
| ... lines 51 - 52 | |
| $user->setPassword($passwordEncoder->encodePassword( | |
| $user, | |
| $user->getPassword() | |
| )); | |
| ... lines 57 - 67 | |
| } | |
| ... lines 69 - 75 |
Down below when we render the template, pass a new registrationForm variable set to $form->createView().
| ... lines 1 - 44 | |
| public function register(Request $request, UserPasswordEncoderInterface $passwordEncoder, GuardAuthenticatorHandler $guardHandler, LoginFormAuthenticator $formAuthenticator) | |
| { | |
| ... lines 47 - 69 | |
| return $this->render('security/register.html.twig', [ | |
| 'registrationForm' => $form->createView(), | |
| ]); | |
| } | |
| ... lines 74 - 75 |
Awesome! Let's find that template and get to work. Remove the TODO - we're killing it - then comment out all the old markup: I want to keep it for reference. Render with {{ form_start(registrationForm) }}, form_end(registrationForm) and, in the middle, render all of the fields with form_widget(registrationForm). Oh, and we need a submit button. Steal that from the old code and move it here.
| ... lines 1 - 10 | |
| {% block body %} | |
| ... lines 12 - 13 | |
| <div class="col-sm-12"> | |
| {{ form_start(registrationForm) }} | |
| {{ form_widget(registrationForm) }} | |
| <button class="btn btn-lg btn-primary btn-block" type="submit"> | |
| Register | |
| </button> | |
| {{ form_end(registrationForm) }} | |
| ... lines 22 - 40 | |
| </div> | |
| ... lines 42 - 43 | |
| {% endblock %} |
Perfect! Let's go check this thing out! Refresh! Oh... wow... it looks terrible! Our old form code was using Bootstrap... but it was pretty customized. We will need to talk about how we can get back our good look.
But, other than that... it seems to render fine! Before we test it, open your User entity class. We originally made the firstName field not nullable. That's the default value for nullable. So if you don't see nullable=true, it means that the field is required in the database.
Now, I do want to allow users to register without their firstName. No problem: set nullable=true.
| ... lines 1 - 13 | |
| class User implements UserInterface | |
| { | |
| ... lines 16 - 33 | |
| /** | |
| * @ORM\Column(type="string", length=255, nullable=true) | |
| ... line 36 | |
| */ | |
| private $firstName; | |
| ... lines 39 - 245 | |
| } |
Then, find your terminal and run:
php bin/console make:migration
Let's go check out that new file. Yep! No surprises: it just makes the column not required.
| ... lines 1 - 10 | |
| final class Version20181018165320 extends AbstractMigration | |
| { | |
| public function up(Schema $schema) : void | |
| { | |
| ... lines 15 - 17 | |
| $this->addSql('ALTER TABLE user CHANGE first_name first_name VARCHAR(255) DEFAULT NULL'); | |
| } | |
| ... lines 20 - 27 | |
| } |
Move back over and run this with:
php bin/console doctrine:migrations:migrate
Excellent! Let's try to register! Register as geordi@theenterprise.org, password, of course, engage. Hit enter and... nice! We are even logged in as Geordi!
Next: we have a problem! We're temporarily storing the plaintext password on the password field... which is a big no no! If something goes wrong, we might accidentally save the user's plaintext password to the database.
To fix that, we, for the first time, will add a field to our form that does not exist on our entity. An awesome feature called mapped will let us do that.
Hey mikesmit1992
That's a bit strange. Do you get logout only when modifying the logged in user? or does it happen when modifying any other user? What steps are you doing to modify the user?
I'm updating the logged in user. I'm rebuilding a project I made in core PHP as a try-out. From the ground up using the videos.
Controller:
/**
* @Route ("/edit-account", methods="GET|POST")
* @param Request $request
* @return Response
* @IsGranted("ROLE_USER")
*/
public function edit(Request $request): Response
{
$form = $this->createForm(UserType::class, $this->getUser());
$form->handleRequest($request);
if ($form->isSubmitted() && $form->isValid()) {
$em = $this->getDoctrine()->getManager();
$em->flush();
$this->addFlash('success', 'Changes saved');
return $this->redirectToRoute("app_security_edit");
}
return $this->render('security/edit.html.twig',
[
'sform' => $form->createView()
]);
}
FormInterface:
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder
->add(User::name, TextType::class, [
'label' => 'Full Name',
'required' => true,
'empty_data' => '',
'constraints' => [
new NotBlank([
'message' => 'Please provide your full name'
]),
new Length([
'min' => 4,
'minMessage' => 'Is this your full name?'
])
]
])
->add(User::gender, ChoiceType::class, [
'label' => 'Gender',
'choices' => User::getGenderChoiceTypeChoices(),
'constraints' => [
new NotBlank([
'message' => 'Please provide your gender'
])
]
])
->add(User::PreferredDanceRole,ChoiceType::class,[
'label' => 'Dance Role',
'choices' => User::getPreferredDanceRoleChoiceTypeChoices(),
'constraints' => [
new NotBlank([
'message' => 'Please provide your preference'
])
]
])
->add(User::birthday, BirthdayType::class, [
'label' => 'Birthday',
'required' => true,
'widget' => 'single_text',
'empty_data' => '',
'constraints' => [
new NotBlank([
'message' => 'Please provide you birthday'
])
]
])
->add(User::phone, TextType::class, [
'label' => 'Phone Number',
'required' => true,
'empty_data' => '',
'constraints' => [
new Length([
'min' => 10,
'minMessage' => 'example +31620946339'
])
]
])
->add(User::email, EmailType::class, [
'label' => 'Email',
'required' => true,
'disabled' => false,
'constraints' => [
]
])
->add(User::password, PasswordType::class, [
'label' => 'Password',
'required' => true,
'disabled' =>false,
'constraints' => [
new NotBlank([
'message' => 'please provide a password'
]),
new Length([
'min' => 8,
'minMessage' => 'the password should be at least 8 characters long'
])
]
])
->add(User::TermsAcceptedAt, CheckboxType::class, [
'mapped' => false,
'label' => 'I am totally aware the terms of baila and accept them.',
'constraints' => [
]
]);
Twig:
{% block content_body %}
<h3 class="text-center">Edit Account {{ app.user.name }}</h3>
{{ form_start(sform,{'attr': {'novalidate': 'novalidate'}}) }}
<div class="row">
<div class="col-12">
{{ form_row(sform.name) }}
</div>
<div class="col-md-6 col-sm-12">
{{ form_row(sform.gender) }}
</div>
<div class="col-md-6 col-sm-12">
{{ form_row(sform.PreferredDanceRole) }}
</div>
<div class="col-md-6 col-sm-12">
{{ form_row(sform.birthday,{'attr': {'class': 'text-center'}}) }}
</div>
<div class="col-md-6 col-sm-12">
{{ form_row(sform.phone) }}
</div>
{{ form_widget(sform._token) }}
</div>
<div class="text-center">
<button type="submit" class="btn btn-primary w-auto"><i class="fas fa-save mr-2 "></i>Save changes</button>
<a href="{{ path('app_account_index') }}" class="btn btn-secondary w-auto">Back</a>
</div>
{{ form_end(sform, {'render_rest': false}) }}
{% endblock %}
Hey mikesmit1992
Could you please answer additional questions? What Symfony version and Which security setup are you using here? Your issue looks like Security logout due to some sensitive User information changes and it detects that your new user object not the same as it was logged in.
Cheers!
@Assert Error messages do not show
im using:
{{ form_row(sform.birthday) }}
/**
* @ORM\Column(type="date",nullable=false)
* @Assert\NotBlank(message="please provide your birthday")
*/
private $Birthday;
but validations shows in the profiler but not as message in the form.
what is weird is that my own validation comes through though
the difference i find in the profiler between both validations
-propertyPath: "children[birthday].data"
-propertyPath: "data.Birthday"
can you tell me what is going on?
Hey mikesmit1992!
Interesting! I have a feeling it's the capitalization on the "Birthday" property in your class vs the "birthday" on your form. This is probably causing the validation errors on the Birthday property to "occur", but then not be rendered on the "birthday" form field (but you should see them on the top of your form, as long as you have {{ form_errors(sform) }} to render "global" errors).
Let me know if that's it - if not, we can dig deeper ;).
Cheers!
I dont have the registration files. In which tutorial did you make the security part? Can you make link it so I can continue from there? Thanks :)
Hey @Farry7
Of course, here it is: https://symfonycasts.com/sc... Also you can find all Symfony4 tutorials by the order here https://symfonycasts.com/tr...
Cheers!
When registering a user via the register form I kept being redirected to the page previously saved in the "target path", which was saved when I tried to access an admin page. I found a workaround by clearing the target path before the redirection on success of LoginFormAutheticaticator class:
`
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey): ?Response
{
if ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)){
<i>$this->saveTargetPath($request->getSession(), $providerKey, '');</i>
return new RedirectResponse($targetPath);
}
return new RedirectResponse($this->router->generate('index'));
}
`
Hey Joao P.
That's a default thing that Symfony does. When you try to access a page which you are not authorized, you will be redirected to the login form and after login in Symfony will get you back to the initial page that you tried to access
Cheers!
Hello guys! I advanced with registration in Symfony 4 and i make the registration form but i want to send a confirmation email wth a link. What can i do? I am using SwiftMailer?
Hey codercoder123123!
It's funny you ask about that - we're working on a bundle to help with this right now - https://github.com/SymfonyCasts/verify-email-bundle - unfortunately it's not ready yet!
The easiest way to accomplish this feature is this:
A) Add a isEmailConfirmed property to your User entity and default it to false
B) Add another field called emailVerificationToken to your User entity and set it to some random string - you can use this code - https://github.com/FriendsOfSymfony/FOSUserBundle/blob/cf7fe27b2f4e1f298ee6eadf537267f8c9f9b85c/Util/TokenGenerator.php - you could do that in the constructor of your User entity, or set it in the controller right after a successful registration.
C) Create a route + controller - something like /email/verify/{token}. In that method, you would look at the currently-authenticated user and, if their emailVerificationToken matches the {token} in the URL, you will call $user->setIsEmailConfirmed(true) and save.
D) Finally, after registration, use SwiftMailer (in your case) to send an email that includes a link to the route you generated in (C).
It's not overly complicated - it just takes a bit of work. Let me know if you have any questions. The bundle we're working on will not require a emailVerificationToken property on your user entity, but if you're building this by hand, I'd recommend leveraging a property like that... as it makes life simpler.
Cheers!
Hello! Sorry can we communicate i have a version for this but doesnt work yet. Thank you for everything!
Hello! Why this $url = $this->router->generate('user_activate', array('token' => $user->getToken()), self::ABSOLUTE_URL); generate me an error "Call to a member function generate() on null". Thank you!
Hey codercoder123123
Seems like you forgot to initialize your router property on its constructor
Cheers!
hello
wen i try to create migration (php bin/console make:migration) for updating user firstname property I got an error:
Attempted to load class "AbstractMigration" from namespace "Doctrine\DBAL\Migrations".
Did you forget a "use" statement for "Doctrine\Migrations\AbstractMigration"?
can you help me with this?
Hey Amin A.
I believe you haven't installed the Doctrine migrations bundle. Once you install it you should not have this error anymore (unless I'm missing something :p)
composer require symfony/maker-bundle --dev
``
i'm sorry I am new with symfony but I’m sure that
Doctrine migrations bundle is installed and everything was good until 14 - Registration Form.
The whole message is:
php ./bin/console make:migration
Fatal error: Class 'Doctrine\DBAL\Migrations\AbstractMigration' not found in D:\wamp64\www\the_spacebar\src\Migrations\Version20180413174059.php on line 12
15:22:39 CRITICAL [php] Fatal Error: Class 'Doctrine\DBAL\Migrations\AbstractMigration' not found ["exception" => Symfony\Component\Debug\Exception\FatalErrorException { …}]
In Version20180413174059.php line 12:
Attempted to load class "AbstractMigration" from namespace "Doctrine\DBAL\Migrations".
Did you forget a "use" statement for "Doctrine\Migrations\AbstractMigration"?
when I search for (AbstractMigration.php) I funded in:
doctrine\migrations\lib\Doctrine\Migrations
thanks
Ohh, so the autogenerated namespace was wrong, or what was the problem?
Did you fix it already?
yes, I think autogenerated namespace is wrong, in a (start) folder from Symfony Security tutorials AbstractMigration.php live in two places: ..\vendor\doctrine\migrations\lib\Doctrine\DBAL\Migrations\AbstractMigration.php ..\vendor\doctrine\migrations\lib\Doctrine\Migrations\AbstractMigration.php
but the start folder from Form tutorials is only in
..\vendor\doctrine\migrations\lib\Doctrine\Migrations\AbstractMigration.php I try to reinstall and update bundles and
this did not fix the problem, DBAL folder is not exist in the new tutorial code Form Tutorials: ..\vendor\doctrine\migrations\lib\Doctrine\ folder
Hey Amin A.
This problem is related to a release of Doctrine migration package, we're investigating the issue but at least you can read a couple of solutions that Ryan provides here: https://symfonycasts.com/sc...
Cheers!
// composer.json
{
"require": {
"php": "^7.1.3",
"ext-iconv": "*",
"composer/package-versions-deprecated": "^1.11", // 1.11.99
"knplabs/knp-markdown-bundle": "^1.7", // 1.7.0
"knplabs/knp-paginator-bundle": "^2.7", // v2.8.0
"knplabs/knp-time-bundle": "^1.8", // 1.8.0
"nexylan/slack-bundle": "^2.0,<2.2.0", // v2.0.0
"php-http/guzzle6-adapter": "^1.1", // v1.1.1
"sensio/framework-extra-bundle": "^5.1", // v5.2.1
"stof/doctrine-extensions-bundle": "^1.3", // v1.3.0
"symfony/asset": "^4.0", // v4.1.6
"symfony/console": "^4.0", // v4.1.6
"symfony/flex": "^1.0", // v1.17.6
"symfony/form": "^4.0", // v4.1.6
"symfony/framework-bundle": "^4.0", // v4.1.6
"symfony/orm-pack": "^1.0", // v1.0.6
"symfony/security-bundle": "^4.0", // v4.1.6
"symfony/serializer-pack": "^1.0", // v1.0.1
"symfony/twig-bundle": "^4.0", // v4.1.6
"symfony/validator": "^4.0", // v4.1.6
"symfony/web-server-bundle": "^4.0", // v4.1.6
"symfony/yaml": "^4.0", // v4.1.6
"twig/extensions": "^1.5" // v1.5.2
},
"require-dev": {
"doctrine/doctrine-fixtures-bundle": "^3.0", // 3.0.2
"easycorp/easy-log-handler": "^1.0.2", // v1.0.7
"fzaninotto/faker": "^1.7", // v1.8.0
"symfony/debug-bundle": "^3.3|^4.0", // v4.1.6
"symfony/dotenv": "^4.0", // v4.1.6
"symfony/maker-bundle": "^1.0", // v1.8.0
"symfony/monolog-bundle": "^3.0", // v3.3.0
"symfony/phpunit-bridge": "^3.3|^4.0", // v4.1.6
"symfony/profiler-pack": "^1.0", // v1.0.3
"symfony/var-dumper": "^3.3|^4.0" // v4.1.6
}
}
When i'm updating the user enitity, when logged in (for example changhing user information)
I keep getting logged out and the changes won't persist.
How does this work? What do I have to do to edit the currenty logged in User without triggering the logout.