Originally published at: http://www.sitepoint.com/symfony2-pre-registration-invite-system/
Symfony2 Authentication and Authorization
- Symfony2 Pre-registration and Invite System
We have discussed Symfony 2 development in previous SitePoint articles and we built a clone of my own personal Symfony app (Part 1, 2 and 3). But Symfony 2 is a gigantic framework and there are plenty more topics we can cover.
In this article series of two parts, we are going to talk about a very important area of web application development: Authentication and Authorization. Symfony2 has a very detailed elaboration of these two topics in its official documentation. Anyone who is seriously looking into this is encouraged to read through that official document after absorbing the essentials from this tutorial.
A typical User Management flow may have the following tasks:
- A built-in user will be generated upon application installation and will be granted the
root
equivalent privilege. - Any new user can either register via a form or can only register via invitation (which is the approach discussed in this article).
- After registration, a user record is stored into the underlying database/table.
- Optionally, the app will put this new user in a “pending” status and send out a confirmation email. A user will only be “activated” when they click the link in the email with a confirmation token. This approach is not used in this article because we are inviting users and the site is a “closed circle” site.
- A user logs in. The app will verify the user name and password.
- Optionally, the app can do some post-login activities. In this case, we will update the user’s last login date/time in the database, and redirect them.
- The user can explicitly choose to logout.
The underlying user
table
Although Symfony supports in-memory user authentication, that is not recommended in a real-world application. Most of the time, we’ll tap into other resources (database, LDAP, etc) to persist the user credentials. We will use an SQL database in our app.
Continue reading this article on SitePoint