Symfony2 Registration and Login

Originally published at: http://www.sitepoint.com/symfony2-registration-login/

This entry is part 2 of 2 in the series Symfony2 Authentication and Authorization

Symfony2 Authentication and Authorization

In part 1, we discussed the basics of setting up a security system in our app (database and security.yml settings). We also covered the pre-registration stage where a user verifies their invitation status with the app.

Symfony2 logo

In this article, we will talk about registration, logins and post-login actions.

Form, database, and more

Registration is done through a form. The user will enter information like email, user name, password, confirmed password, and accept a disclaimer in some cases.

We also know that a user object will ultimately be persisted in the user table.

During this persistence process, we must be aware that:

  1. Some form input will be used in populating a user object (like username, password);
  2. Some user properties will be set by the app (like created, a date/time field to store when the user registers);
  3. Some form inputs are merely for verification and discarded (like retyped password, a check on the disclaimer).

We must have a way to create a “link” between a form and the underlying table, and specify the above requirements.

In Symfony, we achieve this by declaring a special form type class associated with an entity. In this case, a RegistrationType manages which fields to display, which fields are mapped (to a field), etc.

Symfony2 Authentication and Authorization

<< Symfony2 Pre-registration and Invite System
Continue reading this article on SitePoint

I recommend including the CSRF token in your forms or at least telling people about that feature in the article. They should know about this from a very start :wink:

You don’t really have to set the attributes (action, method…) in the form definition since you then set it manually in the view. But what you probably should do is setting the createAction method to be POST only.

I also miss any kind of validation but I guess you wanted to keep it simple and just show folks the basics.

And huge :thumbsup: for showing the success handler. Lot of people are ignoring this and are inventing weird and wrong hacks around in controllers. Looking forward to more articles.

@danaketh

Thanks for the in-depth feedback.

Missing CSRF is a miss. No excuse.

Validation is purposely skipped or the article will be further split.

Yes, post-login handler is cool.

$user= new User();
$user= $form->getData();

this part of the code is “just magic”, I would say that needs a little bit more explanation, at least for me.

You should consider using the bootstrap template as default in symfony2, above 2.6, to have even simpler views

thanks for the article

Yes, it looks like magic to me too. the article is focused on the higher level so a lot of underlying implementation details must be skipped.

Not quite sure on your final point, though.

Thanks.

They added the bootstrap framework to Symfony as of version 2.6 (which I personally think was a general mistake). However, it looks like you were using the bootstrap stuff anyway. So, I too am not sure what is meant by @bollasandor in his last sentence.

Scott

that’s easy look at here, just no need to add extra classes to form widgets http://symfony.com/blog/new-in-symfony-2-6-bootstrap-form-theme

Really nice tutorial!

But one question:

Is it possible to decode the hash from the email link to prefill the email field?

Last but not least a wish for the next tutorial.

Build a mail service to handle actions like send confirmation/invite email or a contact form by providing properties like setFrom, setTo and template with passed object for setBody.
Thats a good example for slim down controllers.

Cheers
bambamboole

Hi Taylor Ren, I am following your tutorial and i am new in Symmfony 2, I have a problem in implementing JQuery autocomplete in a entity field.Can you help me how to make it work? This is the link of our Question in StackOverflow http://stackoverflow.com/questions/32334289/adding-jquery-autocomplete-in-symfony2-entity-field/32341635#32341635

HI Taylor,
Great Tutorial …helped me a lot…
Could you please show how your Invite repository look like…

It would be good to have a workign application code for download.
For me it is not clear how is implemented login and login_check actions in Security controller.

regards,

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.