There are a few ways I have found to get a user id. None of the classes you can inject such as UserInterface, SessionInterface, TokenInterface, Security etc. contain an actual getUserId() method. There is absolutely no method named this other than in the user Entity, if your entity contains a column named id.
You can get a user object from the Security class, as seen in the documentation here. To do so you type hint aka Dependency Inject your service constructor with Security. But not just any Security will do, there is also one by Sensio labs and another.
Be careful which one you choose.
Be careful what you you choose when your IDE suggests a list. You want this Security
use Symfony\Component\Security\Core\Security;
Then your ide wont show the getId() method, or will warn something about a polymorphic call blah blah. But there is a getId() method of the user Entity returned from Security and you can get a user id like this.
This method may return null if the user is not logged in so you need to check for that. The @var syntax tells the IDE what is going on so it knows there is a getId() method. You will also need to import that class. The User object it refers to is your App/Entity/User class, which will give you access to the User Id
This is basically just my notes at this time and what I have found. I’ll keep adding to it over time. I can never, ever for the life of me remember how this complicated BS works.
If you are wanting to know the overview of how the Syfmony Authentication system works it is actually under Security here.
How it works overview.
This is only what I have found. I don’t know 100% how it works at this time.
First off a list of files involved in the login process. These are from running the standard Makers.
The login form obviously app/templates/security/login.html.twig
A security controller app/src/Controller/SecurityController.php
A user Provider (freeking words) aka the User entity class app/src/Entity/User.php
An Authenticator app/src/Security/LoginFormAuthenticator.php
When a user tries to login Symfony first calls LoginFormAuthenticator.php to check to see if the user is logged in/authenticated so the work is not done in the controller like most other actions.
To change, add, remove anything from the authentication process you make changes in the LoginFormAuthenticator.php methods. Unless it is done in configs, like multiple Authenticators. And some of this is controlled by configurations.
This authenticator is listed in the app/config/packages/security.yaml file under firewalls:main:guard:athenticators as
- App\Security\LoginFormAuthenticator
symfony firewall authenticator section
Every time a request is made the firewall will use the authenticator listed to try to authenticate the user. If authentication fails Symfony secretly behind the scenes tries other ways to authenticate the user as you can see in the image below. I haven’t found the info about this yet.
Secret guards attack
As you can see in the image above Symfony will try your guard you listed in the configuration file, but it also tries it’s own secret list of default authenticators. And seeing the above in my logs kept making me say WTF is this BS and why is it happening.
shh it’s a secret
That has been my biggest complaint about Symfony, the docs and info are scattered all over, especially about Authentication.
Links
I’ve literally had to hunt and peck and google and dig to find this info and figure out how the hell the system works. I hope this saves someone time.
Here is a link in the symfony docs about authentication. I only find it minimally useful after creating my login system with makers. I’d like to see more about what happens each time a page is accessed etc. like what process is the system following?
The best link I have found yet this info should be in the docs
Here is a really helpful article I finally found. It contains info that should be in the docs, like how the system works if you create it with makers, like probably 98% of the people out there. And basically how the system functions.
Plain session docs – This is the symfony documentation page about Sessions alone. This link shows the basic configuration and use of Sessions in Symfony. This also mentions not starting a session for Anonymous users and has links to other info about sessions.
Configuring Sessions and Save handlers – Symfony documentation link. This covers more about how to configure sessions and their Save Handlers. This is some of the better information about Sessions and how they work in Symfony. It covers the save handlers and more of the configuration information.
Session proxy examples – Symfony Documentation link. This covers how to create your own session handler. It also discusses how to encrypt session data with an example.
Framework configuration – Symfony documentation link. This covers many of the options for the security component of Symfony.
Store sessions in a database – Symfony documentation link that describes how to store session data in a database or Redis.
Session Management – Symfony documentation link. Explains how sessions are managed in symfony. Gives a good overview and important information about how symfony functions. It covers the functions symfony uses to replace PHP session functions and how to use them. This also covers the ways to work with sessions in Symfony. Oddly this covers Flash messages too.
