Month: April 2021

Categories
Web Development

How to get the user id in a service in Symfony 5

Problem solved

I’m no Symfony expert, I write what I find as I find it. Nothing in the documentation really covers this subject, so I am not sure what the correct way is of if there even is one. Getting the User ID is way harder than it ever should be to be perfectly honest.

There are a few ways I have found to get a user id. None of the classes you can inject such as UserInterface, SessionInterface, TokenInterface, Security etc. contain an actual getUserId() method. There is absolutely no method named this other than in the user Entity, if your entity contains a column named id.

You can  get a user object from the Security class, as seen in the documentation here. To do so you type hint aka Dependency Inject your service constructor with Security but not just any Security will do, there is also one by Sensio labs and another. Be careful what you you choose when your IDE suggests a list. You want this Security

use Symfony\Component\Security\Core\Security;

Then your ide wont show the getId() method, or will warn something about a polymorphic call blah blah.  But  there is a getId() method of the user Entity returned from Security and you can get a user id like this.


/** @var User $user */
$user = $this->security->getUser()->getId();
if(!empty($user){
$userId = $user->getId();
}

This method may return null if the user is not logged in so you need to check for that. The @var syntax tells the IDE what is going on so it knows there is a getId() method, you will also need to import that class. The User object it refers to is your App/Entity/User class.

Forgive me if anything is wrong. I wish there was more info about this since this is one of the most popular articles on this site

Links.

Link to a Symfony cast with a little more info but not much.

Categories
Resources Web Development

How does login and authentication work in Symfony 5.*

Spaghetti docs suck

This is basically just my notes at this time and what I have found. I’ll keep adding to it over time.

To learn that see the links section. Here is an excellent article about the files involved, the process etc.

If you are wanting to know the overview of how the Syfmony Authentication system works it is actually under Security here.

How it works overview.

This is only what I have found. I don’t know 100% how it works at this time.

First off a list of files involved in the login process. These are from running the standard Makers.

  1. The login form obviously app/templates/security/login.html.twig
  2. A security controller app/src/Controller/SecurityController.php
  3. A user Provider (freeking words) aka the User entity class app/src/Entity/User.php
  4. An Authenticator app/src/Security/LoginFormAuthenticator.php

When a user tries to login Symfony first calls LoginFormAuthenticator.php to check to see if the user is logged in/authenticated so the work is not done in the controller like most other actions.

To change, add, remove anything from the authentication process you make changes in the LoginFormAuthenticator.php methods. Unless it is done in configs, like multiple Authenticators. And some of this is controlled by configurations.

This authenticator is listed in the app/config/packages/security.yaml file under firewalls:main:guard:athenticators as

- App\Security\LoginFormAuthenticator
symfony firewall authenticator section

Every time a request is made the firewall will use the authenticator listed to try to authenticate the user. If authentication fails Symfony secretly behind the scenes tries other ways to authenticate the user as you can see in the image below. I haven’t found the info about this yet.

symfony guards
Secret guards attack

As you can see in the image above Symfony will try your guard you listed in the configuration file, but it also tries it’s own secret list of default authenticators. And seeing the above in my logs kept making me say WTF is this BS and why is it happening.

secret agent meme
shh it’s a secret

That has been my biggest complaint about Symfony, the docs and info are scattered all over, especially about Authentication.

Links

I’ve literally had to hunt and peck and google and dig to find this info and figure out how the hell the system works. I hope this saves someone time.

For information about the login form see this article in the docs.

Here is a SymfonyCast with some good info, a bit has changed from version 4 to 5.3(current)

This is a new SymfonyCast for version 5 not even done yet. It has more info on WTF is going on.

Here is a  link in the symfony docs about authentication. I only find it minimally useful after creating my login system with makers. I’d like to see more about what happens each time a page is accessed etc. like what process is the system following?

Here is a link to symfony docs on how to create your own authenticator.

The best link I have found yet this info should be in the docs

Here is a really helpful article I finally found. It contains info that should be in the docs, like how the system works if you create it with makers, like probably 98% of the people out there. And basically how the system functions.

Categories
Resources Web Development

Symfony Session resources list

more resources

Plain session docs – This is the symfony documentation page about Sessions alone. This link shows the basic configuration and use of Sessions in Symfony. This also mentions not starting a session for Anonymous users and has links to other info about sessions.

Configuring Sessions and Save handlers – Symfony documentation link. This covers more about how to configure sessions and their Save Handlers. This is some of the better information about Sessions and how they work in Symfony. It covers the save handlers and more of the configuration information.

Session proxy examples – Symfony Documentation link. This covers how to create your own session handler. It also discusses how to encrypt session data with an example.

Framework configuration – Symfony documentation link. This covers many of the options for the security component of Symfony.

Store sessions in a database – Symfony documentation link that describes how to store session data in a database or Redis.

Session Management – Symfony documentation link. Explains how sessions are managed in symfony. Gives a good overview and important information about how symfony functions. It covers the functions symfony uses to replace PHP session functions and how to use them. This also covers the ways to work with sessions in Symfony. Oddly this covers Flash messages too.