Authentication/Authorization these terms are often confused. Here I will clarify them.
Authentication — Login, proving who a user is one way or another. After a user is logged into a system a session cookie is usually created to re-authenticate the user so they don’t have to login every single page view.
Authorization — Can a user view or access something once Authenticated? Authorization includes things like administration panel access, viewing a users profile or post or media etc.
How to customize error pages – Documentation page about how to create custom error pages.
How to Customize Access Denied Responses – specifically about how to customize access denied responses. This is useful for when you use voters to authorize a users access to content.
Links and resources about Ethereum Solidity programming language.
One thing you will want to do is view your current security settings to do so you use this command.
php bin/console debug:config security
Old symfony cookbook security entry – This is an ancient link to nearly the very beginning of symfony. This explains the mechanics of the Symfony security system if you are like me and just want to know how the hell this functions so you can feel confident in the system and be able to diagnose and fix issues.
More on Security – this is another ancient link like above, it explains the system.
Symfony cast covering firewall and authentication and how it works. This has lots of info that should be directly in the documentation.
Security configuration reference -> not complete listing of some of the values you can set. If you run the debug:config command above you will see more values you can set, but good luck figuring out what they do.
How to restrict firewalls to a request -> symfony docs. This talks about using multiple firewalls and how the Symfony firewall system works like a waterfall trying one firewall after another until it finds one that works or uses the lastĀ firewall listed. This also explains some of the options to the firewall. This basically shows how to use multiple firewalls.
Symfony cast about security – this covers the entire system. Some things have changed in version 5 but this is mostly correct and serves as a starting point.
Security user providers – Part of the Firewall/Authentication/Authorization system is something called security providers. User providers check the users identity from a session cookie to verify the user. This part of the documentation talks about how the firewall uses the User providers to authenticate the user after they have logged in.
Custom Authentication System with Guard (API Token Example) – talks about how to create a custom API token
Built-in Authentication Providers – documentation about the built in service providers.
Symfony Cast about gaurds – this is ancient from version 3, but it is helpful because it covers how the system is supposed to work or was supposed to.
The firewall and authorization – this covers how authorization works in the firewall system. It has a section at the bottom that explains how the firewall/authentication/authorization flow works.
Using the form_login Authentication ProviderĀ – This explains how to create a login form and how the system processes it and authenticates the user.
A good video explaining how multiple authenticators work
Once I started digging into Symfony caching I found all kinds of information all over. I’ll use this page to catalog it all for myself and others. This way I can quickly find what I am looking for.
Cache – From the docs. This is the overall plain documentation about Symfony cache. It covers the following
Configuring Cache with FrameworkBundle
Creating Custom (Namespaced) Pools
Custom Provider Options
Creating a Cache Chain
Using Cache Tags
Clearing the Cache
Encrypting the Cache
The Symfony Cache component – This is the actual caching component documentation. It covers the following.
Installation
Cache Contracts versus PSR-6
Cache Contracts
Available Cache Adapters
Generic Caching (PSR-6)
Basic Usage (PSR-6)
Advanced Usage
Cache pools and Adapters – from the documentation. This covers cache adapters such as Redis and Memcached. It covers the following information.
Creating Cache Pools
Using the Cache Contracts
Using PSR-6
Looking for Cache Items
Saving Cache Items
Removing Cache Items
Pruning Cache Items
Cache items – from the documentation. You need ItemInterface and cache items in order to set expire information on cached items. This link covers the following :
Cache Item Keys and Values
Creating Cache Items
Cache Item Expiration
Cache Item Hits and Misses
Tagged Cache aka Tag Aware Caching – This article explains how tag aware caching works in Symfony. The article is old from version 3.2 when this feature was added.
Installing and configuring Redis for Symfony takes quite a few steps. So many I’d never remember them all. This article is for myself at a later date as well as anyone else who finds it useful. I’ll be updating this article as I learn more.
This article covers installing and configuring Redis for use for both Session storage and Application cache.
First you need Redis the program itself running. I suggest using Docker so you can quickly spin up Redis containers for experimenting. If you are not familiar with Docker I suggest you start with this getting started guide.
If you are using docker once you have started a Redis instance test it by trying to use the cli like so
redis-cli
You should see something similar to this.
127.0.0.1:6379
This means redis is running on 127.0.0.1 (localhost) on port 6379 which is the default port.
With redis-cli running you can further test with the following.
//set a key and value set someKey "some value for the key" //get the value for the key get someKey //view a list of all keys in redis storage keys "*"
In production you need to install Redis or have access to a server running Redis, I’ll cover that in another article.
You will need to install phpredis php extension and configure it. Before you can even do that though, you will need to install another php module php-dev I am using php 7.4 and Ubuntu so to install that I do this.
apt-get install php7.4-dev
This is needed because phpredis use phpize and phpize is included in php-dev.
If you are using another version of php you can search apt repository for this package like this:
apt search php-dev
or for version specific like this apt search phpver-dev
apt search php7.4-dev
Change the version number to match yours.
Next you install the phpredis extension from pecl.
pecl install redis
This is just the extension for the client to interact with your Redis server wherever it is, either local or remote.
Now you must configure PHPĀ to use this extension.
You could add the needed config values to the php.ini config, but the problem is there are two. Yeah one for the cli and one for fpm. I have an easier solution. Create one file and symlink for both cli and fpm.
You will need both configured. As I found out if you configure only fpm your app will work, but when you go to composer install/update/require etc. you will get a cli error about missing such and blah Redis extension blah blah.
If you are running PHP 7.4 on Linux you will want to create a file in the following /etc/php/7.4/mods-available directoryĀ named phpredis.iniĀ with the following
extension=redis.so
session.save_handler = redis
session.save_path = "tcp://localhost:6379?timeout=3&read_timeout=3"
You can find more info here in the phpredis docs.
Once you have created that file you need to symlink to the fpm and cli to let them know the configuration exists.
Run the following commands to symlink.
ln -s /etc/php/7.4/mods-available/phpredis.ini /etc/php/7.4/cli/conf.d/phpredis.ini
ln -s /etc/php/7.4/mods-available/phpredis.ini /etc/php/7.4/fpm/conf.d/phpredis.ini
The way this works is php after it reads the php.ini reads in all of the configuration files ( those with .ini extension) from the conf.d directory for either cli if you are using the command line or from fpm for your app. This makes configuring anything you need for php easier than having to open the giant php.ini file, plus you don’t have to worry about ruining one, which I have done easily.Ā Here is a link to the php docs on configuring and .ini files
Now you must restart php fpm for your app to work. On Ubuntu you can do this.
service php7.4-fpm restart
Now you must configure some things in Symfony. Part of the following can be found in the docs about caching in a Redis Database here.
From the docs you can see you need set these values inside services.yaml which is in the config directory of your app.
/yourapp/config/services.yaml
services:
# ...
Redis:
# you can also use \RedisArray, \RedisCluster or \Predis\Client classes
class: Redis
calls:
- connect:
- '%env(REDIS_HOST)%'
- '%env(int:REDIS_PORT)%'
# uncomment the following if your Redis server requires a password
# - auth:
# - '%env(REDIS_PASSWORD)%'
Symfony\Component\HttpFoundation\Session\Storage\Handler\RedisSessionHandler:
arguments:
- '@Redis'
The values for REDIS_HOST, REDIS_PORT and REDIS_PASSWORD should be defined in environmental variables on your system or in .env or in the secrets vault. For testing .env.test.local works.
Now there is still a little more configuring as the docs show in the link above. You need to configure the framework to use Redis for session storage. Open framework.yaml located in config/packages/ and change the handler_id and comment out the save_path file location info like so.
session:
enabled: true
handler_id: Symfony\Component\HttpFoundation\Session\Storage\Handler\RedisSessionHandler
#save_path: '%kernel.project_dir%/var/sessions/%kernel.environment%'
cookie_secure: auto
cookie_samesite: lax
You also need to configure the cache now in cache.yaml if you want to use Redis as a cache for your app.Ā You could configure everything in framework.yaml but it becomes a mess if you do that. Symfony reads all the files recursively located in the config directory, just make sure your yaml structure is correct.
If you open /yourapp/config/packages/cache.yaml you should see something similar already there.
/yourapp/config/packages/cache.yaml
framework:
cache:
# Unique name of your app: used to compute stable namespaces for cache keys.
prefix_seed: sogizmo
# The "app" cache stores to the filesystem by default.
# The data in this cache should persist between deploys.
# Other options include:
# Redis
app: cache.adapter.redis
default_redis_provider: 'redis://%env(REDIS_HOST)%:%env(REDIS_PORT)%'
#default_redis_provider: redis://localhost:6379
# APCu (not recommended with heavy random-write workloads as memory fragmentation can cause perf issues)
#app: cache.adapter.apcu
# Namespaced pools use the above "app" backend by default
#pools:
#my.dedicated.cache: null
Un-comment the lines shown under Redis section. You will notice a special syntax I am using. I kept messing around until it worked. You might not need to configure the default_redis_provider I need to do more research on that because it seems like that should be covered from the configs above, seems redundant.
default_redis_provider: 'redis://%env(REDIS_HOST)%:%env(REDIS_PORT)%'
That builds the string needed for the configuration basically this ‘redis://localhost:6379’Ā More about caching here in this Symfonycast.Ā that entire symfony cast is a great explanation of how the environmental system and cache works. More info about the string to connect to a redis provider here in the docs.
This is actually the easy part, but instead of explaining it here I’ll write another article and link to it here, this article is too long already.
Configuring symfony – link to the docs about configuring symfony .env file etc.
Symfony secrets vault – link to the docs about the secrets vault and keeping sensitive information safe in symfony.
Docker getting started guide.
phpredis extension and how to install and use docs
Symfony docs store sessions in a database -> includes Redis example
CacheInterface Symfony docs about caching items you need ItemInterface when you want to set an expires time for an item.
PSR6 CacheItemInterface documentation explaining this cache interface which Syfony ItemInterface uses.
Redis cache adapter docs – the documentation about configuring the redis cache adapter.
Often you may need to know whether a user is logged in or not inside a template to show or not show something. For example you might want to show links to login or register if a user is not logged in but show a link to logout if the user is logged in.
To do this you use is_granted() within a template with one of the following.
IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_REMEMBERED, IS_AUTHENTICATED_FULLY
<div class="modal-body">
<ul class="nav flex-column">
{% if is_granted('ROLE_SUPER_ADMIN_1') %}
<a class="nav-link" href="{{ path('show_dash') }}">Dashboard</a>
{% endif %}
{% if is_granted('ROLE_USER') %}
<a class="nav-link" href="{{ path('app_logout') }}">Logout</a> {% else %}
<a class="nav-link" href="{{ path('app_login') }}">Login</a> or <a class="nav-link" href="{{ path('app_register') }}">Signup</a> {% endif %}
</ul>
</div>
Using ROLE_SUPER_ADMIN_1 which is something I made up for my own app to check what type of admin the user is. I don’t really like the IS_AUTHENTICATED_* methods, read more about them in the link below if you want.
Link to more information about IS_AUTHENTICATED_* here inĀ a really old symfony cast I found via google.
Sometimes we make mistakes. When first learning docker we probably make many mistakes and end up with tons of unused docker images.
If you are on Linux like me, you won’t have a desktop dashboard like Mac and Windows get, so things are harder. To see a list of what images you have created you use the following command
docker ps -aThat command will output something like this.
It will show the CONTAINER ID, IMAGE, COMMAND etc. as you can see. To delete an image you use the container id with docker rm like this.
docker rm b5f8fae52bceI’ve seen older internet posts using the IMAGE value but I had no success with that method. I am guessing something changed. I didn’t even see an example of this I just tried it. I don’t see any mention of this in the docs either. But it works. This part in the getting started intro actually explains it. I think something did change.