Authentication user with login form #34
Conversation
There was a problem hiding this comment.
Use spaces rather than tab (4 spaces indentation). Your indentation is totally off everywhere.
Do not create getters and setters unless needed, and do not use setXXX but rather a verb, an intent, saying in which case this is used, encapsulating the change, hence not leaking the attributes you have.
Never ever commit comments
src/Repository/UserRepository.php
Outdated
| use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository; | ||
| use Symfony\Bridge\Doctrine\RegistryInterface; | ||
|
|
||
| /** |
There was a problem hiding this comment.
Remove this, see discussion with @ayumiesan. She can help you with that
There was a problem hiding this comment.
ok I see the discussion you had with @ayumiesan about using @method as annotation
|
Fix your feedback, hoping I didn't miss some. |
kevinjhappy
changed the title
|
Login form is now working and complete, can you review this one please @tdutrion ? |
kevinjhappy
changed the title
kevinjhappy
changed the title
Manage Special Sponsorships (DarkmiraTour#30) * Manage Special Sponsorships * install paramconverter, rename specialBenefit, remove setters * Create Factory for SpecialBenefit * Manage Value Objects for specialBenefit * Add RepositoryInterface * Define return type array to findAll methods * Rename speficic method in entity * last refacto change composer.lock Update default command of the nodejs container Add missing packages inside node container Update node version tag Create bucket at storage startup Add empty bucket folder Remove unused entrypoint override Class user ready to be create in database and be populate by fixture + login Form working, WIP for authenticate database user login form now working, need to launch UserFixture to set test user Added travis with php-cs-fixer Add phpmd Add phpunit Add roave security-advisories package Remove phpunit container Fix coding style Fix php-cs-fixer config error Fix coding style (DarkmiraTour#47) * Fix coding style * Remplace Twig_Environment by Twig\Environment * Fix PHPMD error (upgrade version) * Fix phpunit permission [Fixes DarkmiraTour#38] Move docker container config in docker/ Create Readme Add Dabatase specifications remove Minio configuration Change title display Add Note fix UserFixture by adding setPassword add admin User into fixture fix coding style fix coding style add Logout, add role check on menus, options and routes delete gitignore
config/packages/security.yaml
Outdated
|
|
||
| encoders: | ||
| App\Entity\User: | ||
| algorithm: bcrypt |
There was a problem hiding this comment.
Why not argon2i with libsodium?
config/packages/security.yaml
Outdated
| encoders: | ||
| App\Entity\User: | ||
| algorithm: bcrypt | ||
| cost: 10 |
There was a problem hiding this comment.
Why not using the default cost?
There was a problem hiding this comment.
No reason in particular, I wanted to use PHP default configuration and not Symfony's, I can change that
There was a problem hiding this comment.
Changed to argon2i without further configuration, as default config is memory_cost: 1024 / time_cost: 2 / threads: 2
| @@ -13,7 +13,11 @@ | |||
| use Symfony\Component\Routing\RouterInterface; | |||
| use Symfony\Component\Security\Csrf\CsrfToken; | |||
| use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface; | |||
| use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted; | |||
There was a problem hiding this comment.
Please do not use annotations and the sensio extra bundle.
There was a problem hiding this comment.
Changes have been made, the extra bundle with IsGranted is gone and replaced by matching routes denied without the right role. But for my knowledge, why is it best not to use this Extra Bundle? Is it to avoid adding annotations?
|
@tdutrion The other files that are not part of the project come from my squashing of all my commits from the beginning, as I made 2 merge from develop during this issue, git took the changes as his own, I was surprised also to see those files included in the squashed commit, and I am also surprised there are still conflicts as I made sure I fix them all, but I was careful with my rebase using squash. I might have done it wrong then. I can revert my squashed commit and do it again if needed |
Co-Authored-By: kevinjhappy <kevin.nadin@gmail.com>
Co-Authored-By: kevinjhappy <kevin.nadin@gmail.com>
…orithm to argon2i
config/packages/security.yaml
Outdated
| # Note: Only the *first* access control that matches will be used | ||
|
|
||
| access_control: | ||
| - { path: ^/organisations/create, roles: ROLE_ADMIN } |
There was a problem hiding this comment.
https://symfony.com/doc/current/security.html#securing-url-patterns-access-control
You can use a pattern for multiple routes as shown in this example.
config/packages/security.yaml
Outdated
| # form_login: true | ||
| # https://symfony.com/doc/current/security/form_login_setup.html | ||
|
|
||
| # Easy way to control access for large sections of your site |
There was a problem hiding this comment.
Remove comments
| # Easy way to control access for large sections of your site |
config/packages/security.yaml
Outdated
| # https://symfony.com/doc/current/security/form_login_setup.html | ||
|
|
||
| # Easy way to control access for large sections of your site | ||
| # Note: Only the *first* access control that matches will be used |
There was a problem hiding this comment.
| # Note: Only the *first* access control that matches will be used |
config/packages/security.yaml
Outdated
| logout: | ||
| path: app_logout | ||
|
|
||
| # activate different ways to authenticate |
There was a problem hiding this comment.
| # activate different ways to authenticate |
config/packages/security.yaml
Outdated
| path: app_logout | ||
|
|
||
| # activate different ways to authenticate | ||
|
|
|
|
||
| public function checkCredentials($credentials, UserInterface $user) | ||
| { | ||
| return $this->passwordEncoder->isPasswordValid($user, $credentials['password']); |
There was a problem hiding this comment.
What if credentials is not an array or $credentials['password'] does not exist or is not of the right type?
| return new RedirectResponse($this->router->generate('login_success')); | ||
| } | ||
|
|
||
| protected function getLoginUrl() |
There was a problem hiding this comment.
Why would this be protected? Is that forced by the AbstractFormLoginAuthenticator?
There was a problem hiding this comment.
Yes it's the only abstract function of AbstractFormLoginAuthenticator and is with protected visibility, nevertheless, I can pass it public as this is a larger visibility
|
|
||
| class LoginFormAuthenticator extends AbstractFormLoginAuthenticator | ||
| { | ||
| use TargetPathTrait; |
There was a problem hiding this comment.
Please refrain from using traits.
There was a problem hiding this comment.
Ok I will check that, for my knowledge is there a specific reason like a good practice or other for not using traits?
templates/security/login.html.twig
Outdated
|
|
||
| {% block content %} | ||
| <div class="container"> | ||
| <form method="post"> |
There was a problem hiding this comment.
Why don't you use symfony forms and twig form helpers?
There was a problem hiding this comment.
Didn't know they existed, I made the implementation
| {% if is_granted('ROLE_ADMIN') %} | ||
| <div class="col col-6"> | ||
| <p class="text-right"> | ||
| <a class="btn btn-primary" href="{{ path('special_benefit_create') }}">Create new</a> |
There was a problem hiding this comment.
| <a class="btn btn-primary" href="{{ path('special_benefit_create') }}">Create new</a> | |
| <a class="btn btn-primary" href="{{ path('special_benefit_create') }}">Add new benefit</a> |
cgrandval
added
enhancement
Bases of security bundle implemented, with the login form, the route is /login.
No users can connect yet
Fix #24