-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication user with login form #34
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use spaces rather than tab (4 spaces indentation). Your indentation is totally off everywhere.
Do not create getters and setters unless needed, and do not use setXXX but rather a verb, an intent, saying in which case this is used, encapsulating the change, hence not leaking the attributes you have.
Never ever commit comments
src/Repository/UserRepository.php
Outdated
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository; | ||
use Symfony\Bridge\Doctrine\RegistryInterface; | ||
|
||
/** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove this, see discussion with @ayumiesan. She can help you with that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok I see the discussion you had with @ayumiesan about using @method
as annotation
Fix your feedback, hoping I didn't miss some. |
Login form is now working and complete, can you review this one please @tdutrion ? |
Manage Special Sponsorships (DarkmiraTour#30) * Manage Special Sponsorships * install paramconverter, rename specialBenefit, remove setters * Create Factory for SpecialBenefit * Manage Value Objects for specialBenefit * Add RepositoryInterface * Define return type array to findAll methods * Rename speficic method in entity * last refacto change composer.lock Update default command of the nodejs container Add missing packages inside node container Update node version tag Create bucket at storage startup Add empty bucket folder Remove unused entrypoint override Class user ready to be create in database and be populate by fixture + login Form working, WIP for authenticate database user login form now working, need to launch UserFixture to set test user Added travis with php-cs-fixer Add phpmd Add phpunit Add roave security-advisories package Remove phpunit container Fix coding style Fix php-cs-fixer config error Fix coding style (DarkmiraTour#47) * Fix coding style * Remplace Twig_Environment by Twig\Environment * Fix PHPMD error (upgrade version) * Fix phpunit permission [Fixes DarkmiraTour#38] Move docker container config in docker/ Create Readme Add Dabatase specifications remove Minio configuration Change title display Add Note fix UserFixture by adding setPassword add admin User into fixture fix coding style fix coding style add Logout, add role check on menus, options and routes delete gitignore
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please find out why there's a ton of files that shouldn't be in your PR in that diff. Also, remove the sensio extra bundle from this PR please.
config/packages/security.yaml
Outdated
|
||
encoders: | ||
App\Entity\User: | ||
algorithm: bcrypt |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not argon2i with libsodium?
config/packages/security.yaml
Outdated
encoders: | ||
App\Entity\User: | ||
algorithm: bcrypt | ||
cost: 10 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not using the default cost?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No reason in particular, I wanted to use PHP default configuration and not Symfony's, I can change that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed to argon2i without further configuration, as default config is memory_cost: 1024 / time_cost: 2 / threads: 2
@@ -13,7 +13,11 @@ | |||
use Symfony\Component\Routing\RouterInterface; | |||
use Symfony\Component\Security\Csrf\CsrfToken; | |||
use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface; | |||
use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please do not use annotations and the sensio extra bundle.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes have been made, the extra bundle with IsGranted is gone and replaced by matching routes denied without the right role. But for my knowledge, why is it best not to use this Extra Bundle? Is it to avoid adding annotations?
@tdutrion The other files that are not part of the project come from my squashing of all my commits from the beginning, as I made 2 merge from develop during this issue, git took the changes as his own, I was surprised also to see those files included in the squashed commit, and I am also surprised there are still conflicts as I made sure I fix them all, but I was careful with my rebase using squash. I might have done it wrong then. I can revert my squashed commit and do it again if needed |
Co-Authored-By: kevinjhappy <kevin.nadin@gmail.com>
Co-Authored-By: kevinjhappy <kevin.nadin@gmail.com>
…orithm to argon2i
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would probably just checkout bin/console
to remove the chmod (do it in another PR if needed) and .php_cs.dist
(the previous comment did not take into account the fact this file should not be there at all).
config/packages/security.yaml
Outdated
# Note: Only the *first* access control that matches will be used | ||
|
||
access_control: | ||
- { path: ^/organisations/create, roles: ROLE_ADMIN } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://symfony.com/doc/current/security.html#securing-url-patterns-access-control
You can use a pattern for multiple routes as shown in this example.
config/packages/security.yaml
Outdated
# form_login: true | ||
# https://symfony.com/doc/current/security/form_login_setup.html | ||
|
||
# Easy way to control access for large sections of your site |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove comments
# Easy way to control access for large sections of your site |
config/packages/security.yaml
Outdated
# https://symfony.com/doc/current/security/form_login_setup.html | ||
|
||
# Easy way to control access for large sections of your site | ||
# Note: Only the *first* access control that matches will be used |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# Note: Only the *first* access control that matches will be used |
config/packages/security.yaml
Outdated
logout: | ||
path: app_logout | ||
|
||
# activate different ways to authenticate |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# activate different ways to authenticate |
config/packages/security.yaml
Outdated
path: app_logout | ||
|
||
# activate different ways to authenticate | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
|
||
public function checkCredentials($credentials, UserInterface $user) | ||
{ | ||
return $this->passwordEncoder->isPasswordValid($user, $credentials['password']); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if credentials is not an array or $credentials['password']
does not exist or is not of the right type?
return new RedirectResponse($this->router->generate('login_success')); | ||
} | ||
|
||
protected function getLoginUrl() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why would this be protected? Is that forced by the AbstractFormLoginAuthenticator
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes it's the only abstract function of AbstractFormLoginAuthenticator
and is with protected visibility, nevertheless, I can pass it public as this is a larger visibility
|
||
class LoginFormAuthenticator extends AbstractFormLoginAuthenticator | ||
{ | ||
use TargetPathTrait; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please refrain from using traits.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok I will check that, for my knowledge is there a specific reason like a good practice or other for not using traits?
templates/security/login.html.twig
Outdated
|
||
{% block content %} | ||
<div class="container"> | ||
<form method="post"> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why don't you use symfony forms and twig form helpers?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Didn't know they existed, I made the implementation
{% if is_granted('ROLE_ADMIN') %} | ||
<div class="col col-6"> | ||
<p class="text-right"> | ||
<a class="btn btn-primary" href="{{ path('special_benefit_create') }}">Create new</a> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
<a class="btn btn-primary" href="{{ path('special_benefit_create') }}">Create new</a> | |
<a class="btn btn-primary" href="{{ path('special_benefit_create') }}">Add new benefit</a> |
Bases of security bundle implemented, with the login form, the route is /login.
No users can connect yet
Fix #24