Automatic post-registration user authentication

by

Symfony 4.0

This process hasn’t changed from Symfony 3 to 4 but here is an example using the newly recommended AbstractController. Both the security.token_storage and the session services are registered in the parent getSubscribedServices method so you don’t have to add those in your controller.

use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use YourNameSpace\UserBundle\Entity\User;

class LoginController extends AbstractController{

    public function registerAction()
    {    
        $user = //Handle getting or creating the user entity likely with a posted form
        $token = new UsernamePasswordToken($user, null, 'main', $user->getRoles());
        $this->container->get('security.token_storage')->setToken($token);
        $this->container->get('session')->set('_security_main', serialize($token));
        // The user is now logged in, you can redirect or do whatever.
    }

}

Symfony 2.6.x – Symfony 3.0.x

As of Symfony 2.6 security.context is deprecated in favor of security.token_storage. The controller can now simply be:

use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use YourNameSpace\UserBundle\Entity\User;

class LoginController extends Controller{

    public function registerAction()
    {    
        $user = //Handle getting or creating the user entity likely with a posted form
        $token = new UsernamePasswordToken($user, null, 'main', $user->getRoles());
        $this->get('security.token_storage')->setToken($token);
        $this->get('session')->set('_security_main', serialize($token));
    }

}

While this is deprecated you can still use security.context as it has been made to be backward compatible. Just be ready to update it for Symfony 3.

You can read more about the 2.6 changes for security here: https://github.com/symfony/symfony/blob/2.6/UPGRADE-2.6.md

Symfony 2.3.x

To accomplish this in Symfony 2.3 you can no longer just set the token in the security context. You also need to save the token to the session.

Assuming a security file with a firewall like:

// app/config/security.yml
security:
    firewalls:
        main:
            //firewall settings here

And a controller action similar to:

use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use YourNameSpace\UserBundle\Entity\User;

class LoginController extends Controller{

    public function registerAction()
    {    
        $user = //Handle getting or creating the user entity likely with a posted form
        $token = new UsernamePasswordToken($user, null, 'main', $user->getRoles());
        $this->get('security.context')->setToken($token);
        $this->get('session')->set('_security_main',serialize($token));
        //Now you can redirect where ever you need and the user will be logged in
    }

}

For the token creation you will want to create a UsernamePasswordToken. This accepts 4 parameters: User Entity, User Credentials, Firewall Name, User Roles. You don’t need to provide the user credentials for the token to be valid.

I’m not 100% sure that setting the token on the security.context is necessary if you are just going to redirect right away. But it doesn’t seem to hurt so I have left it.

Then the important part, setting the session variable. The variables naming convention is _security_ followed by your firewall name, in this case main making _security_main.

More Related Contents:

  1. do not include AcmeDemoBundle using symfony installer
  2. Symfony 3, Guard & Handlers
  3. Creating sign-in with my site functionality
  4. How to access dynamic variable names in twig?
  5. Docker in MacOs is very slow
  6. Path of assets in CSS files in Symfony 2
  7. How to get current route in Symfony 2?
  8. Symfony2 conceptual issue: general bundles vs. specific ones
  9. Symfony 3.4 Use view inside my bundle
  10. Doctrine Query Language get Max/Latest Row Per Group
  11. Disable deprecated warning in Symfony 2(.7)
  12. Symfony: Clear doctrine cache
  13. Symfony2 and date_default_timezone_get() – It is not safe to rely on the system’s timezone settings
  14. Use Javascript to access a variable passed through Twig
  15. A YAML file cannot contain tabs as indentation
  16. Request headers bag is missing Authorization header in Symfony 2?
  17. How to access an application parameters from a service?
  18. Compile Error: Cannot use isset() on the result of an expression
  19. How to cache in Symfony 2?
  20. What is the best way to notify a user after an access_control rule redirects?
  21. Accessing Files Relative to Bundle in Symfony2
  22. Why does PHP 7.4 on Windows aborts all command line actions that require user input?
  23. How to get the server path to the web directory in Symfony2 from inside the controller?
  24. Remove / Replace the username field with email using FOSUserBundle in Symfony2 / Symfony3
  25. Symfony 2 load different template depending on user agent properties
  26. Symfony: How do I refresh the authenticated user from the database?
  27. Extending Sonata User Bundle and adding new fields [closed]
  28. Use custom delimiters in the current Twig template
  29. How to access a different controller from inside a controller Symfony2
  30. How to give container as argument to services

Leave a Comment