User bundle for Symfony 4 projects
This bundle will be extendible and provide:
- Simple registration form
- Simple login form
- Ability to 'switch on' MFA
- A Command to create users with their roles
- An e-mail message with a secure link to complete account registration
- Recover password functionality
- Being API accessable
- Ability to 'switch on' OAuth (Google/GitHub/Facebook/etc)
Set the environment variables to be able to send e-mails.
USERBUNDLE_FROM_EMAILADDRESS=[email protected]
To create a new user run:
./bin/console connectholland:user:create [email protected] p@$$w0rd --role=ROLE_USER
To use OAuth login add environment variables to enable a specific OAuth provider (resource). E.g. for google:
USERBUNDLE_OAUTH_GOOGLE_ID=xxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
USERBUNDLE_OAUTH_GOOGLE_SECRET=XXXXXXXXXXX-xx_xx_xxxxx
USERBUNDLE_OAUTH_GOOGLE_SCOPE='email profile'
# Options specific for the provider can be added in a json encoded string like below.
USERBUNDLE_OAUTH_GOOGLE_OPTIONS={"hd": "connectholland.nl"}
security:
encoders:
Symfony\Component\Security\Core\User\UserInterface:
algorithm: auto
providers:
app_user_provider:
entity:
class: ConnectHolland\UserBundle\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: true
guard:
authenticators:
- ConnectHolland\UserBundle\Security\UserBundleAuthenticator
logout:
path: connectholland_user_logout
oauth:
use_forward: false
resource_owners:
# The resource_owners routing postfixes are a composition of the firewall name and the resource name
google: connectholland_user_oauth_check_main_google
facebook: connectholland_user_oauth_check_main_facebook
linkedin: connectholland_user_oauth_check_main_linkedin
# etcetera
login_path: connectholland_user_login
failure_path: connectholland_user_login
oauth_user_provider:
service: ConnectHolland\UserBundle\Security\OAuthUserProvider
access_control:
- { path: ^/inloggen, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/registreren, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/connect, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/connect, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login/oauth-check, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: [ROLE_OAUTH, ROLE_ADMIN ] }