CODEWITHSUNDEEP
phpsilexsymfony-components
lilly
lilly

Reputation: 701

How to propely configure SecurityProvider in Silex?

I'm trying to use Symfony's Security component that is incorporated in Silex PHP framework. Unfortunately, I can't get anywhere with Silex documentation since it only lists some requirements, not giving any full working example.

There is a list of parameters that Silex takes to register SecurityProvider; what should they be?

Generally.. How to properly configure SecurityProvider in Silex?

Can anybody post some snippet/direct me to some hidden web page with instructions please?

Upvotes: 1

Views: 1757

Answers (1)

Hines Bourne
Hines Bourne

Reputation: 609

I had a bit of a struggle with this. Assuming you are referring to accepting form inputs of username and password, and also using Bcrypt password_compat library I can post some code I used. I use separate controllers so you may have to adapt it to fit your application. The main parts that I seemed to miss were the username_parameter and password_parameter keys to the form array. They are not documented at all on Silex, I found them on a blog post and in symfony's docs. Here is a link to my full source. It's a personal sandbox type project. https://github.com/tmpjr/itaya

// app.php
$app->register(new SecurityServiceProvider(), array(
'security.firewalls' => array(
    // Login URL is open to everybody.
    'login' => array(
        'pattern' => '^/login$',
        'anonymous' => true,
    ),
    // Any other URL requires auth.
    'index' => array(
        'pattern' => '^.*$',
        'form'      => array(
            'login_path'         => '/login',
            'check_path'        => '/login_check',
            'username_parameter' => 'username',
            'password_parameter' => 'password',
        ),
        'anonymous' => false,
        'logout'    => array('logout_path' => '/logout'),
        'users'     => $app->share(function() use ($app) {
            return new Itaya\UserProvider($app);
        }),
    ),
),
));

// Define a custom encoder for Security/Authentication
$app['security.encoder.digest'] = $app->share(function ($app) {
    // uses the password-compat encryption
    return new BCryptPasswordEncoder(10);
});

And here is the relevant parts from UserProvider

public function loadUserByUsername($username)
    {
        //$this->app['monolog']->addDebug('xxxUSERNAME: ' . $username);
        $stmt = $this->app['db']->executeQuery("SELECT * FROM user WHERE username = ?", array(strtolower($username)));

        if (!$user = $stmt->fetch()) {
            throw new UsernameNotFoundException(sprintf('Username "%s" does not exist.', $username));
        }

        return new User($user['username'], $user['pwd_hash'], explode(',', $user['roles']), true, true, true, true);
    }

Upvotes: 2

Related Questions