How to get the current logged User in a service

Question

In Symfony 2.8/3.0, with our fancy new security components, how do I get the currently logged User (i.e. FOSUser) object in a service without injecting the whole container?

Is it even possible in a non-hacky way?

PS: Let's not consider the "pass it to the service function as a parameter" for being trivially obvious. Also, dirty.

Answer 1

With Symfony 5.2+ and PHP 8.0+ you can also get the logged user using the #[CurrentUser] attribute

namespace App\Controller;

use App\Entity\User;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\Security\Http\Attribute\CurrentUser;

class FooController extends AbstractController
{
    public function index(#[CurrentUser] ?User $user)
    {
        // ...
    }
}

• Blog post: https://symfony.com/blog/new-in-symfony-5-2-controller-argument-attributes
• Documentation: https://symfony.com/doc/current/security.html

Answer 2

Works with Symfony 3.4, 4.x, 5.x & above. The Security utility class was introduced in Symfony 3.4.

use Symfony\Component\Security\Core\Security;

public function indexAction(Security $security)
{
    $user = $security->getUser();
}

https://symfony.com/doc/3.4/security.html#always-check-if-the-user-is-logged-in

Answer 3

In symfo 4 :

use Symfony\Component\Security\Core\Security;

class ExampleService
{
    private $security;

    public function __construct(Security $security)
    {
        $this->security = $security;
    }

    public function someMethod()
    {
        $user = $this->security->getUser();
    }
}

See doc : https://symfony.com/doc/current/security.html#retrieving-the-user-object

Answer 4

From Symfony 3.3, from a Controller only, according this blog post: https://symfony.com/blog/new-in-symfony-3-2-user-value-resolver-for-controllers

It's easy as:

use Symfony\Component\Security\Core\User\UserInterface

public function indexAction(UserInterface $user)
{...}

Answer 5

Using constructor dependency injection, you can do it this way:

use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;

class A
{
    private $user;

    public function __construct(TokenStorageInterface $tokenStorage)
    {
        $this->user = $tokenStorage->getToken()->getUser();
    }

    public function foo()
    {
        dump($this->user);
    }
}

Answer 6

Symfony does this in Symfony\Bundle\FrameworkBundle\ControllerControllerTrait

protected function getUser()
{
    if (!$this->container->has('security.token_storage')) {
        throw new \LogicException('The SecurityBundle is not registered in your application.');
    }

    if (null === $token = $this->container->get('security.token_storage')->getToken()) {
        return;
    }

    if (!is_object($user = $token->getUser())) {
        // e.g. anonymous authentication
        return;
    }

    return $user;
}

So if you simply inject and replace security.token_storage, you're good to go.

Answer 7

if you class extend of Controller

$this->get('security.context')->getToken()->getUser();

Or, if you has access to container element..

$container = $this->configurationPool->getContainer();
$user = $container->get('security.context')->getToken()->getUser();

http://symfony.com/blog/new-in-symfony-2-6-security-component-improvements

Answer 8

Inject security.token_storage service into your service, and then use:

$this->token_storage->getToken()->getUser();

as described here: http://symfony.com/doc/current/book/security.html#retrieving-the-user-object and here: http://symfony.com/doc/current/book/service_container.html#referencing-injecting-services