This bundle requires the UtilBundle to work.
The User Bundle must be configured with routing information for the site. This information is used to create cookies and generate URLs in emails. It is required.
# .env.local
# Routing information
ROUTE_PROTOCOL=http
ROUTE_HOST=localhost
ROUTE_BASE=/nines_demo/public
# config/packages/nines_user.yaml
nines_user:
roles: [ ROLE_ADMIN, ROLE_USER_ADMIN, ROLE_BLOG_ADMIN, ROLE_COMMENT_ADMIN, ROLE_CONTENT_ADMIN, ROLE_USER ]
after_login_route: homepage
after_request_route: homepage
after_reset_route: homepage
after_logout_route: homepage
roles
is a list of roles a user may be granted. The example includes all roles defined in the Nines Bundles. Roles must be defined insecurity.yaml
(see below) to be useful.- The four route entries are the names of a route to redirect the user to after login, requesting a new password, resetting their password, or logging out.
Optionally configure the name of the login cookie in the framework:
# config/packages/framework.yaml
framework:
session:
handler_id: null
cookie_secure: auto
cookie_samesite: lax
name: NU_SESSION # <-- Add and change this line
The complete security configuration is below. The configuration includes an opt-in "remember me" cookie valid for one week, and some default security requirements for the various bundles. It also puts most of the site behind a login. Remove the last two lines of the configuration to open the site.
# config/packages/security.yaml
security:
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
providers:
app_user_provider:
entity:
class: Nines\UserBundle\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt|error)|css|images|js)/
security: false
main:
lazy: true
provider: app_user_provider
form_login:
login_path: nines_user_security_login
check_path: nines_user_security_login
post_only: true
form_only: true
enable_csrf: true
username_parameter: email
password_parameter: password
user_checker: Nines\UserBundle\Security\UserChecker
logout:
path: nines_user_security_logout
target: homepage
remember_me:
secret: '%kernel.secret%'
lifetime: 604800 # 1 week
path: '%router.request_context.base_url%'
domain: '%router.request_context.host%'
name: NU_REMEMBER_ME
remember_me_parameter: remember_me
role_hierarchy:
ROLE_ADMIN: [ ROLE_USER_ADMIN, ROLE_BLOG_ADMIN, ROLE_COMMENT_ADMIN, ROLE_CONTENT_ADMIN, ROLE_USER ]
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
# Default controller stuff - open to the public
- { path: ^/$, roles: PUBLIC_ACCESS }
- { path: ^/privacy$, roles: PUBLIC_ACCESS }
# user controller stuff - open to the public
- { path: ^/request$, roles: PUBLIC_ACCESS }
- { path: ^/reset, roles: PUBLIC_ACCESS }
- { path: ^/login$, roles: PUBLIC_ACCESS }
- { path: ^/editor/upload, roles: PUBLIC_ACCESS }
# media bundle
- { path: ^/audio, roles: PUBLIC_ACCESS }
- { path: ^/image, roles: PUBLIC_ACCESS }
- { path: ^/pdf, roles: PUBLIC_ACCESS }
# keep the rest of the site private
- { path: ^/, roles: ROLE_USER }
Embed the user login/profile/logout menu in your base template:
{# base.html.twig #}
{{ knp_menu_render('nines_user_nav') }}
These shell commands will create an admin user, activate the account, set the password and grant the admin role:
$ ./bin/console nines:user:create admin@example.com "Full Name" "Institutional Affiliation"
$ ./bin/console nines:user:activate admin@example.com
$ ./bin/console nines:user:password admin@example.com abc123
$ .//bin/console nines:user:promote admin@example.com ROLE_ADMIN
This functionality is also available to admin users through the user menu.