roadiz / user-bundle
Public user management bundle for Roadiz CMS
Installs: 312
Dependents: 0
Suggesters: 1
Security: 0
Stars: 3
Watchers: 2
Forks: 0
Type:symfony-bundle
Requires
- php: >=8.2
- api-platform/core: ~3.3.11
- doctrine/orm: ~2.20.0
- roadiz/core-bundle: 2.4.*
- symfony/framework-bundle: 6.4.*
- symfony/lock: 6.4.*
- symfony/rate-limiter: 6.4.*
Requires (Dev)
- php-coveralls/php-coveralls: ^2.4
- phpstan/phpdoc-parser: <2
- phpstan/phpstan: ^1.5.3
- phpstan/phpstan-doctrine: ^1.3
- roadiz/doc-generator: 2.4.*
- roadiz/entity-generator: 2.4.*
- roadiz/jwt: 2.4.*
- roadiz/random: 2.4.*
- dev-develop / 2.5.x-dev
- dev-main / 2.4.x-dev
- v2.4.3
- v2.4.2
- v2.4.1
- v2.4.0
- v2.3.31
- v2.3.30
- v2.3.29
- v2.3.28
- v2.3.27
- v2.3.26
- v2.3.25
- v2.3.24
- v2.3.23
- v2.3.22
- v2.3.21
- v2.3.20
- v2.3.19
- v2.3.18
- v2.3.17
- v2.3.16
- v2.3.15
- v2.3.14
- v2.3.13
- v2.3.12
- v2.3.11
- v2.3.10
- v2.3.9
- v2.3.8
- v2.3.7
- v2.3.6
- v2.3.5
- v2.3.4
- v2.3.3
- v2.3.2
- v2.3.1
- v2.3.0
- v2.2.30
- v2.2.29
- v2.2.28
- v2.2.27
- v2.2.26
- v2.2.25
- v2.2.24
- v2.2.23
- v2.2.22
- v2.2.21
- v2.2.20
- v2.2.19
- v2.2.18
- v2.2.17
- v2.2.16
- v2.2.15
- v2.2.14
- v2.2.13
- v2.2.12
- v2.2.11
- v2.2.10
- v2.2.9
- v2.2.8
- v2.2.7
- v2.2.6
- v2.2.5
- v2.2.4
- v2.2.3
- v2.2.2
- v2.2.1
- v2.2.0
- v2.1.71
- v2.1.70
- v2.1.69
- v2.1.68
- v2.1.67
- v2.1.66
- v2.1.65
- v2.1.64
- v2.1.63
- v2.1.62
- v2.1.61
- v2.1.57
- v2.1.56
- v2.1.55
- v2.1.54
- v2.1.53
- v2.1.52
- v2.1.51
- v2.1.50
- v2.1.49
- v2.1.48
- v2.1.47
- v2.1.46
- v2.1.45
- v2.1.44
- v2.1.43
- v2.1.42
- v2.1.41
- v2.1.40
- v2.1.39
- v2.1.38
- v2.1.37
- v2.1.36
- v2.1.35
- v2.1.34
- v2.1.33
- v2.1.32
- v2.1.31
- v2.1.30
- v2.1.29
- v2.1.28
- v2.1.27
- v2.1.26
- v2.1.25
- v2.1.24
- v2.1.23
- v2.1.22
- v2.1.21
- v2.1.20
- v2.1.19
- v2.1.18
- v2.1.17
- v2.1.16
- v2.1.15
- v2.1.14
- v2.1.13
- v2.1.12
- v2.1.11
- v2.1.10
- v2.1.9
- v2.1.8
- v2.1.7
- v2.1.6
- v2.1.5
- v2.1.4
- v2.1.3
- v2.1.2
- v2.1.1
- v2.1.0
- 2.0.0
- 1.0.0
- dev-l10n_main
This package is auto-updated.
Last update: 2024-12-19 11:54:36 UTC
README
Public user management bundle for Roadiz v2
Installation
Make sure Composer is installed globally, as explained in the installation chapter of the Composer documentation.
Applications that use Symfony Flex
Open a command console, enter your project directory and execute:
$ composer require roadiz/user-bundle
Applications that don't use Symfony Flex
Step 1: Download the Bundle
Open a command console, enter your project directory and execute the following command to download the latest stable version of this bundle:
$ composer require roadiz/user-bundle
Step 2: Enable the Bundle
Then, enable the bundle by adding it to the list of registered bundles
in the config/bundles.php
file of your project:
// config/bundles.php return [ // ... \RZ\Roadiz\UserBundle\RoadizUserBundle::class => ['all' => true], ];
Configuration
- Copy API Platform resource configuration files to your Roadiz project
api_resource
folder:./config/api_resources/user.yaml
./config/api_resources/me.yaml
- Edit your
./config/packages/framework.yaml
file with:
framework: rate_limiter: user_signup: policy: 'token_bucket' limit: 5 rate: { interval: '1 minutes', amount: 3 } cache_pool: 'cache.user_signup_limiter' password_request: policy: 'token_bucket' limit: 3 rate: { interval: '1 minutes', amount: 3 } cache_pool: 'cache.password_request_limiter' password_reset: policy: 'token_bucket' limit: 3 rate: { interval: '1 minutes', amount: 3 } cache_pool: 'cache.password_reset_limiter'
- Edit your
./config/packages/cache.yaml
file with:
framework: cache: pools: cache.user_signup_limiter: ~ cache.password_request_limiter: ~ cache.password_reset_limiter: ~
- Edit your
./config/packages/security.yaml
file with:
security: access_control: # Prepend user routes configuration before API Platform ones # Public routes must be defined before protected ones - { path: "^/api/users/login_link_check", methods: [ POST ], roles: PUBLIC_ACCESS } - { path: "^/api/users/login_link", methods: [ POST ], roles: PUBLIC_ACCESS } - { path: "^/api/users/signup", methods: [ POST ], roles: PUBLIC_ACCESS } - { path: "^/api/users/password_request", methods: [ POST ], roles: PUBLIC_ACCESS } - { path: "^/api/users/password_reset", methods: [ PUT ], roles: PUBLIC_ACCESS } # ... - { path: "^/api", roles: ROLE_BACKEND_USER, methods: [ POST, PUT, PATCH, DELETE ] } - { path: "^/api/users", methods: [ GET, PUT, PATCH, POST ], roles: ROLE_USER }
- Edit your
./.env
file with:
USER_PASSWORD_RESET_URL=https://your-public-url.test/reset USER_VALIDATION_URL=https://your-public-url.test/validate USER_PASSWORD_RESET_EXPIRES_IN=600 USER_VALIDATION_EXPIRES_IN=3600
- Update your CORS configuration with additional headers
Www-Authenticate
andx-g-recaptcha-response
:
# config/packages/nelmio_cors.yaml nelmio_cors: defaults: # ... allow_headers: ['Content-Type', 'Authorization', 'Www-Authenticate', 'x-g-recaptcha-response'] expose_headers: ['Link', 'Www-Authenticate']
Passwordless user creation and authentication
You can switch your public users to PasswordlessUser
and set up a login link authentication process along with
user creation process.
First you need to configure a public login link route:
# config/routes.yaml public_login_link_check: path: /api/users/login_link_check methods: [POST]
Then you need to configure your security.yaml file to use login_link
authentication process in your API firewall.
You must use all_users
provider to be able to use Roadiz User provider during the login_link authentication process.
# config/packages/security.yaml # https://symfony.com/bundles/LexikJWTAuthenticationBundle/current/8-jwt-user-provider.html#symfony-5-3-and-higher api: pattern: ^/api stateless: true # We need to use all_users provider to be able to use Roadiz User provider # during the login_link authentication process provider: all_users jwt: ~ login_link: check_route: public_login_link_check check_post_only: true success_handler: lexik_jwt_authentication.handler.authentication_success failure_handler: lexik_jwt_authentication.handler.authentication_failure signature_properties: [ 'email' ] # lifetime in seconds lifetime: 600 max_uses: 3
Public login link creation
Then you'll need a public route to request a login-link. In your project create a new App\Controller\SecurityController
and add a new route /api/users/login_link
:
<?php declare(strict_types=1); namespace App\Controller; use RZ\Roadiz\CoreBundle\Repository\UserRepository; use RZ\Roadiz\CoreBundle\Security\LoginLink\LoginLinkSenderInterface; use Symfony\Component\HttpFoundation\JsonResponse; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Routing\Attribute\Route; use Symfony\Component\Security\Http\LoginLink\LoginLinkHandlerInterface; final readonly class SecurityController { public function __construct( private LoginLinkSenderInterface $loginLinkSender, ) { } #[Route('/api/users/login_link', name: 'public_user_login_link_request', methods: ['POST'])] public function requestLoginLink( LoginLinkHandlerInterface $loginLinkHandler, UserRepository $userRepository, Request $request ): Response { // load the user in some way (e.g. using the form input) $email = $request->getPayload()->get('email'); $user = $userRepository->findOneBy(['email' => $email]); if (null === $user) { // Do not leak if a user exists or not return new JsonResponse(null, Response::HTTP_NO_CONTENT); } // create a login link for $user this returns an instance // of LoginLinkDetails $loginLinkDetails = $loginLinkHandler->createLoginLink($user, $request); $this->loginLinkSender->sendLoginLink($user, $loginLinkDetails); return new JsonResponse(null, Response::HTTP_NO_CONTENT); } }
Register your controller:
# config/services.yaml services: App\Controller\SecurityController: tags: [ 'controller.service_arguments' ]
Override login link URL
Roadiz User Bundle provides a custom Symfony\Component\Security\Http\LoginLink\LoginLinkHandlerInterface
service to generate a login-link with a different base-uri,
all you need is to register RZ\Roadiz\UserBundle\Security\FrontendLoginLinkHandler
service in your project with its mandatory arguments:
# config/services.yaml services: RZ\Roadiz\UserBundle\Security\FrontendLoginLinkHandler: decorates: Symfony\Component\Security\Http\LoginLink\LoginLinkHandlerInterface arguments: $decorated: '@RZ\Roadiz\UserBundle\Security\FrontendLoginLinkHandler.inner' $frontendLoginCheckRoute: '%frontend_login_check_route%' $frontendLoginLinkRequestRoutes: - 'frontend_user_login_link_request' - 'public_user_login_link_request' - 'api_user_signup' $signatureHasher: '@security.authenticator.login_link_signature_hasher.api_login_link'
Now for each $frontendLoginLinkRequestRoutes
login_link will be generated using $frontendLoginCheckRoute
base URL
Public users roles
ROLE_PUBLIC_USER
: Default role for public usersROLE_PASSWORDLESS_USER
: Role for public users authenticated with a login linkROLE_EMAIL_VALIDATED
: Role for public users added since they validated their email address, through a validation token or a login link
Maintenance commands
bin/console users:purge-validation-tokens
: Delete all expired user validation tokensbin/console users:inactive -d 60 -r ROLE_PUBLIC_USER -m ROLE_EMAIL_VALIDATED -v
: Delete all inactive public users that did not logged-in for 60 days. Notice that this command example only displays users that do not haveROLE_EMAIL_VALIDATED
role.
Contributing
Report issues and send Pull Requests in the main Roadiz repository