From acb8f0b4443fda185213a6f5dfeba543a855d4a7 Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Mon, 16 Sep 2019 15:12:36 +0200 Subject: [PATCH] Removed the article about the registration form --- doctrine/registration_form.rst | 248 ++------------------------------- forms.rst | 6 + 2 files changed, 15 insertions(+), 239 deletions(-) diff --git a/doctrine/registration_form.rst b/doctrine/registration_form.rst index ff3ee4d4be2..b22499a6ae8 100644 --- a/doctrine/registration_form.rst +++ b/doctrine/registration_form.rst @@ -6,242 +6,12 @@ How to Implement a Registration Form ==================================== -The basics of creating a registration form are the same as any normal form. After -all, you are creating an object with it (a user). However, since this is related -to security, there are some additional aspects. This article explains it all. - -Before you get Started ----------------------- - -To create the registration form, make sure you have these 3 things ready: - -**1) Install MakerBundle** - -Make sure MakerBundle is installed: - -.. code-block:: terminal - - $ composer require --dev symfony/maker-bundle - -If you need any other dependencies, MakerBundle will tell you when you run each -command. - -**2) Create a User Class** - -If you already have a :ref:`User class `, great! If not, you -can generate one by running: - -.. code-block:: terminal - - $ php bin/console make:user - -For more info, see :ref:`create-user-class`. - -**3) (Optional) Create a Guard Authenticator** - -If you want to automatically authenticate your user after registration, create -a Guard authenticator before generating your registration form. For details, see -the :ref:`firewalls-authentication` section on the main security page. - -Adding the Registration System ------------------------------- - -To easiest way to build your registration form is by using the ``make:registration-form`` -command: - -.. versionadded:: 1.11 - - The ``make:registration-form`` was introduced in MakerBundle 1.11.0. - -.. code-block:: terminal - - $ php bin/console make:registration-form - -This command needs to know several things - like your ``User`` class and information -about the properties on that class. The questions will vary based on your setup, -because the command will guess as much as possible. - -When the command is done, congratulations! You have a functional registration form -system that's ready for you to customize. The generated files will look something -like what you see below. - -RegistrationFormType -~~~~~~~~~~~~~~~~~~~~ - -The form class for the registration form will look something like this:: - - namespace App\Form; - - use App\Entity\User; - use Symfony\Component\Form\AbstractType; - use Symfony\Component\Form\Extension\Core\Type\PasswordType; - use Symfony\Component\Form\FormBuilderInterface; - use Symfony\Component\OptionsResolver\OptionsResolver; - use Symfony\Component\Validator\Constraints\Length; - use Symfony\Component\Validator\Constraints\NotBlank; - - class RegistrationFormType extends AbstractType - { - public function buildForm(FormBuilderInterface $builder, array $options) - { - $builder - ->add('email') - ->add('plainPassword', PasswordType::class, [ - // instead of being set onto the object directly, - // this is read and encoded in the controller - 'mapped' => false, - 'constraints' => [ - new NotBlank([ - 'message' => 'Please enter a password', - ]), - new Length([ - 'min' => 6, - 'minMessage' => 'Your password should be at least {{ limit }} characters', - 'max' => 4096, - ]), - ], - ]) - ; - } - - public function configureOptions(OptionsResolver $resolver) - { - $resolver->setDefaults([ - 'data_class' => User::class, - ]); - } - } - -.. _registration-password-max: - -.. sidebar:: Why the 4096 Password Limit? - - Notice that the ``plainPassword`` field has a max length of 4096 characters. - For security purposes (`CVE-2013-5750`_), Symfony limits the plain password - length to 4096 characters when encoding it. Adding this constraint makes - sure that your form will give a validation error if anyone tries a super-long - password. - - You'll need to add this constraint anywhere in your application where - your user submits a plaintext password (e.g. change password form). The - only place where you don't need to worry about this is your login form, - since Symfony's Security component handles this for you. - -RegistrationController -~~~~~~~~~~~~~~~~~~~~~~ - -The controller builds the form and, on submit, encodes the plain password and -saves the user:: - - namespace App\Controller; - - use App\Entity\User; - use App\Form\RegistrationFormType; - use App\Security\StubAuthenticator; - use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; - use Symfony\Component\HttpFoundation\Request; - use Symfony\Component\HttpFoundation\Response; - use Symfony\Component\Routing\Annotation\Route; - use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface; - use Symfony\Component\Security\Guard\GuardAuthenticatorHandler; - - class RegistrationController extends AbstractController - { - /** - * @Route("/register", name="app_register") - */ - public function register(Request $request, UserPasswordEncoderInterface $passwordEncoder): Response - { - $user = new User(); - $form = $this->createForm(RegistrationFormType::class, $user); - $form->handleRequest($request); - - if ($form->isSubmitted() && $form->isValid()) { - // encode the plain password - $user->setPassword( - $passwordEncoder->encodePassword( - $user, - $form->get('plainPassword')->getData() - ) - ); - - $entityManager = $this->getDoctrine()->getManager(); - $entityManager->persist($user); - $entityManager->flush(); - - // do anything else you need here, like send an email - - return $this->redirectToRoute('app_homepage'); - } - - return $this->render('registration/register.html.twig', [ - 'registrationForm' => $form->createView(), - ]); - } - } - -register.html.twig -~~~~~~~~~~~~~~~~~~ - -The template renders the form: - -.. code-block:: html+twig - - {% extends 'base.html.twig' %} - - {% block title %}Register{% endblock %} - - {% block body %} -

Register

- - {{ form_start(registrationForm) }} - {{ form_row(registrationForm.email) }} - {{ form_row(registrationForm.plainPassword) }} - - - {{ form_end(registrationForm) }} - {% endblock %} - -Adding a "accept terms" Checkbox --------------------------------- - -Sometimes, you want a "Do you accept the terms and conditions" checkbox on your -registration form. The only trick is that you want to add this field to your form -without adding an unnecessary new ``termsAccepted`` property to your ``User`` entity -that you'll never need. - -To do this, add a ``termsAccepted`` field to your form, but set its -:ref:`mapped ` option to ``false``:: - - // src/Form/UserType.php - // ... - use Symfony\Component\Form\Extension\Core\Type\CheckboxType; - use Symfony\Component\Form\Extension\Core\Type\EmailType; - use Symfony\Component\Validator\Constraints\IsTrue; - - class UserType extends AbstractType - { - public function buildForm(FormBuilderInterface $builder, array $options) - { - $builder - ->add('email', EmailType::class) - // ... - ->add('termsAccepted', CheckboxType::class, [ - 'mapped' => false, - 'constraints' => new IsTrue(), - ]) - ; - } - } - -The :ref:`constraints ` option is also used, which allows -us to add validation, even though there is no ``termsAccepted`` property on ``User``. - -Manually Authenticating after Success -------------------------------------- - -If you're using Guard authentication, you can :ref:`automatically authenticate ` -after registration is successful. The generator may have already configured your -controller to take advantage of this. - -.. _`CVE-2013-5750`: https://symfony.com/blog/cve-2013-5750-security-issue-in-fosuserbundle-login-form +This article has been removed because it only explained things that are +already explained in other articles. Specifically, to implement a registration +form you must: + +#. :ref:`Define a class to represent users `; +#. :doc:`Create a form ` to ask for the registration information; +#. Create :doc:`a controller ` to :ref:`process the form `; +#. :ref:`Protect some parts of your application ` so + only registered users can access to them. diff --git a/forms.rst b/forms.rst index 41bcb41dad6..b902e53ba3e 100644 --- a/forms.rst +++ b/forms.rst @@ -188,6 +188,11 @@ implements the interface and provides some utilities:: } } +.. tip:: + + Install the `MakerBundle`_ in your project to generate form classes using + the ``make:form`` and ``make:registration-form`` commands. + The form class contains all the directions needed to create the task form. In controllers extending from the :ref:`AbstractController `, use the ``createForm()`` helper (otherwise, use the ``create()`` method of the @@ -968,3 +973,4 @@ Misc.: /form/without_class .. _`Symfony Forms screencast series`: https://symfonycasts.com/screencast/symfony-forms +.. _`MakerBundle`: https://symfony.com/doc/current/bundles/SymfonyMakerBundle/index.html