Add sign in form

1 year ago · 34fc4a466c
parent 544624172d
commit 34fc4a466c
5 changed files with 133 additions and 42 deletions
--- a/.env
+++ b/.env
@ -39,5 +39,5 @@ MESSENGER_TRANSPORT_DSN=doctrine://default?auto_setup=0
 ###> symfony/mailer ###
 # MAILER_DSN=null://null
 MAILER_EMAIL=jul.rosset@gmail.com
-MAILER_NAME=WebEDM Mail Bot
+MAILER_NAME="WebEDM Mail Bot"
 ###< symfony/mailer ###
--- a/composer.json
+++ b/composer.json
@ -32,6 +32,7 @@
        "symfony/process":                 "6.4.*",
        "symfony/property-access":         "6.4.*",
        "symfony/property-info":           "6.4.*",
+        "symfony/rate-limiter":            "6.4.*",
        "symfony/runtime":                 "6.4.*",
        "symfony/security-bundle":         "6.4.*",
        "symfony/serializer":              "6.4.*",
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@ -17,6 +17,22 @@ security:
            lazy: true
            provider: app_user_provider
            user_checker: App\Security\UserChecker
+            login_throttling:
+                max_attempts: 3          # per minute
+            form_login:
+                login_path: user_signIn
+                check_path: user_signIn
+                enable_csrf: true
+            remember_me:
+                secret: '%kernel.secret%'
+                lifetime: 604800                # 1 week, in seconds
+                secure: true
+                samesite: strict
+                signature_properties: [ 'password', 'validationAdministrator', 'validationDate' ]
+            logout:
+                path: user_signOut
+                # where to redirect after logout
+                # target: app_any_route

            # activate different ways to authenticate
            # https://symfony.com/doc/current/security.html#the-firewall
--- a/src/Controller/UserController.php
+++ b/src/Controller/UserController.php
@ -7,6 +7,7 @@ use App\Form\SignUpFormType;
 use App\Repository\UserRepository;
 use App\Security\EmailVerifier;
 use Doctrine\ORM\EntityManagerInterface;
+use LogicException;
 use Symfony\Bridge\Twig\Mime\TemplatedEmail;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Request;
@ -15,6 +16,7 @@ use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
 use Symfony\Component\Mime\Address;
 use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
 use Symfony\Component\Routing\Attribute\Route;
+use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
 use Symfony\Contracts\Translation\TranslatorInterface;
 use SymfonyCasts\Bundle\VerifyEmail\Exception\VerifyEmailExceptionInterface;

@ -86,7 +88,6 @@ class UserController extends AbstractController {
            'registrationForm' => $form,
        ]);
    }
-
    /**
     * User email verification
     *
@ -120,4 +121,46 @@ class UserController extends AbstractController {
        $this->addFlash('success', 'Your email address has been verified, now please wait for an administrator confirmation');
        return $this->redirectToRoute('core_main');
    }
+
+    /**
+     * Sign in a user
+     *
+     * @param AuthenticationUtils $authenticationUtils Security errors from query
+     *
+     * @return Response The response
+     */
+    #[Route(path: '/signIn', name: 'user_signIn')]
+    public function login (AuthenticationUtils $authenticationUtils): Response {
+        /** @var User|null $user */
+        $user = $this->getUser();
+        if ($user !== null) {
+            $this->addFlash(
+                'warning',
+                'You are already logged in, please <a href="' . $this->generateUrl('user_signOut') . '">sign out</a> first.'
+            );
+        }
+
+        $error = $authenticationUtils->getLastAuthenticationError();
+
+        $lastUsername = $authenticationUtils->getLastUsername();
+        return $this->render(
+            'user/signIn.html.twig',
+            [
+                'last_username' => $lastUsername,
+                'error'         => $error,
+            ]
+        );
+    }
+
+    /**
+     * Sign out
+     *
+     * <b>NOTE :</b> dummy controller, intercepted by firewall
+     *
+     * @return void
+     */
+    #[Route(path: '/signOut', name: 'user_signOut')]
+    public function logout (): void {
+        throw new LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
+    }
 }
--- a/templates/user/signIn.html.twig
+++ b/templates/user/signIn.html.twig
@ -0,0 +1,31 @@
+{% extends 'base.html.twig' %}
+
+{% block title %}Log in!{% endblock %}
+
+{% block mainContent %}
+    <h1>Sign in</h1>
+    <form method="post">
+        {% if error %}
+            <div class="alert alert-danger">{{ error.messageKey|trans(error.messageData, 'security') }}</div>
+        {% endif %}
+
+        <label for="username">Email</label>
+        <input type="email" value="{{ last_username }}" name="_username" id="username" class="form-control" autocomplete="email" required autofocus>
+
+        <label for="password">Password</label>
+        <input type="password" name="_password" id="password" class="form-control" autocomplete="current-password" required>
+
+        <input type="hidden" name="_csrf_token"
+               value="{{ csrf_token('authenticate') }}"
+        >
+
+        <div class="checkbox mb-3">
+            <label>
+                <input type="checkbox" name="_remember_me" id="remember_me">
+                <label for="remember_me">Remember me</label>
+            </label>
+        </div>
+
+        <button class="btn btn-lg btn-primary" type="submit">Sign in</button>
+    </form>
+{% endblock %}