Connect Holland User Bundle

User bundle for Symfony 4.4 and 5 projects

Functionality

This bundle will be extendible and provide:

• Simple registration form
• Simple login form
• A Command to create users with their roles
• An e-mail message with a secure link to complete account registration
• Recover password functionality
• Ability to 'switch on' OAuth (Google/GitHub/Facebook/etc)
• Being API accessable
• Ability to 'switch on' MFA

Environment

Set the environment variables to be able to send e-mails.

USERBUNDLE_FROM_EMAILADDRESS=[email protected]

Create a user

To create a new user run:

./bin/console connectholland:user:create [email protected] p@$$w0rd --role=ROLE_USER

OAuth

If the app needs OAuth login the HWI OAuth bundle should be required and suitable configuration should be added.

Install the bundle:

composer require hwi/oauth-bundle 

Uncomment the oauth include in the routing.

Add environment variables to enable a specific OAuth provider (resource). E.g. for google:

USERBUNDLE_OAUTH_GOOGLE_ID=xxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
USERBUNDLE_OAUTH_GOOGLE_SECRET=XXXXXXXXXXX-xx_xx_xxxxx
USERBUNDLE_OAUTH_GOOGLE_SCOPE='email profile'
# Options specific for the provider can be added in a json encoded string like below.
USERBUNDLE_OAUTH_GOOGLE_OPTIONS={"hd": "connectholland.nl"}

Add (automated) routing configuration:

# config/routes/connectholland_user.yaml
connectholland_user_oauth:
    resource: '@ConnecthollandUserBundle/Resources/config/routing_oauth.yaml'
    prefix: '/'

JTW Token support

If the app needs JTW token support, the Lexik JWT Authentication bundle should be required and suitable configuration should be added.

Intstall the bundle:

composer require lexik/jwt-authentication-bundle

Generate public and secret keys as described in Lexik JWT Authentication bunle documentation. Set the location of the keys relative to the project root as environment variables JWT_SECRET_KEY and JWT_PUBLIC_KEY and set the passphrase used as JWT_PASSPHRASE

API Support

To add API support, install the API Platform and JWT Authentication configure the firewall and add an authentication route.

composer req api-pack jwt-auth

# Example of the security settings for your project.
# config/packages/security.yaml
    firewalls:
        api_login:
            pattern: ^/api/users/authenticate
            stateless: true
            anonymous: true
            provider: app_user_provider
            json_login:
                check_path:                 /api/users/authenticate
                success_handler:            lexik_jwt_authentication.handler.authentication_success
                failure_handler:            lexik_jwt_authentication.handler.authentication_failure
                require_previous_session:   false

        api:
            pattern: ^/api
            stateless: true
            anonymous: true
            provider: app_user_provider
            json_login:
                check_path:                 /api/users/authenticate
                success_handler:            lexik_jwt_authentication.handler.authentication_success
                failure_handler:            lexik_jwt_authentication.handler.authentication_failure
                require_previous_session:   false
            guard:
                authenticators:
                    - lexik_jwt_authentication.jwt_token_authenticator

    access_control:
        - { path: ^/api/authenticate, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api, roles: ROLE_USER }

# config/routes.yaml
api_authenticate:
    path: /api/users/authenticate

For example:

###> lexik/jwt-authentication-bundle ###
JWT_SECRET_KEY=config/jwt/private.pem
JWT_PUBLIC_KEY=config/jwt/public.pem
JWT_PASSPHRASE=DEVELOPMENT-KSZEW-YHMIE-XWWCL-DBGPQ-MSYCU-RJRWL-UIYBH-TPNXM-GJTVU-BRDQI-XWXHX
###< lexik/jwt-authentication-bundle ###

Security configuration example

security:
    encoders:
        Symfony\Component\Security\Core\User\UserInterface:
            algorithm: auto

    providers:
        app_user_provider:
            entity:
                class: ConnectHolland\UserBundle\Entity\User
                property: email
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            anonymous: true
            guard:
                authenticators:
                    - ConnectHolland\UserBundle\Security\UserBundleAuthenticator
            logout:
                path: connectholland_user_logout
            oauth:
                use_forward: false
                resource_owners:
                    # The resource_owners routing postfixes are a composition of the firewall name and the resource name
                    google: connectholland_user_oauth_check_main_google
                    facebook: connectholland_user_oauth_check_main_facebook
                    linkedin: connectholland_user_oauth_check_main_linkedin
                    # etcetera
                login_path: connectholland_user_login
                failure_path: connectholland_user_login
                oauth_user_provider:
                    service: ConnectHolland\UserBundle\Security\OAuthUserProvider

    access_control:
        - { path: ^/(login|inloggen|register|registreren|password-reset|wachtwoord-vergeten), roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/, roles: [ROLE_OAUTH, ROLE_ADMIN ] }

Extend User entity

If you want to extend the User entity, you should clone User and add it as entity in your own project.