19:["$","div",null,{"className":"bg-theme dark:bg-gray-1400 h-dvh w-dvw flex flex-col","children":[["$","a",null,{"href":"#main-content","className":"absolute left-4 top-0 focus-visible:top-4 bg-blue-700 text-white rounded-4 text-xs p-4 z-50 transform -translate-y-full focus-visible:translate-y-0 otransition","children":"Skip to main content"}],"$L36","$L37",["$","div",null,{"role":"main","id":"main-content","className":"relative overflow-y-auto items-center flex flex-col","tabIndex":-1,"children":[["$","div",null,{"className":"max-w-[62.5rem] w-full pt-24 lg:pt-48 px-20 md:px-24","children":["$","$L38",null,{"rootHref":"/learn/course-paths?courseSlug=securing-your-symfony-mvc-app&unitSlug=implementing-login-and-securing-routes","pathBreadcrumb":{"key":"94","title":"Implementing MVC ToDo App with PHP Symfony","href":"/learn/paths/implementing-mvc-todo-app-with-php-symfony"},"courseBreadcrumb":{"key":"451","title":"Securing your Symfony MVC App","href":"/learn/courses/securing-your-symfony-mvc-app","options":[{"key":"448","href":"/learn/courses/php-symfony-basics","imageUrl":"https://d3dq4v2xxejk8c.cloudfront.net/uploads/54260647-0064-46ef-88ee-0a15fc7dcb2c_optimized.jpg","numLessons":4,"numPractices":16,"active":false,"label":"PHP Symfony Basics","completedAt":"$undefined","completionRatio":"$undefined"},{"key":"449","href":"/learn/courses/building-a-mvc-todo-app-with-symfony","imageUrl":"https://d3dq4v2xxejk8c.cloudfront.net/uploads/ShtnAiBXaswzEJTgy_cover2.0.jpg","numLessons":4,"numPractices":20,"active":false,"label":"Building a MVC ToDo App with Symfony","completedAt":"$undefined","completionRatio":"$undefined"},{"key":"450","href":"/learn/courses/adding-enterprise-features-to-your-symfony-mvc-app","imageUrl":"https://d3dq4v2xxejk8c.cloudfront.net/uploads/1570103d-5809-4212-8f4d-e97443d209f9_optimized.jpg","numLessons":4,"numPractices":17,"active":false,"label":"Adding Enterprise Features to your Symfony MVC App","completedAt":"$undefined","completionRatio":"$undefined"},{"key":"451","href":"/learn/courses/securing-your-symfony-mvc-app","imageUrl":"https://d3dq4v2xxejk8c.cloudfront.net/uploads/ca5c6de9-6a11-41d3-ad98-81630c8e577e_optimized.jpg","numLessons":4,"numPractices":18,"active":true,"label":"Securing your Symfony MVC App","completedAt":"$undefined","completionRatio":"$undefined"}]},"lessonBreadcrumb":{"key":"3446","title":"Implementing Login and Securing Routes","options":[{"key":"3444","href":"/learn/courses/securing-your-symfony-mvc-app/lessons/implementing-user-registration","active":false,"label":"Implementing User Registration","completedAt":"$undefined"},{"key":"3445","href":"/learn/courses/securing-your-symfony-mvc-app/lessons/hashing-passwords-during-registration","active":false,"label":"Hashing Passwords During Registration","completedAt":"$undefined"},{"key":"3446","href":"/learn/courses/securing-your-symfony-mvc-app/lessons/implementing-login-and-securing-routes","active":true,"label":"Implementing Login and Securing Routes","completedAt":"$undefined"},{"key":"3447","href":"/learn/courses/securing-your-symfony-mvc-app/lessons/enabling-users-to-logout","active":false,"label":"Enabling Users to Logout","completedAt":"$undefined"}]}}]}],["$","div",null,{"className":"max-w-[62.5rem] w-full pt-24 pb-60 px-20 md:px-24 space-y-32 md:space-y-48","children":[["$","div",null,{"className":"mx-auto h-[12rem] w-[21.25rem] md:h-[25.5rem] md:w-[45rem] lg:h-[33.5rem] lg:w-[59.5rem] shrink-0","children":["$","$L39",null,{"src":"https://k3-production-bucket.s3.amazonaws.com/uploads/f2c01f05-483d-4fcc-9c69-2abcb5743992_combined_video.mp4","thumbnailUrl":"https://k3-production-bucket.s3.amazonaws.com/uploads/e8301c57-fdc1-41c7-858f-0b931d05d294_slide-1.png","mimeType":"video/mp4","speed":1,"forcePause":false}]}],[["$","div","15813",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Implementing Login and Securing Routes"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":["Welcome back! In the previous lesson, we enhanced the security of our ",["$","strong","strong-0",{"children":"Symfony MVC"}]," application by hashing passwords during user registration. Now, it's time to take another crucial step in securing our application: implementing user login and securing routes."]}],"\n",["$","p","p-1",{"children":[["$","strong","strong-0",{"children":"Authentication"}]," ensures that only registered users can access certain parts of your application, while ",["$","strong","strong-1",{"children":"authorization"}]," controls what those users can do within the app. By the end of this lesson, you will be able to add user login functionality and secure routes in your Symfony MVC application."]}]]}]]}],["$","div","15814",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Installing Symfony's Security Bundle"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":"Before we start implementing the security features, we need to ensure that Symfony's security bundle is installed in our project. This bundle provides all the necessary tools and configuration options to manage authentication and authorization."}],"\n",["$","p","p-1",{"children":"To install the security bundle, run the following Composer command:"}],"\n",["$","div","pre-0",{"className":"my-24","children":["$","$L3a",null,{"language":"bash","onClickPlay":"$undefined","display":"block","children":"composer require symfony/security-bundle"}]}],"\n",["$","p","p-2",{"children":"This command will add the security bundle to your project, and Symfony will automatically update your configuration files to include the default security settings."}]]}]]}],["$","div","15815",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Adapting User Entity to Implement UserInterface"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":["First, we need to make our ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"User"}]," entity compatible with Symfony's security system, which requires that the entity implement ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"UserInterface"}]," and ",["$","code","code-2",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"PasswordAuthenticatedUserInterface"}],". These interfaces define the methods necessary for authentication and password management."]}],"\n",["$","p","p-1",{"children":["Here’s how we update our ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"User"}]," entity to implement these interfaces:"]}],"\n",["$","div","pre-0",{"className":"my-24","children":["$","$L3a",null,{"language":"php","onClickPlay":"$undefined","display":"block","children":"$3b"}]}],"\n",["$","p","p-2",{"children":["We implement the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"UserInterface"}]," and ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"PasswordAuthenticatedUserInterface"}]," in our ",["$","code","code-2",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"User"}]," entity to allow Symfony to handle our users correctly for authentication. This ensures that our Symfony application can identify users accurately and manage their roles. For instance, the ",["$","code","code-3",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"getRoles()"}]," method returns the roles assigned to the user, ensuring every user has at least the role ",["$","code","code-4",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"ROLE_USER"}],"."]}]]}]]}],["$","div","15816",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Setting the Role in the UserService"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":["Next, we need to ensure that every new user gets a default role. In our ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"UserService"}],", we set the user's role when we create a new user:"]}],"\n",["$","div","pre-0",{"className":"my-24","children":["$","$L3a",null,{"language":"php","onClickPlay":"$undefined","display":"block","children":"setUsername($username);\n\n $hashedPassword = $this->passwordHasher->hashPassword($user, $plainPassword);\n $user->setPassword($hashedPassword);\n\n $user->setRoles(['ROLE_USER']); // Set default role as 'ROLE_USER'\n\n $this->entityManager->persist($user);\n $this->entityManager->flush();\n\n return $user;\n }\n}"}]}],"\n",["$","p","p-1",{"children":["In the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"create"}]," method, we set a default role ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"ROLE_USER"}]," using the ",["$","code","code-2",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"setRoles"}]," method. This ensures every new user has the role required to access protected routes. By doing this, we control user permissions right from the moment a new user is created, making the application secure by default."]}]]}]]}],["$","div","15817",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Understanding Symfony's Security Bundle"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":["Before we dive into configuring our security settings, let's take a moment to understand how Symfony's security bundle works. This bundle is crucial for managing ",["$","strong","strong-0",{"children":"authentication"}]," (verifying who a user is) and ",["$","strong","strong-1",{"children":"authorization"}]," (determining what a user is allowed to do)."]}],"\n",["$","p","p-1",{"children":"There are several key components within the security bundle:"}],"\n",["$","ol","ol-0",{"className":"list-decimal pl-24 space-y-8","children":["\n",["$","li","li-0",{"children":[["$","strong","strong-0",{"children":"Firewalls"}],": Think of firewalls as gatekeepers that manage the login process and protect certain parts of your application. Firewalls decide whether a user can enter based on their credentials."]}],"\n",["$","li","li-1",{"children":[["$","strong","strong-0",{"children":"Providers"}],": These retrieve user information, like usernames and passwords, from a data source, such as a database."]}],"\n",["$","li","li-2",{"children":[["$","strong","strong-0",{"children":"Encoders/Password Hashers"}],": Tools that securely encode and check user passwords."]}],"\n",["$","li","li-3",{"children":[["$","strong","strong-0",{"children":"Access Control"}],": Rules that define which users or roles have permission to access specific parts of your application."]}],"\n"]}],"\n",["$","p","p-2",{"children":["All these components are configured in a special file called ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"security.yaml"}],". This file is located in the ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"config/packages/"}]," directory of your Symfony project. The ",["$","code","code-2",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"security.yaml"}]," file is essentially the control center for handling how users log in and what they can do within your app. By setting up this file correctly, you ensure your application is secure and that users only access what they are supposed to."]}]]}]]}],["$","div","15818",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Configuring the Authenticator Manager in security.yaml"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":["Let's start by understanding how to configure the security settings in the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"security.yaml"}]," file:"]}],"\n",["$","div","pre-0",{"className":"my-24","children":["$","$L3a",null,{"language":"yaml","onClickPlay":"$undefined","display":"block","children":"security:\n # Enables the new authenticator-based system\n enable_authenticator_manager: true\n\n password_hashers:\n App\\Entity\\User:\n # Automatically select the best hashing algorithm\n algorithm: auto\n\n providers:\n app_user_provider:\n entity:\n # User entity class\n class: App\\Entity\\User\n # Unique property used to load the user\n property: username"}]}],"\n",["$","p","p-1",{"children":"Here’s what each section does:"}],"\n",["$","ul","ul-0",{"className":"list-disc pl-16 space-y-8","children":["\n",["$","li","li-0",{"children":[["$","strong","strong-0",{"children":"enable_authenticator_manager"}],": This enables Symfony’s new system for handling authentication."]}],"\n",["$","li","li-1",{"children":[["$","strong","strong-0",{"children":"password_hashers"}],": This part configures how passwords are hashed (encrypted) when users are interacting with our ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"User"}]," entity."]}],"\n",["$","li","li-2",{"children":[["$","strong","strong-0",{"children":"providers"}],": This defines where Symfony should look for user data. We specify the User entity and the unique identifier (username) used to load the user."]}],"\n"]}]]}]]}],["$","div","15819",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Setting Up the Firewalls in security.yaml"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":"Now we will set up the firewalls that control access to different parts of our application:"}],"\n",["$","div","pre-0",{"className":"my-24","children":["$","$L3a",null,{"language":"yaml","onClickPlay":"$undefined","display":"block","children":" firewalls:\n dev:\n # Matches paths for development tools and assets\n pattern: ^/(_(profiler|wdt)|css|images|js)/\n # Disable security for these paths\n security: false\n\n main:\n # Lazy load the firewall\n lazy: true\n # Use the app_user_provider for user data\n provider: app_user_provider\n\n form_login:\n # Path to the login page and login check route\n login_path: user_auth\n check_path: user_auth\n # Default path after successful login\n default_target_path: todo_list\n # Always redirect to the default path after login\n always_use_default_target_path: true"}]}],"\n",["$","p","p-1",{"children":"Here’s a breakdown:"}],"\n",["$","ul","ul-0",{"className":"list-disc pl-16 space-y-8","children":["\n",["$","li","li-0",{"children":[["$","strong","strong-0",{"children":"dev firewall"}],": Disables security for development tools and assets like CSS and JavaScript files."]}],"\n",["$","li","li-1",{"children":[["$","strong","strong-0",{"children":"main firewall"}],": This is where the main application security is configured with ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"form_login"}]," for handling user login:\n",["$","ul","ul-0",{"className":"list-disc pl-16 space-y-8","children":["\n",["$","li","li-0",{"children":[["$","strong","strong-0",{"children":"login_path"}],": The route for displaying the login form."]}],"\n",["$","li","li-1",{"children":[["$","strong","strong-0",{"children":"check_path"}],": The same route used to check login credentials."]}],"\n",["$","li","li-2",{"children":[["$","strong","strong-0",{"children":"default_target_path"}],": Where users are redirected after a successful login."]}],"\n",["$","li","li-3",{"children":[["$","strong","strong-0",{"children":"always_use_default_target_path"}],": Always redirect users to the default path after login."]}],"\n"]}],"\n"]}],"\n"]}],"\n",["$","p","p-2",{"children":"Even if you haven’t explicitly created a login route, Symfony manages this process using these settings. You simply specify where the login form should be shown and where to redirect after login."}]]}]]}],["$","div","15820",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Configuring Access Control in security.yaml"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":"Finally, we define access rules based on user roles:"}],"\n",["$","div","pre-0",{"className":"my-24","children":["$","$L3a",null,{"language":"yaml","onClickPlay":"$undefined","display":"block","children":" access_control:\n # Require ROLE_USER for routes with /todos\n - { path: ^/todos, roles: ROLE_USER }\n # Allow public access to other routes\n - { path: ^/, roles: PUBLIC_ACCESS }"}]}],"\n",["$","p","p-1",{"children":"Here’s how it works:"}],"\n",["$","ul","ul-0",{"className":"list-disc pl-16 space-y-8","children":["\n",["$","li","li-0",{"children":[["$","strong","strong-0",{"children":["ROLE_USER for ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"/todos"}]]}],": Only users with the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"ROLE_USER"}]," can access routes starting with ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"/todos"}],"."]}],"\n",["$","li","li-1",{"children":[["$","strong","strong-0",{"children":"PUBLIC_ACCESS for other routes"}],": Everyone can access other routes, including the authentication page, without needing to log in."]}],"\n"]}],"\n",["$","p","p-2",{"children":"These rules ensure that only authorized users can access certain routes, while still allowing public access to other essential routes. This makes your application secure by default."}]]}]]}],["$","div","15821",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Adapting the Template for User Login"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":["To complete the implementation, we need a user-friendly login interface. We'll create a simple login form using ",["$","strong","strong-0",{"children":"Twig"}],":"]}],"\n",["$","div","pre-0",{"className":"my-24","children":["$","$L3a",null,{"language":"html","onClickPlay":"$undefined","display":"block","children":"\n\n\n User Authentication\n\n\n

User Authentication

\n\n {% for message in app.flashes('success') %}\n

\n {{ message }}\n

\n {% endfor %}\n\n {% for message in app.flashes('error') %}\n

\n {{ message }}\n

\n {% endfor %}\n\n \n\n"}]}],"\n",["$","p","p-1",{"children":["This HTML form provides fields for the username and password. The ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"login_path"}]," is set to the ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"user_auth"}]," route, defined in ",["$","code","code-2",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"security.yaml"}],". Here's how this works as a login system:"]}],"\n",["$","ul","ul-0",{"className":"list-disc pl-16 space-y-8","children":["\n",["$","li","li-0",{"children":[["$","strong","strong-0",{"children":"Route Definition"}],": The ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"user_auth"}]," route refers to a controller action responsible for rendering this login template as well as handling the form submission."]}],"\n",["$","li","li-1",{"children":[["$","strong","strong-0",{"children":"Form Submission"}],": When a user submits the form, the credentials are sent via POST to the same ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"user_auth"}]," route."]}],"\n",["$","li","li-2",{"children":[["$","strong","strong-0",{"children":"Form Handling"}],": Symfony automatically processes the login credentials, validates them against the user data from the provider, and checks the hashed passwords."]}],"\n",["$","li","li-3",{"children":[["$","strong","strong-0",{"children":"Redirection"}],": If the authentication is successful, the user is redirected to the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"default_target_path"}]," (",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"todo_list"}],"), as set in ",["$","code","code-2",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"security.yaml"}],"."]}],"\n"]}],"\n",["$","p","p-2",{"children":["By defining the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"user_auth"}]," route and integrating it with Symfony's form login mechanism, we ensure the form serves both as a login page and a handler for the login process, making the system both efficient and secure."]}]]}]]}],["$","div","15822",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Overview of the Login Process"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":"Understanding the login process in Symfony is crucial for effectively securing your application. Here’s an overview of how the login process works:"}],"\n",["$","ol","ol-0",{"className":"list-decimal pl-24 space-y-8","children":["\n",["$","li","li-0",{"children":["\n",["$","p","p-0",{"children":[["$","strong","strong-0",{"children":"User Submits Login Form"}],": The user fills in their username and password and submits the login form. The form action directs the data to the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"user_auth"}]," route."]}],"\n"]}],"\n",["$","li","li-1",{"children":["\n",["$","p","p-0",{"children":[["$","strong","strong-0",{"children":"Symfony Handles Authentication"}],": Symfony receives the login credentials and uses the security component to handle authentication. The form data (",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"_username"}]," and ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"_password"}],") are processed by Symfony's security system."]}],"\n"]}],"\n",["$","li","li-2",{"children":["\n",["$","p","p-0",{"children":[["$","strong","strong-0",{"children":"Fetching User Data"}],": The security component uses the specified provider (",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"app_user_provider"}],") to fetch the user data from the database based on the provided username."]}],"\n"]}],"\n",["$","li","li-3",{"children":["\n",["$","p","p-0",{"children":[["$","strong","strong-0",{"children":"Password Verification"}],": The fetched user data includes the hashed password. Symfony uses the password hasher configured in ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"security.yaml"}]," to verify the password by comparing the submitted password with the hashed one stored in the database."]}],"\n"]}],"\n",["$","li","li-4",{"children":["\n",["$","p","p-0",{"children":[["$","strong","strong-0",{"children":"Role Checking"}],": Symfony checks the roles assigned to the user, ensuring they can access the requested resource. The roles are specified in the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"User"}]," entity and controlled through the ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"access_control"}]," settings in ",["$","code","code-2",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"security.yaml"}],"."]}],"\n"]}],"\n",["$","li","li-5",{"children":["\n",["$","p","p-0",{"children":[["$","strong","strong-0",{"children":"Setting the Session"}],": If the authentication is successful, Symfony sets the user’s session, effectively logging them in."]}],"\n"]}],"\n",["$","li","li-6",{"children":["\n",["$","p","p-0",{"children":[["$","strong","strong-0",{"children":"Redirecting the User"}],": Upon successful authentication, Symfony redirects the user to the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"default_target_path"}]," (e.g., ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"todo_list"}],"), as specified in the ",["$","code","code-2",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"security.yaml"}]," file. If authentication fails, the user is redirected back to the login page."]}],"\n"]}],"\n",["$","li","li-7",{"children":["\n",["$","p","p-0",{"children":[["$","strong","strong-0",{"children":"Access Control"}],": On subsequent requests, Symfony uses the session data to verify the user's identity and roles, granting or denying access to different parts of the application based on the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"access_control"}]," settings."]}],"\n"]}],"\n"]}],"\n",["$","p","p-1",{"children":"This process ensures that only authenticated users can access protected routes, providing a secure way to manage user access in your Symfony application."}]]}]]}],["$","div","15823",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Summary and Next Steps"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":"In this lesson, we covered:"}],"\n",["$","ul","ul-0",{"className":"list-disc pl-16 space-y-8","children":["\n",["$","li","li-0",{"children":["How to implement the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"UserInterface"}]," and ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"PasswordAuthenticatedUserInterface"}]," in the ",["$","code","code-2",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"User"}]," entity."]}],"\n",["$","li","li-1",{"children":["Setting default roles in the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"UserService"}],"."]}],"\n",["$","li","li-2",{"children":["Configuring the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"security.yaml"}]," for user login and route protection."]}],"\n",["$","li","li-3",{"children":"Adapting the login template for a user-friendly experience."}],"\n"]}],"\n",["$","p","p-1",{"children":"These steps are crucial in ensuring that your Symfony application is secure and only accessible to authenticated users."}],"\n",["$","p","p-2",{"children":"Next, you will have the opportunity to apply what you've learned through practice exercises. These exercises will help you reinforce the concepts and techniques covered in this lesson. Keep practicing to solidify your understanding and build a more secure Symfony application. Keep up the great work!"}]]}]]}]],["$","div",null,{"className":"flex gap-16 justify-between md:justify-start","children":[[["$","div",null,{"className":"hidden md:block","children":["$","$L10",null,{"href":"/learn/courses/securing-your-symfony-mvc-app/lessons/hashing-passwords-during-registration","variant":"tertiary","size":"sm","LeadingIcon":"$3c","children":"Previous Lesson"}]}],["$","div",null,{"className":"md:hidden","children":["$","$L10",null,{"href":"/learn/courses/securing-your-symfony-mvc-app/lessons/hashing-passwords-during-registration","variant":"tertiary","size":"sm","LeadingIcon":"$3c","children":"Previous"}]}]],[["$","div",null,{"className":"hidden lg:block","children":["$","$L10",null,{"href":"/learn/courses/securing-your-symfony-mvc-app/lessons/enabling-users-to-logout","variant":"tertiary","size":"sm","TrailingIcon":"$3d","maxWidth":"47rem","children":"Next Lesson: Enabling Users to Logout"}]}],["$","div",null,{"className":"hidden md:block lg:hidden","children":["$","$L10",null,{"href":"/learn/courses/securing-your-symfony-mvc-app/lessons/enabling-users-to-logout","variant":"tertiary","size":"sm","TrailingIcon":"$3d","maxWidth":"33rem","children":"Next Lesson: Enabling Users to Logout"}]}],["$","div",null,{"className":"md:hidden","children":["$","$L10",null,{"href":"/learn/courses/securing-your-symfony-mvc-app/lessons/enabling-users-to-logout","variant":"tertiary","size":"sm","TrailingIcon":"$3d","children":"Next"}]}]]]}]]}],["$","div",null,{"className":"flex flex-col bg-gray-200 dark:bg-gray-1400 w-full px-20 md:px-24 pt-24 pb-48 items-center","children":["$","div",null,{"className":"max-w-screen-xl w-full flex flex-col lg:flex-row py-20 px-24 items-center justify-between gap-48 lg:gap-60 xl:gap-96","children":[["$","$L3e",null,{"alt":"Sign up","src":"/learn/img/signup-module.png","className":"h-auto w-[335px] md:w-[440px] lg:w-[480px] xl:w-[570px]","width":570,"height":336}],["$","div",null,{"className":"flex flex-col gap-32 ml-24 items-center lg:items-start","children":[["$","div",null,{"className":"text-h-md md:text-h-xl text-theme-strong text-center lg:text-start","children":"Join the 1M+ learners on CodeSignal"}],["$","div",null,{"className":"text-lg font-normal md:text-2xl text-theme text-center lg:text-start md:max-w-[536px] lg:max-w-none","children":"Be a part of our community of 1M+ users who develop and demonstrate their skills on CodeSignal"}],["$","$L35",null,{"size":"lg","pageType":"lessonPreview","uiRegion":"joinModule","children":"Start learning today!"}]]}]]}]}],"$L3f"]}]]}]