[3/10] Configuration In Security.yml

Okay, so this form doesn't actually work at the moment

We don't have any users set up and it's actually wanting an email address there, some HTML5

validation, but we don't have any users set up. We don't have registration enabled to actually allow us to sign up

So to begin with, we'll just create a sort of hard-coded user before moving on to allowing

our users to register. So under Login, I'm going to start off by changing some of these things up, begin by

tidying it up. so we're not going to go with email we're just going to go with usernames to keep things simple

just going to say username the underscores are important here our input type is going to be of

type text our id username we also need a name the name is super important symphony is going to expect

this field to be on our form in that exact format let's change the placeholder to be username and

of course the label to username as well now likewise here we need an underscore password

and let's tidy that up. Our ID underscore password, but again, the important one is name

We just give that a refresh Okay even so at this point that not going to do anything because we don have any users set up so let go ahead and sort that out as well so under config under security yaml

we're going to create a user that resides in memory so create a users key the username will

be admin the password well i'll show you how to get that in one sec and when this user logs in

can have the role of role admin now i just want the password to be admin but in order to get that

we need to generate a password unfortunately symphony provides a command line tool for this

so we do a php bin console you can see we've got security colon encode password so we'll do security

colon encode password and then we need to give it the password that we want to encode so i'm just

can have it as admin. And this message is actually more helpful than you would think. It's telling us

that we need to define a password encoder for users of type security core user user. So let's

jump under here and add in an encoders key with the entry that it's just given us. And we'll tell

it to use the algorithm here of bcrypt Now let go back and try again Pretty cool All we need to do now is just copy out that long string and paste it under our password key so let take another look at our form let

give that a refresh in fact we'll close down some of these things and do a view page source

you can see right now this form doesn't really know where to submit back to so let's go into our

login HTML twig under the form we'll set the action for this form and we'll use another one

of these functions provided by the symphony framework this time we'll use path and our path

is going to be login and it would probably make sense as well to add in the method of type post

okay so let's just refresh that you can see because we're in app dev it's popped on the app

dev path but if it was in production of course it would just be slash login okay so let's try that it's not going to work we're not logged in we still need to hook that

part up so again back in security yaml under the firewall main i going to now set a pattern for this firewall to match anything starting with a slash i going to set a provider key to be our in provider it just that one so that where it knows to look for our users

we're going to set up a form login which has the login path of login and the check path

also of login and remember our path is set for our login action to be called login so symphony's

going to intercept any post requests here and sort out logging for us and we also want our users to

be able to log out at this point so that'll enable them to hit slash log out okay so let's give this

a shot with our user of admin admin well because of the way our project was set up previously we're

still intercepting redirects but you can see we are actually logged in as admin so let's just go

into config dev and where we've got intercept redirects here let's just set that to false

just the hazards i suppose of reusing an existing project but you can see we are actually logged in

now now at this point things like logout won't actually work just yet and of course we'd like

to be able to actually go ahead and register so we're going to get on to all that in the next video