Getting Started

Minimal Setup

Installation Add the package via Composer:

composer require becklyn/security-bundle

Enable the bundle in config/bundles.php:

return [
    // ...
    Becklyn\SecurityBundle\SecurityBundle::class => ['all' => true],
];

First Use Case: Password Validation Use the PasswordValidator service to validate passwords in forms:

use Becklyn\SecurityBundle\Validator\Constraints\Password;

// In your controller or form type
$validator = $this->get('validator');
$constraint = new Password();
$errors = $validator->validate($password, $constraint);

Key Classes to Explore
- PasswordValidator – For password strength checks.
- PasswordHasher – For secure password hashing (if not using Symfony’s built-in).
- SecurityHelper – Utility methods for common security tasks (e.g., CSRF checks).

Implementation Patterns

Common Workflows

1. Password Handling

Form Validation Use the Password constraint in Symfony forms:

use Becklyn\SecurityBundle\Validator\Constraints\Password;

$builder->add('password', PasswordType::class, [
    'constraints' => [new Password()],
]);

Custom Rules Extend the Password constraint for project-specific rules:

use Becklyn\SecurityBundle\Validator\Constraints\Password;

class CustomPassword extends Password {
    protected function getRules() {
        return [
            'min_length' => 12,
            'max_length' => 64,
            'require_uppercase' => true,
            'require_special_chars' => true,
        ];
    }
}

2. CSRF Protection

Manual Checks Use SecurityHelper to verify CSRF tokens:

$securityHelper = $this->container->get('becklyn_security.helper');
if (!$securityHelper->isCsrfTokenValid($request->request->get('_csrf_token'))) {
    throw new \Symfony\Component\HttpKernel\Exception\BadRequestHttpException('Invalid CSRF token.');
}

3. Sensitive Data Handling

Masking Use SecurityHelper to mask sensitive data (e.g., credit card numbers):

$masked = $securityHelper->maskSensitiveData('4111111111111111', 4);
// Output: '****1111'

4. Integration with Symfony Security

Event Listeners Listen to security events (e.g., security.interactive_login):

use Becklyn\SecurityBundle\Event\SecurityEvents;

$dispatcher->addListener(SecurityEvents::INTERACTIVE_LOGIN, function ($event) {
    // Log login attempts or enforce MFA
});

Gotchas and Tips

Pitfalls

CSRF Token Mismatch
- If using custom CSRF tokens, ensure they match the SecurityHelper configuration.
- Debug: Check becklyn_security.csrf.token_name in config.
Password Rules Overrides
- Custom Password constraints may conflict with Symfony’s built-in validators. Use priority in constraints to control order:
```
new Password(['priority' => 10]);
```
Deprecated Methods
- The package is lightweight but lacks recent updates. Verify method signatures against the 2023-01-17 release.

Debugging Tips

Validator Errors Enable Symfony’s validator debug mode:

# config/packages/validator.yaml
parameters:
    validator.debug: '%kernel.debug%'

Logging Security Events Configure Monolog to log security events:

# config/packages/monolog.yaml
handlers:
    security:
        type: stream
        path: "%kernel.logs_dir%/security.log"
        level: debug
        channels: ["security"]

Extension Points

Custom Validators Extend PasswordValidator or create new constraints by implementing ConstraintValidatorInterface.

Configuration Overrides Override default settings in config/packages/becklyn_security.yaml:

becklyn_security:
    password:
        min_length: 10
        require_uppercase: false

Event Subscribers Subscribe to SecurityEvents for custom logic (e.g., rate-limiting login attempts):

use Becklyn\SecurityBundle\Event\SecurityEvents;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;

class LoginRateLimiter implements EventSubscriberInterface {
    public static function getSubscribedEvents() {
        return [
            SecurityEvents::INTERACTIVE_LOGIN => 'onLogin',
        ];
    }
}

Security Bundle Laravel Package