Ccdn User Security Bundle Laravel Package

Getting Started

Minimal Setup

1. Installation Add the bundle via Composer:

   composer require codeconsortium/ccdn-user-security-bundle
   

   Register the bundle in config/bundles.php:

   return [
       // ...
       CodeConsortium\CCDNUserSecurityBundle\CCDNUserSecurityBundle::class => ['all' => true],
   ];
   

2. Configuration Publish the default configuration:

   php bin/console ccdn-user-security:install
   

   Review and customize config/packages/ccdn_user_security.yaml (if published).

3. First Use Case Secure a route with role-based access:

   # config/routes.yaml
   secured_route:
       path: /admin
       controller: App\Controller\AdminController::index
       methods: GET
       roles: ROLE_ADMIN
   

Implementation Patterns

Core Workflows

1. Role-Based Access Control (RBAC)

   • Use annotations or YAML to define route-level security:

     use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
     
     class AdminController extends AbstractController {
         /**
          * @Security("has_role('ROLE_ADMIN')")
          */
         public function index() { ... }
     }
     

   • Dynamically assign roles via User entity:

     $user->addRole('ROLE_EDITOR');
     $user->removeRole('ROLE_USER');
     

2. Password Policies

   • Enforce complexity rules via config/packages/ccdn_user_security.yaml:

     ccdn_user_security:
         password:
             min_length: 12
             require_uppercase: true
             require_numbers: true
     

   • Validate passwords in forms:

     $validator = $this->get('validator');
     $errors = $validator->validate($user, $constraints);
     

3. Session Management

   • Extend session lifetime:

     ccdn_user_security:
         session:
             lifetime: 3600  # 1 hour
     

   • Force logout on inactivity:

     $this->get('ccdn_user_security.session_handler')->touch();
     

4. Event-Driven Security

   • Listen for security events (e.g., login failures):

     // src/EventListener/SecurityListener.php
     class SecurityListener implements EventSubscriberInterface {
         public static function getSubscribedEvents() {
             return [
                 SecurityEvents::LOGIN_FAILURE => 'onLoginFailure',
             ];
         }
     }
     

Integration Tips

• Symfony Security Component Works seamlessly with Symfony’s security.yaml:

  security:
      providers:
          ccdn_user_provider:
              entity: { class: App\Entity\User, property: email }
      firewalls:
          main:
              form_login:
                  provider: ccdn_user_provider
  

• Custom User Providers Extend CCDNUserProvider for custom logic:

  class CustomUserProvider extends CCDNUserProvider {
      public function loadUserByUsername($username) { ... }
  }
  

• API Security Use with API Platform or FOSRestBundle:

  # config/packages/api_platform.yaml
  api_platform:
      formats:
          jsonld:
              mime_types: ['application/ld+json']
      security:
          role_hierarchy:
              ROLE_API_USER: ROLE_USER
  

Gotchas and Tips

Pitfalls

1. Deprecation Warnings

   • The bundle is no longer supported. Avoid in new projects; consider alternatives like:
     • Symfony SecurityBundle
     • FriendsofSymfony/FOSUserBundle
   • If using, pin the version in composer.json to avoid breaking changes.

2. Configuration Overrides

   • Custom configurations may conflict with default values. Always test after changes:

     php bin/console cache:clear
     

3. Session Handling Quirks

   • Session storage (e.g., Redis) requires explicit configuration:

     ccdn_user_security:
         session:
             storage: redis
             host: 127.0.0.1
             port: 6379
     

4. Role Hierarchy Issues

   • Ensure roles are properly defined in security.yaml:

     security:
         role_hierarchy:
             ROLE_ADMIN: [ROLE_USER, ROLE_EDITOR]
     

Debugging

1. Enable Debug Mode

   # config/packages/dev/ccdn_user_security.yaml
   ccdn_user_security:
       debug: true
   

   • Logs security events to var/log/dev.log.

2. Common Errors

   • "User not found": Verify User entity implements CCDNUserInterface.
   • "Invalid password": Check PasswordEncoder compatibility (use Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface).
   • Session not persisting: Ensure session.save_path is writable.

3. Database Schema

   • Run migrations after installation:

     php bin/console doctrine:migrations:diff
     php bin/console doctrine:migrations:migrate
     

Extension Points

1. Custom Validators Extend CCDNPasswordValidator:

   class CustomPasswordValidator extends CCDNPasswordValidator {
       public function validatePassword($password, $user) { ... }
   }
   

   Register as a service:

   services:
       App\Security\CustomPasswordValidator:
           tags: [ccdn_user_security.password_validator]
   

2. Event Subscribers Create custom subscribers for CCDNUserEvents:

   class CustomUserSubscriber implements EventSubscriberInterface {
       public static function getSubscribedEvents() {
           return [
               CCDNUserEvents::USER_CREATED => 'onUserCreated',
           ];
       }
   }
   

3. Twig Extensions Add security helpers to Twig:

   class CCDNTwigExtension extends \Twig\Extension\AbstractExtension {
       public function getFunctions() {
           return [
               new \Twig\TwigFunction('has_role', [$this, 'hasRole']),
           ];
       }
   }
   

   {% if has_role('ROLE_ADMIN') %}
       <a href="/admin">Admin Panel</a>
   {% endif %}