From 58734aa7b2522c68db16da6b675fb24e6e8eca3a Mon Sep 17 00:00:00 2001 From: Jannis Portmann Date: Thu, 20 May 2021 23:34:50 +0200 Subject: [PATCH] Add remember me functionality --- config/packages/security.yaml | 10 ++++++++++ src/Controller/Admin/DashboardController.php | 4 ++++ templates/security/login.html.twig | 4 ++++ 3 files changed, 18 insertions(+) diff --git a/config/packages/security.yaml b/config/packages/security.yaml index a5909ce..4fb4d30 100644 --- a/config/packages/security.yaml +++ b/config/packages/security.yaml @@ -25,6 +25,16 @@ security: path: app_logout # where to redirect after logout # target: app_any_route + remember_me: + secret: '%kernel.secret%' + lifetime: 604800 # 1 week in seconds + path: / + secure: true + samesite: strict + # by default, the feature is enabled by checking a + # checkbox in the login form (see below), uncomment the + # following line to always enable it. + #always_remember_me: true # activate different ways to authenticate # https://symfony.com/doc/current/security.html#firewalls-authentication diff --git a/src/Controller/Admin/DashboardController.php b/src/Controller/Admin/DashboardController.php index df0148e..9e5ad4c 100644 --- a/src/Controller/Admin/DashboardController.php +++ b/src/Controller/Admin/DashboardController.php @@ -18,6 +18,10 @@ class DashboardController extends AbstractDashboardController */ public function index(): Response { + // require the user to log in during *this* session + // if they were only logged in via a remember me cookie, they + // will be redirected to the login page + $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY'); return parent::index(); } diff --git a/templates/security/login.html.twig b/templates/security/login.html.twig index 6c66575..a4b4e03 100644 --- a/templates/security/login.html.twig +++ b/templates/security/login.html.twig @@ -33,6 +33,10 @@
Forgot password
+
+ + +