@@ -8,7 +8,7 @@ Whether you need to build a traditional login form, an API token authentication
88or you need to integrate with some proprietary single-sign-on system, the Guard
99component can make it easy... and fun!
1010
11- In this example, you'll build an API token authentication system... and learn how
11+ In this example, you'll build an API token authentication system and learn how
1212to work with Guard.
1313
1414Create a User and a User Provider
@@ -17,7 +17,7 @@ Create a User and a User Provider
1717No matter how you authenticate, you need to create a User class that implements ``UserInterface ``
1818and configure a :doc: `user provider </cookbook/security/custom_provider >`. In this
1919example, users are stored in the database via Doctrine, and each user has an ``apiKey ``
20- property they can use to access their account via the API::
20+ property they use to access their account via the API::
2121
2222 // src/AppBundle/Entity/User.php
2323 namespace AppBundle\Entity;
@@ -76,7 +76,7 @@ property they can use to access their account via the API::
7676 This User doesn't have a password, but you can add a ``password `` property if
7777 you also want to allow this user to login with a password (e.g. via a login form).
7878
79- Your ``User `` class doesn't need to be store in Doctrine: do whatever you need.
79+ Your ``User `` class doesn't need to be stored in Doctrine: do whatever you need.
8080Next, make sure you've configured a "user provider" for the user:
8181
8282.. configuration-block ::
@@ -124,7 +124,7 @@ Next, make sure you've configured a "user provider" for the user:
124124 'providers' => array(
125125 'your_db_provider' => array(
126126 'entity' => array(
127- 'class' => 'AppBundle:User',
127+ 'class' => 'AppBundle:User',
128128 ),
129129 ),
130130 ),
@@ -144,7 +144,7 @@ Suppose you have an API where your clients will send an ``X-AUTH-TOKEN`` header
144144on each request with their API token. Your job is to read this and find the associated
145145user (if any).
146146
147- To create a custom authentication system, just create a class an make it implement
147+ To create a custom authentication system, just create a class and make it implement
148148:class: `Symfony\\ Component\\ Security\\ Guard\\ GuardAuthenticatorInterface `. Or, extend
149149the simpler :class: `Symfony\\ Component\\ Security\\ Guard\\ AbstractGuardAuthenticator `.
150150This requires you to implement six methods::
@@ -181,7 +181,7 @@ This requires you to implement six methods::
181181 return;
182182 }
183183
184- // What we return here will be passed to getUser() as $credentials
184+ // What you return here will be passed to getUser() as $credentials
185185 return array(
186186 'token' => $token,
187187 );
@@ -356,7 +356,7 @@ Finally, configure your ``firewalls`` key in ``security.yml`` to use this authen
356356 ),
357357 ));
358358
359- you're
359+ your
360360homepage required ``ROLE_USER ``, then you could test it under different conditions:
361361
362362.. code-block :: bash
@@ -398,7 +398,7 @@ Each authenticator needs the following methods:
398398
399399**checkCredentials($credentials, UserInterface $user) **
400400 If ``getUser() `` returns a User object, this method is called. Your job is to
401- verify if the credentials are correct. For a login for , this is where you would
401+ verify if the credentials are correct. For a login form , this is where you would
402402 check that the password is correct for the user. To pass authentication, return
403403 ``true ``. If you return *anything * else
404404 (or throw an :ref: `AuthenticationException <guard-customize-error >`),
@@ -410,7 +410,7 @@ Each authenticator needs the following methods:
410410 that will be sent to the client or ``null `` to continue the request
411411 (e.g. allow the route/controller to be called like normal). Since this
412412 is an API where each request authenticates itself, you want to return
413- ``nul ``.
413+ ``null ``.
414414
415415**onAuthenticationFailure(Request $request, AuthenticationException $exception) **
416416 This is called if authentication fails. Your job
@@ -421,13 +421,15 @@ Each authenticator needs the following methods:
421421**start **
422422 This is called if the client accesses a URI/resource that requires authentication,
423423 but no authentication details were sent (i.e. you returned ``null `` from
424- ``getCredentialsFromRequest ()
424+ ``getCredentials ()
425425 :class: `Symfony\\ Component\\ HttpFoundation\\ Response ` object that helps
426426 the user authenticate (e.g. a 401 response that says "token is missing!").
427427
428428**supportsRememberMe **
429+ If you want to support "remember me" functionality, return true from this method.
430+ You will still need to active ``rememebe_me `` under your firewall for it to work.
429431 Since this is a stateless API, you do not want to support "remember me"
430- functionality.
432+ functionality in this example .
431433
432434.. _guard-customize-error :
433435
@@ -457,9 +459,9 @@ to cause a failure::
457459 {
458460 // ...
459461
460- if ($token == 'MickyMouse ') {
462+ if ($token == 'ILuvAPIs ') {
461463 throw new CustomUserMessageAuthenticationException(
462- 'MickyMouse is not a real API key: he \'s a cartoon character '
464+ 'ILuvAPIs is not a real API key: it \'s just a silly phrase '
463465 );
464466 }
465467
@@ -469,13 +471,13 @@ to cause a failure::
469471 // ...
470472 }
471473
472- In this case, since "MickyMouse " is a ridiculous API key, you could include an easter
474+ In this case, since "ILuvAPIs " is a ridiculous API key, you could include an easter
473475egg to return a custom message if someone tries this:
474476
475477.. code-block :: bash
476478
477- curl -H " X-AUTH-TOKEN: MickyMouse "
478- # {"message":"MickyMouse is not a real API key: he 's a cartoon character "}
479+ curl -H " X-AUTH-TOKEN: ILuvAPIs "
480+ # {"message":"ILuvAPIs is not a real API key: it 's just a silly phrase "}
479481
480482
481483--------------------------
@@ -485,7 +487,7 @@ Frequently Asked Questions
485487 "entry_point". This means you'll need to choose *which * authenticator's ``start() ``
486488 method should be called when an anonymous user tries to access a protected resource.
487489 For example, suppose you have an ``app.form_login_authenticator `` that handles
488- a traditional form login. When a user access a protected page anonymously, you
490+ a traditional form login. When a user accesses a protected page anonymously, you
489491 want to use the ``start() `` method from the form authenticator and redirect them
490492 to the login page (instead of returning a JSON response):
491493
@@ -564,8 +566,8 @@ Frequently Asked Questions
564566 ));
565567
566568Can I use this with ``form_login``? **
567- Yes! ``form_login `` is *one * way to authenticator a user, so you could use
568- it *and * then add one more more authenticators. Use a guard authenticator doesn't
569+ Yes! ``form_login `` is *one * way to authenticate a user, so you could use
570+ it *and * then add one or more authenticators. Using a guard authenticator doesn't
569571 collide with other ways to authenticate.
570572
571573**Can I use this with FOSUserBundle? **
0 commit comments