symfony
diff --git a/‎_build/redirection_map
Copy file name to clipboardExpand all lines: _build/redirection_map
+8Lines changed: 8 additions & 0 deletions b/‎_build/redirection_map
Copy file name to clipboardExpand all lines: _build/redirection_map
+8Lines changed: 8 additions & 0 deletions
diff --git a/‎_images/security/http_basic_popup.png
Copy file name to clipboard
-38.6 KB b/‎_images/security/http_basic_popup.png
Copy file name to clipboard
-38.6 KB
diff --git a/‎_images/security/symfony_loggedin_wdt.png
Copy file name to clipboard
61 KB b/‎_images/security/symfony_loggedin_wdt.png
Copy file name to clipboard
61 KB
diff --git a/‎best_practices/security.rst
Copy file name to clipboardExpand all lines: best_practices/security.rst
-20Lines changed: 0 additions & 20 deletions b/‎best_practices/security.rst
Copy file name to clipboardExpand all lines: best_practices/security.rst
-20Lines changed: 0 additions & 20 deletions
diff --git a/‎configuration/micro_kernel_trait.rst
Copy file name to clipboardExpand all lines: configuration/micro_kernel_trait.rst
+26-31Lines changed: 26 additions & 31 deletions b/‎configuration/micro_kernel_trait.rst
Copy file name to clipboardExpand all lines: configuration/micro_kernel_trait.rst
+26-31Lines changed: 26 additions & 31 deletions
diff --git a/‎controller/error_pages.rst
Copy file name to clipboardExpand all lines: controller/error_pages.rst
+9-2Lines changed: 9 additions & 2 deletions b/‎controller/error_pages.rst
Copy file name to clipboardExpand all lines: controller/error_pages.rst
+9-2Lines changed: 9 additions & 2 deletions
diff --git a/‎doctrine.rst
Copy file name to clipboardExpand all lines: doctrine.rst
+50-2Lines changed: 50 additions & 2 deletions b/‎doctrine.rst
Copy file name to clipboardExpand all lines: doctrine.rst
+50-2Lines changed: 50 additions & 2 deletions
diff --git a/‎doctrine/registration_form.rst
Copy file name to clipboardExpand all lines: doctrine/registration_form.rst
+10-10Lines changed: 10 additions & 10 deletions b/‎doctrine/registration_form.rst
Copy file name to clipboardExpand all lines: doctrine/registration_form.rst
+10-10Lines changed: 10 additions & 10 deletions
diff --git a/‎frontend/encore/simple-example.rst
Copy file name to clipboardExpand all lines: frontend/encore/simple-example.rst
+4-4Lines changed: 4 additions & 4 deletions b/‎frontend/encore/simple-example.rst
Copy file name to clipboardExpand all lines: frontend/encore/simple-example.rst
+4-4Lines changed: 4 additions & 4 deletions
diff --git a/‎reference/configuration/security.rst
Copy file name to clipboardExpand all lines: reference/configuration/security.rst
+1-2Lines changed: 1 addition & 2 deletions b/‎reference/configuration/security.rst
Copy file name to clipboardExpand all lines: reference/configuration/security.rst
+1-2Lines changed: 1 addition & 2 deletions
diff --git a/‎reference/configuration/web_profiler.rst
Copy file name to clipboardExpand all lines: reference/configuration/web_profiler.rst
+2Lines changed: 2 additions & 0 deletions b/‎reference/configuration/web_profiler.rst
Copy file name to clipboardExpand all lines: reference/configuration/web_profiler.rst
+2Lines changed: 2 additions & 0 deletions
@@ -390,3 +390,11 @@
 /quick_tour/the_view /quick_tour/flex_recipes
 /service_container/service_locators /service_container/service_subscribers_locators
 /templating/overriding /bundles/override
+/security/custom_provider /security/user_provider
+/security/multiple_user_providers /security/user_provider
+/security/custom_password_authenticator /security/guard_authentication
+/security/api_key_authentication /security/api_key_authentication
+/security/pre_authenticated /security/auth_providers
+/security/host_restriction /security/firewall_restriction
+/security/acl_advanced /security/acl
+/security/password_encoding /security
@@ -376,26 +376,6 @@ via the even easier shortcut in a controller::
         // ...
     }
 
-Learn More
-----------
-
-The `FOSUserBundle`_, developed by the Symfony community, adds support for a
-database-backed user system in Symfony. It also handles common tasks like
-user registration and forgotten password functionality.
-
-Enable the :doc:`Remember Me feature </security/remember_me>` to
-allow your users to stay logged in for a long period of time.
-
-When providing customer support, sometimes it's necessary to access the application
-as some *other* user so that you can reproduce the problem. Symfony provides
-the ability to :doc:`impersonate users </security/impersonating_user>`.
-
-If your company uses a user login method not supported by Symfony, you can
-develop :doc:`your own user provider </security/custom_provider>` and
-:doc:`your own authentication provider </security/custom_authentication_provider>`.
-
-----
-
 Next: :doc:`/best_practices/web-assets`
 
 .. _`ParamConverter`: https://symfony.com/doc/current/bundles/SensioFrameworkExtraBundle/annotations/converters.html
 
@@ -55,13 +55,13 @@ Next, create an ``index.php`` file that defines the kernel class and executes it
         {
             // kernel is a service that points to this class
             // optional 3rd argument is the route name
-            $routes->add('/random/{limit}', 'kernel:randomNumber');
+            $routes->add('/random/{limit}', 'Kernel::randomNumber');
         }
 
         public function randomNumber($limit)
         {
             return new JsonResponse(array(
-                'number' => rand(0, $limit)
+                'number' => random_int(0, $limit),
             ));
         }
     }
@@ -136,11 +136,6 @@ hold the kernel. Now it looks like this::
     use Symfony\Component\DependencyInjection\ContainerBuilder;
     use Symfony\Component\HttpKernel\Kernel as BaseKernel;
     use Symfony\Component\Routing\RouteCollectionBuilder;
-    use Doctrine\Common\Annotations\AnnotationRegistry;
-
-    $loader = require __DIR__.'/../vendor/autoload.php';
-    // auto-load annotations
-    AnnotationRegistry::registerLoader(array($loader, 'loadClass'));
 
     class Kernel extends BaseKernel
     {
@@ -149,8 +144,8 @@ hold the kernel. Now it looks like this::
         public function registerBundles()
         {
             $bundles = array(
-                new Symfony\Bundle\FrameworkBundle\FrameworkBundle(),
-                new Symfony\Bundle\TwigBundle\TwigBundle(),
+                new \Symfony\Bundle\FrameworkBundle\FrameworkBundle(),
+                new \Symfony\Bundle\TwigBundle\TwigBundle(),
             );
 
             if ($this->getEnvironment() == 'dev') {
@@ -162,7 +157,7 @@ hold the kernel. Now it looks like this::
 
         protected function configureContainer(ContainerBuilder $c, LoaderInterface $loader)
         {
-            $loader->load(__DIR__.'/config/framework.yaml');
+            $loader->load(__DIR__.'/../config/framework.yaml');
 
             // configure WebProfilerBundle only if the bundle is enabled
             if (isset($this->bundles['WebProfilerBundle'])) {
@@ -198,6 +193,12 @@ hold the kernel. Now it looks like this::
         }
     }
 
+Before continuing, run this command to add support for the new dependencies:
+
+.. code-block:: terminal
+
+    $ composer require symfony/yaml symfony/twig-bundle symfony/web-profiler-bundle doctrine/annotations
+
 Unlike the previous kernel, this loads an external ``config/framework.yaml`` file,
 because the configuration started to get bigger:
 
@@ -208,8 +209,6 @@ because the configuration started to get bigger:
         # config/framework.yaml
         framework:
             secret: S0ME_SECRET
-            templating:
-                engines: ['twig']
             profiler: { only_exceptions: false }
 
     .. code-block:: xml
@@ -223,9 +222,6 @@ because the configuration started to get bigger:
                 http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
 
             <framework:config secret="S0ME_SECRET">
-                <framework:templating>
-                    <framework:engine>twig</framework:engine>
-                </framework:templating>
                 <framework:profiler only-exceptions="false" />
             </framework:config>
         </container>
@@ -235,9 +231,6 @@ because the configuration started to get bigger:
         // config/framework.php
         $container->loadFromExtension('framework', array(
             'secret' => 'S0ME_SECRET',
-            'templating' => array(
-                'engines' => array('twig'),
-            ),
             'profiler' => array(
                 'only_exceptions' => false,
             ),
@@ -259,21 +252,20 @@ has one file in it::
          */
         public function randomNumber($limit)
         {
-            $number = rand(0, $limit);
+            $number = random_int(0, $limit);
 
             return $this->render('micro/random.html.twig', array(
-                'number' => $number
+                'number' => $number,
             ));
         }
     }
 
-Template files should live in the ``Resources/views/`` directory of whatever directory
-your *kernel* lives in. Since ``Kernel`` lives in ``src/``, this template lives
-at ``src/Resources/views/micro/random.html.twig``:
+Template files should live in the ``templates/`` directory at the root of your project.
+This template lives at ``templates/micro/random.html.twig``:
 
 .. code-block:: html+twig
 
-    <!-- src/Resources/views/micro/random.html.twig -->
+    <!-- templates/micro/random.html.twig -->
     <!DOCTYPE html>
     <html>
         <head>
@@ -289,9 +281,13 @@ Finally, you need a front controller to boot and run the application. Create a
 
     // public/index.php
 
+    use App\Kernel;
+    use Doctrine\Common\Annotations\AnnotationRegistry;
     use Symfony\Component\HttpFoundation\Request;
 
-    require __DIR__.'/../src/Kernel.php';
+    $loader = require __DIR__.'/../vendor/autoload.php';
+    // auto-load annotations
+    AnnotationRegistry::registerLoader(array($loader, 'loadClass'));
 
     $kernel = new Kernel('dev', true);
     $request = Request::createFromGlobals();
@@ -311,13 +307,12 @@ this:
     ├─ public/
     |  └─ index.php
     ├─ src/
-    |  ├─ Kernel.php
     |  ├─ Controller
     |  |  └─ MicroController.php
-    │  └─ Resources
-    |     └─ views
-    |        └─ micro
-    |           └─ random.html.twig
+    |  └─ Kernel.php
+    ├─ templates/
+    |  └─ micro/
+    |     └─ random.html.twig
     ├─ var/
     |  ├─ cache/
     │  └─ log/
@@ -331,7 +326,7 @@ As before you can use PHP built-in server:
 .. code-block:: terminal
 
     cd public/
-    $ php -S localhost:8000
+    $ php -S localhost:8000 -t public/
 
 Then see webpage in browser:
 
 
@@ -60,7 +60,7 @@ logic to determine the template filename:
    a generic template for the given format (like ``error.json.twig`` or
    ``error.xml.twig``);
 
-#. If none of the previous template exist, fall back to the generic HTML template
+#. If none of the previous templates exist, fall back to the generic HTML template
    (``error.html.twig``).
 
 .. _overriding-or-adding-templates:
@@ -69,7 +69,7 @@ To override these templates, rely on the standard Symfony method for
 :ref:`overriding templates that live inside a bundle <override-templates>` and
 put them in the ``templates/bundles/TwigBundle/Exception/`` directory.
 
-A typical project that returns HTML and JSON pages, might look like this:
+A typical project that returns HTML and JSON pages might look like this:
 
 .. code-block:: text
 
@@ -122,6 +122,13 @@ store the HTTP status code and message respectively.
     for the standard HTML exception page or ``exception.json.twig`` for the JSON
     exception page.
 
+Security & 404 Pages
+--------------------
+
+Due to the order of how routing and security are loaded, security information will
+*not* be available on your 404 pages. This means that it will appear as if your
+user is logged out on the 404 page (it will work while testing, but not on production).
+
 .. _testing-error-pages:
 
 Testing Error Pages during Development
 
@@ -228,6 +228,8 @@ This command executes all migration files that have not already been run against
 your database. You should run this command on production when you deploy to keep
 your production database up-to-date.
 
+.. _doctrine-add-more-fields:
+
 Migrations & Adding more Fields
 -------------------------------
 
@@ -715,12 +717,58 @@ relationships.
 
 For info, see :doc:`/doctrine/associations`.
 
+.. _doctrine-fixtures:
+
 Dummy Data Fixtures
 -------------------
 
 Doctrine provides a library that allows you to programmatically load testing
-data into your project (i.e. "fixture data"). For information, see
-the "`DoctrineFixturesBundle`_" documentation.
+data into your project (i.e. "fixture data"). Install it with:
+
+.. code-block:: terminal
+
+    $ composer require doctrine/doctrine-fixtures-bundle --dev
+
+Then, use the ``make:fixtures`` command to generate an empty fixture class:
+
+.. code-block:: terminal
+
+    $ php bin/console make:fixtures
+
+    The class name of the fixtures to create (e.g. AppFixtures):
+    > ProductFixture
+
+Customize the new class to load ``Product`` objects into Doctrine::
+
+    // src/DataFixtures/ProductFixture.php
+    namespace App\DataFixtures;
+
+    use Doctrine\Bundle\FixturesBundle\Fixture;
+    use Doctrine\Common\Persistence\ObjectManager;
+
+    class ProductFixture extends Fixture
+    {
+        public function load(ObjectManager $manager)
+        {
+            $product = new Product();
+            $product->setName('Priceless widget!');
+            $product->setPrice(14.50);
+            $product->setDescription('Ok, I guess it *does* have a price');
+            $manager->persist($product);
+
+            // add more products
+
+            $manager->flush();
+        }
+    }
+
+Empty the database and reload *all* the fixture classes with:
+
+.. code-block:: terminal
+
+    $ php bin/console doctrine:fixtures:load
+
+For information, see the "`DoctrineFixturesBundle`_" documentation.
 
 Learn more
 ----------
 
@@ -16,24 +16,19 @@ First, make sure you have all the dependencies you need installed:
 
     $ composer require symfony/orm-pack symfony/form symfony/security-bundle symfony/validator
 
-.. tip::
-
-    The popular `FOSUserBundle`_ provides a registration form, reset password
-    form and other user management functionality.
-
 If you don't already have a ``User`` entity and a working login system,
-first start with :doc:`/security/entity_provider`.
+first start by following :doc:`/security`.
 
 Your ``User`` entity will probably at least have the following fields:
 
 ``username``
     This will be used for logging in, unless you instead want your user to
-    :ref:`login via email <registration-form-via-email>` (in that case, this
+    :ref:`log in via email <registration-form-via-email>` (in that case, this
     field is unnecessary).
 
 ``email``
     A nice piece of information to collect. You can also allow users to
-    :ref:`login via email <registration-form-via-email>`.
+    :ref:`log in via email <registration-form-via-email>`.
 
 ``password``
     The encoded password.
@@ -166,7 +161,7 @@ With some validation added, your class may look something like this::
 The :class:`Symfony\\Component\\Security\\Core\\User\\UserInterface` requires
 a few other methods and your ``security.yaml`` file needs to be configured
 properly to work with the ``User`` entity. For a more complete example, see
-the :ref:`Entity Provider <security-crete-user-entity>` article.
+the :doc:`Security Guide </security>`.
 
 .. _registration-password-max:
 
@@ -420,6 +415,11 @@ To do this, add a ``termsAccepted`` field to your form, but set its
 The :ref:`constraints <form-option-constraints>` option is also used, which allows
 us to add validation, even though there is no ``termsAccepted`` property on ``User``.
 
+Manually Authenticating after Success
+-------------------------------------
+
+If you're using Guard authentication, you can :ref:`automatically authenticate <guard-manual-auth>`
+after registration is successful.
+
 .. _`CVE-2013-5750`: https://symfony.com/blog/cve-2013-5750-security-issue-in-fosuserbundle-login-form
-.. _`FOSUserBundle`: https://github.com/FriendsOfSymfony/FOSUserBundle
 .. _`bcrypt`: https://en.wikipedia.org/wiki/Bcrypt
@@ -98,7 +98,7 @@ your layout. In Symfony, use the ``asset()`` helper:
 Requiring JavaScript Modules
 ----------------------------
 
-Webpack is a module bundler... which means that you can ``require`` other JavaScript
+Webpack is a module bundler, which means that you can ``require`` other JavaScript
 files. First, create a file that exports a function:
 
 .. code-block:: javascript
@@ -139,9 +139,9 @@ The import and export Statements
 
 Instead of using ``require`` and ``module.exports`` like shown above, JavaScript
 has an alternate syntax, which is a more accepted standard. Choose whichever you
-want: they function identically:
+want, they function identically.
 
-To export values, use ``exports``:
+To export values using the alternate syntax, use ``exports``:
 
 .. code-block:: diff
 
@@ -168,7 +168,7 @@ Page-Specific JavaScript or CSS (Multiple Entries)
 --------------------------------------------------
 
 So far, you only have one final JavaScript file: ``app.js``. For simple apps or
-SPA's (Single Page Applications), that might be fine! However, as your app grows,
+SPAs (Single Page Applications), that might be fine! However, as your app grows,
 you may want to have page-specific JavaScript or CSS (e.g. homepage, blog, store,
 etc.). To handle this, add a new "entry" for each page that needs custom JavaScript
 or CSS:
 
@@ -48,8 +48,7 @@ is set to ``true``) when they try to access a protected resource but isn't
 fully authenticated.
 
 This path **must** be accessible by a normal, un-authenticated user, else
-you may create a redirect loop. For details, see
-":ref:`Avoid Common Pitfalls <security-common-pitfalls>`".
+you may create a redirect loop.
 
 check_path
 ..........
 
@@ -45,6 +45,8 @@ It enables and disables the toolbar entirely. Usually you set this to ``true``
 in the ``dev`` and ``test`` environments and to ``false`` in the ``prod``
 environment.
 
+.. _intercept_redirects:
+
 intercept_redirects
 ~~~~~~~~~~~~~~~~~~~