symfony · weaverryan · Oct 18, 2018 · Oct 2, 2018 · Oct 13, 2018 · Oct 18, 2018
diff --git a/_build/redirection_map b/_build/redirection_map
@@ -390,3 +390,11 @@
 /quick_tour/the_view /quick_tour/flex_recipes
 /service_container/service_locators /service_container/service_subscribers_locators
 /templating/overriding /bundles/override
+/security/custom_provider /security/user_provider
+/security/multiple_user_providers /security/user_provider
+/security/custom_password_authenticator /security/guard_authentication
+/security/api_key_authentication /security/api_key_authentication
+/security/pre_authenticated /security/auth_providers
+/security/host_restriction /security/firewall_restriction
+/security/acl_advanced /security/acl
+/security/password_encoding /security
diff --git a/_images/security/http_basic_popup.png b/_images/security/http_basic_popup.png
diff --git a/_images/security/symfony_loggedin_wdt.png b/_images/security/symfony_loggedin_wdt.png
diff --git a/best_practices/security.rst b/best_practices/security.rst
@@ -376,26 +376,6 @@ via the even easier shortcut in a controller::
        // ...
    }

-Learn More
----------
-
-The `FOSUserBundle`_, developed by the Symfony community, adds support for a
-database-backed user system in Symfony. It also handles common tasks like
-user registration and forgotten password functionality.
-
-Enable the :doc:`Remember Me feature </security/remember_me>` to
-allow your users to stay logged in for a long period of time.
-
-When providing customer support, sometimes it's necessary to access the application
-as some *other* user so that you can reproduce the problem. Symfony provides
-the ability to :doc:`impersonate users </security/impersonating_user>`.
-
-If your company uses a user login method not supported by Symfony, you can
-develop :doc:`your own user provider </security/custom_provider>` and
-:doc:`your own authentication provider </security/custom_authentication_provider>`.
-
----
-
 Next: :doc:`/best_practices/web-assets`

 .. _`ParamConverter`: https://symfony.com/doc/current/bundles/SensioFrameworkExtraBundle/annotations/converters.html

diff --git a/controller/error_pages.rst b/controller/error_pages.rst
@@ -60,7 +60,7 @@ logic to determine the template filename:
   a generic template for the given format (like ``error.json.twig`` or
   ``error.xml.twig``);

-#. If none of the previous template exist, fall back to the generic HTML template
+#. If none of the previous templates exist, fall back to the generic HTML template
   (``error.html.twig``).

 .. _overriding-or-adding-templates:
@@ -69,7 +69,7 @@ To override these templates, rely on the standard Symfony method for
 :ref:`overriding templates that live inside a bundle <override-templates>` and
 put them in the ``templates/bundles/TwigBundle/Exception/`` directory.

-A typical project that returns HTML and JSON pages, might look like this:
+A typical project that returns HTML and JSON pages might look like this:

 .. code-block:: text

@@ -122,6 +122,13 @@ store the HTTP status code and message respectively.
    for the standard HTML exception page or ``exception.json.twig`` for the JSON
    exception page.

+Security & 404 Pages
+--------------------
+
+Due to the order of how routing and security are loaded, security information will
+*not* be available on your 404 pages. This means that it will appear as if your
+user is logged out on the 404 page (it will work while testing, but not on production).
+
 .. _testing-error-pages:

 Testing Error Pages during Development

diff --git a/doctrine.rst b/doctrine.rst
@@ -228,6 +228,8 @@ This command executes all migration files that have not already been run against
 your database. You should run this command on production when you deploy to keep
 your production database up-to-date.

+.. _doctrine-add-more-fields:
+
 Migrations & Adding more Fields
 -------------------------------

@@ -715,12 +717,58 @@ relationships.

 For info, see :doc:`/doctrine/associations`.

+.. _doctrine-fixtures:
+
 Dummy Data Fixtures
 -------------------

 Doctrine provides a library that allows you to programmatically load testing
-data into your project (i.e. "fixture data"). For information, see
-the "`DoctrineFixturesBundle`_" documentation.
+data into your project (i.e. "fixture data"). Install it with:
+
+.. code-block:: terminal
+
+    $ composer require doctrine/doctrine-fixtures-bundle --dev
+
+Then, use the ``make:fixtures`` command to generate an empty fixture class:
+
+.. code-block:: terminal
+
+    $ php bin/console make:fixtures
+
+    The class name of the fixtures to create (e.g. AppFixtures):
+    > ProductFixture
+
+Customize the new class to load ``Product`` objects into Doctrine::
+
+    // src/DataFixtures/ProductFixture.php
+    namespace App\DataFixtures;
+
+    use Doctrine\Bundle\FixturesBundle\Fixture;
+    use Doctrine\Common\Persistence\ObjectManager;
+
+    class ProductFixture extends Fixture
+    {
+        public function load(ObjectManager $manager)
+        {
+            $product = new Product();
+            $product->setName('Priceless widget!');
+            $product->setPrice(14.50);
+            $product->setDescription('Ok, I guess it *does* have a price');
+            $manager->persist($product);
+
+            // add more products
+
+            $manager->flush();
+        }
+    }
+
+Empty the database and reload *all* the fixture classes with:
+
+.. code-block:: terminal
+
+    $ php bin/console doctrine:fixtures:load
+
+For information, see the "`DoctrineFixturesBundle`_" documentation.

 Learn more
 ----------

diff --git a/doctrine/registration_form.rst b/doctrine/registration_form.rst
@@ -16,24 +16,19 @@ First, make sure you have all the dependencies you need installed:

    $ composer require symfony/orm-pack symfony/form symfony/security-bundle symfony/validator

-.. tip::
-
-    The popular `FOSUserBundle`_ provides a registration form, reset password
-    form and other user management functionality.
-
 If you don't already have a ``User`` entity and a working login system,
-first start with :doc:`/security/entity_provider`.
+first start by following :doc:`/security`.

 Your ``User`` entity will probably at least have the following fields:

 ``username``
    This will be used for logging in, unless you instead want your user to
-    :ref:`login via email <registration-form-via-email>` (in that case, this
+    :ref:`log in via email <registration-form-via-email>` (in that case, this
    field is unnecessary).

 ``email``
    A nice piece of information to collect. You can also allow users to
-    :ref:`login via email <registration-form-via-email>`.
+    :ref:`log in via email <registration-form-via-email>`.

 ``password``
    The encoded password.
@@ -166,7 +161,7 @@ With some validation added, your class may look something like this::
 The :class:`Symfony\\Component\\Security\\Core\\User\\UserInterface` requires
 a few other methods and your ``security.yaml`` file needs to be configured
 properly to work with the ``User`` entity. For a more complete example, see
-the :ref:`Entity Provider <security-crete-user-entity>` article.
+the :doc:`Security Guide </security>`.

 .. _registration-password-max:

@@ -420,6 +415,11 @@ To do this, add a ``termsAccepted`` field to your form, but set its
 The :ref:`constraints <form-option-constraints>` option is also used, which allows
 us to add validation, even though there is no ``termsAccepted`` property on ``User``.

+Manually Authenticating after Success
+-------------------------------------
+
+If you're using Guard authentication, you can :ref:`automatically authenticate <guard-manual-auth>`
+after registration is successful.
+
 .. _`CVE-2013-5750`: https://symfony.com/blog/cve-2013-5750-security-issue-in-fosuserbundle-login-form
-.. _`FOSUserBundle`: https://github.com/FriendsOfSymfony/FOSUserBundle
 .. _`bcrypt`: https://en.wikipedia.org/wiki/Bcrypt
diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst
@@ -48,8 +48,7 @@ is set to ``true``) when they try to access a protected resource but isn't
 fully authenticated.

 This path **must** be accessible by a normal, un-authenticated user, else
-you may create a redirect loop. For details, see
-":ref:`Avoid Common Pitfalls <security-common-pitfalls>`".
+you may create a redirect loop.

 check_path
 ..........

diff --git a/reference/configuration/web_profiler.rst b/reference/configuration/web_profiler.rst
@@ -45,6 +45,8 @@ It enables and disables the toolbar entirely. Usually you set this to ``true``
 in the ``dev`` and ``test`` environments and to ``false`` in the ``prod``
 environment.

+.. _intercept_redirects:
+
 intercept_redirects
 ~~~~~~~~~~~~~~~~~~~


diff --git a/reference/twig_reference.rst b/reference/twig_reference.rst
@@ -430,7 +430,7 @@ expression
 ~~~~~~~~~~

 Creates an :class:`Symfony\\Component\\ExpressionLanguage\\Expression` in
-Twig. See ":ref:`Template Expressions <security-template-expression>`".
+Twig.

 .. _reference-twig-filters: