Comments (11)
I think that this is an interesting example, yes. I wouldn't focus as much in particular implementations of users, which is too broad I think, but in a general approach. Users can be as simple as using a memory provider (http://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded) with hardcoded users, and then, if somebody needs something particular, they can always use another provider later on, as this is not something specific of react/symfony.
I guess that we should use something like (https://github.com/lexik/LexikJWTAuthenticationBundle) user/pass form, then getting a user token, and then then being able to use it in subsequent requests. I have used it in the past but not with server-side rendering.
It is an interesting case for the server-side rendering side, yes. I think that we should provide the token as props if the user is already authenticated.
In the client side, my feeling is that this kind of work will be much simpler to integrate with the redux example than the pure react one, as the user state tends to be something that is better stored in redux, so different components can access to it easily, instead of passing it as props in the tree in the simple app.
On a side note, I am also open to change the recipes app. When I thought about adding the forms part, I had initially the idea of making it a "add recipe" form, but then I realized that it would be much more complex because it involves uploading a file and generating thumbnails (so people need gd, imagemagick, or similar, and asking users to have those to run the sandbox is too much). Also the code would be less simple because of all the annoying file handling, which is not in the focus of this sandbox. So if you work on this idea and you have an idea of an example that makes more sense of what to do with users, feel free.
from symfony-react-sandbox.
Yes, but in order to have an example of authentication I wanted an example of something to secure, and I was unhappy with the current example. I thought that it made more sense to have a public "recipes" page plus and small admin. Thus I have done that admin now. Next step is to secure it.
from symfony-react-sandbox.
Hi, I have secured the "admin" part with JWT tokens. It is mostly an example about how to handle it with server side rendering, as without would be just regular use of JWT.
The admin page now, if the user is not yet authenticated, shows a login form in a React component. The Symfony controller knows about this, so it is not providing sensitive data such as the list of recipes in the html of the page (that data is of course public in this demo, but let's pretend that it is not).
Then, after login, we set the JWT token in a cookie, that can be used in subsequent requests to Symfony, so it will know that it should render the admin form instead of the login form server side.
On the other hand, requests to the API are using the JWT in headers. And that is it.
I think that I am going to close this issue, as I think that the initial request is fulfilled. A more complete example, with roles, profile pictures would be the subject of a whole book, and although maybe it is interesting, I cannot just commit myself to writing that kind of tutorial, as it would be a huge investment of time.
Thanks for the suggestion of this issue and for pointing other areas that might be interesting to explore.
from symfony-react-sandbox.
from symfony-react-sandbox.
Thanks @Tylerm22 - But I meant more the session / login process and server side rendering aspects of it. Not how to model a user.
from symfony-react-sandbox.
from symfony-react-sandbox.
Ook, I made some progress. Now the form is about editing recipes, so this means that there is an example of file uploading. In fact image uploading with Validation Constraints working.
With this, the "liform" section could be transformed into some kind of mini-admin app, where to do the auth work.
from symfony-react-sandbox.
Cool, is there anyway you can add the user authentication or some sort of example roles system to the sandbox? I think React would be much better in achieving the goal of real-time user-session checking.
from symfony-react-sandbox.
Ok cool! Hopefully with that example, in addition to user rendering, I can morph the form into something like a user-edit page in an admin site. Will you also be including in the user/roles integration a way to add a role/roles to a user? Also a (request) is to have the app send out realtime notifications without reloading the page and have it auto-send an activation email, etc.
from symfony-react-sandbox.
hows this going??
from symfony-react-sandbox.
@Tylerm22 Where is your PR? I coudn't find it 😄
from symfony-react-sandbox.
Related Issues (20)
- eslint ^4.x isnt suported by babel-eslint HOT 6
- Unused file? HOT 1
- Problem with static routing "Invariant Violation: Browser history needs a DOM" HOT 1
- location of webpack output path/directory structure HOT 2
- Example not working on Android 6 HOT 1
- setup liform bundle without redux? HOT 1
- PhpExecJs: Cannot autodetect any JavaScript runtime HOT 4
- form html output on page not same as schema HOT 1
- windows “EPERM: operation not permitted” on build directory HOT 3
- webpack plugin HOT 1
- Load fixtures exception HOT 1
- [Question] Running this on Docker + nginx HOT 2
- npm errors when install HOT 1
- Usage with homestead HOT 1
- Cannot run SSR with the "external_server" mode HOT 1
- Thank you for this nice boilerplate HOT 1
- Client side only error HOT 1
- [Question] : How could I create pwa with this approach?
- the requested PHP extension intl is missing from your system HOT 4
- Demo is not working
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from symfony-react-sandbox.