Public user management bundle for Roadiz v2
Make sure Composer is installed globally, as explained in the installation chapter of the Composer documentation.
Open a command console, enter your project directory and execute:
$ composer require roadiz/user-bundle
Open a command console, enter your project directory and execute the following command to download the latest stable version of this bundle:
$ composer require roadiz/user-bundle
Then, enable the bundle by adding it to the list of registered bundles
in the config/bundles.php
file of your project:
// config/bundles.php
return [
// ...
\RZ\Roadiz\UserBundle\RoadizUserBundle::class => ['all' => true],
];
- Copy API Platform resource configuration file:
./config/api_resources/user.yaml
to your Roadiz projectapi_resource
folder. - Edit your
./config/packages/framework.yaml
file with:
framework:
rate_limiter:
user_signup:
policy: 'token_bucket'
limit: 5
rate: { interval: '1 minutes', amount: 3 }
cache_pool: 'cache.user_signup_limiter'
password_request:
policy: 'token_bucket'
limit: 3
rate: { interval: '1 minutes', amount: 3 }
cache_pool: 'cache.password_request_limiter'
password_reset:
policy: 'token_bucket'
limit: 3
rate: { interval: '1 minutes', amount: 3 }
cache_pool: 'cache.password_reset_limiter'
- Edit your
./config/packages/cache.yaml
file with:
framework:
cache:
pools:
cache.user_signup_limiter: ~
cache.password_request_limiter: ~
cache.password_reset_limiter: ~
- Edit your
./config/packages/security.yaml
file with:
security:
access_control:
# Append user routes configuration
- { path: "^/api/users/signup", methods: [ POST ], roles: PUBLIC_ACCESS }
- { path: "^/api/users/password_request", methods: [ POST ], roles: PUBLIC_ACCESS }
- { path: "^/api/users/password_reset", methods: [ PUT ], roles: PUBLIC_ACCESS }
- { path: "^/api/users", methods: [ GET, PUT, PATCH, POST ], roles: ROLE_USER }
- Edit your
./.env
file with:
USER_PASSWORD_RESET_URL=https://your-public-url.test/reset
USER_VALIDATION_URL=https://your-public-url.test/validate
USER_PASSWORD_RESET_EXPIRES_IN=600
USER_VALIDATION_EXPIRES_IN=3600
- Update your CORS configuration with additional headers
Www-Authenticate
andx-g-recaptcha-response
:
# config/packages/nelmio_cors.yaml
nelmio_cors:
defaults:
# ...
allow_headers: ['Content-Type', 'Authorization', 'Www-Authenticate', 'x-g-recaptcha-response']
expose_headers: ['Link', 'Www-Authenticate']
bin/console users:purge-validation-tokens
: Delete all expired user validation tokens
Report issues and send Pull Requests in the main Roadiz repository