From d6c21659f03cdfaeee3e129bcf9b60e2932edc1a Mon Sep 17 00:00:00 2001
From: Matt Edholm <football2801@me.com>
Date: Mon, 27 Apr 2026 23:36:39 -0400
Subject: [PATCH] feat(story-1.4): user login with remember_me, inline error,
 logout
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Login Twig template: styled to match register page; inline "Incorrect email or
  password" on both fields (no email-existence disclosure); aria-invalid on error
- security.yaml: always_remember_me: true — REMEMBERME cookie set on every login
- Logout: /logout → session invalidated → 302 /login (Symfony firewall handles it)

Verified: correct creds → 302 / + REMEMBERME cookie; wrong creds → 302 /login +
          inline error on re-render; logout → 302 /login; GET / after logout → 302 /login

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 config/packages/security.yaml      |   2 +-
 templates/security/login.html.twig | 122 ++++++++++++++++++++++++-----
 2 files changed, 103 insertions(+), 21 deletions(-)

diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index 60d5489..767e988 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -26,7 +26,7 @@ security:
             remember_me:
                 secret: '%kernel.secret%'
                 lifetime: 2592000  # 30 days
-                always_remember_me: false
+                always_remember_me: true
 
     role_hierarchy:
         ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN]
diff --git a/templates/security/login.html.twig b/templates/security/login.html.twig
index a956451..ff280df 100644
--- a/templates/security/login.html.twig
+++ b/templates/security/login.html.twig
@@ -5,29 +5,111 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>Sign in — pictureFrame</title>
     <style>
-        body { font-family: sans-serif; display: flex; align-items: center; justify-content: center; min-height: 100vh; margin: 0; background: #fdf6ee; }
-        form { width: 100%; max-width: 360px; padding: 2rem; background: #fff; border-radius: 12px; border: 1px solid #e8d9c4; }
-        h1 { margin: 0 0 1.5rem; font-size: 1.4rem; }
-        label { display: block; margin-bottom: 0.25rem; font-size: 0.875rem; }
-        input { width: 100%; padding: 0.75rem; border: 1px solid #ccc; border-radius: 8px; font-size: 1rem; margin-bottom: 1rem; box-sizing: border-box; }
-        button { width: 100%; padding: 0.875rem; background: #c97c3a; color: #fff; border: none; border-radius: 9999px; font-size: 1rem; font-weight: 600; cursor: pointer; }
-        .error { color: #c0392b; font-size: 0.875rem; margin-bottom: 1rem; }
-        a { display: block; text-align: center; margin-top: 1rem; color: #c97c3a; }
+        *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+        body {
+            font-family: system-ui, sans-serif;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            min-height: 100dvh;
+            background: #fdf6ee;
+            color: #3a2e22;
+        }
+        .card {
+            width: 100%;
+            max-width: 380px;
+            margin: 1rem;
+            padding: 2rem;
+            background: #fff9f2;
+            border-radius: 16px;
+            border: 1px solid #e8d9c4;
+        }
+        h1 { font-size: 1.4rem; font-weight: 700; margin-bottom: 1.5rem; }
+        .field { margin-bottom: 1rem; }
+        label { display: block; font-size: 0.8125rem; font-weight: 600; color: #8a7060; margin-bottom: 0.375rem; }
+        input[type="email"],
+        input[type="password"] {
+            width: 100%;
+            min-height: 44px;
+            padding: 0 0.875rem;
+            border: 1px solid #e8d9c4;
+            border-radius: 10px;
+            background: #fff;
+            font-size: 1rem;
+            color: #3a2e22;
+            transition: border-color 0.15s;
+        }
+        input:focus { outline: none; border-color: #c97c3a; }
+        input[aria-invalid="true"] { border-color: #c0392b; }
+        .field-error {
+            margin-top: 0.25rem;
+            font-size: 0.8125rem;
+            color: #c0392b;
+            min-height: 1.2em;
+        }
+        .btn {
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            width: 100%;
+            min-height: 44px;
+            margin-top: 1.25rem;
+            background: #c97c3a;
+            color: #fff;
+            border: none;
+            border-radius: 9999px;
+            font-size: 1rem;
+            font-weight: 700;
+            cursor: pointer;
+            transition: opacity 0.15s;
+        }
+        .btn:hover { opacity: 0.9; }
+        .register-link { display: block; text-align: center; margin-top: 1rem; font-size: 0.875rem; color: #8a7060; }
+        .register-link a { color: #c97c3a; text-decoration: none; font-weight: 600; }
     </style>
 </head>
 <body>
-<form method="post">
+<div class="card">
     <h1>Sign in</h1>
-    {% if error %}
-        <p class="error">{{ error.messageKey|trans(error.messageData, 'security') }}</p>
-    {% endif %}
-    <label for="inputEmail">Email</label>
-    <input type="email" id="inputEmail" name="_username" value="{{ last_username }}" required autofocus>
-    <label for="inputPassword">Password</label>
-    <input type="password" id="inputPassword" name="_password" required>
-    <input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}">
-    <button type="submit">Sign in</button>
-    <a href="/register">Create account</a>
-</form>
+
+    <form method="post" novalidate>
+        <div class="field">
+            <label for="inputEmail">Email address</label>
+            <input
+                type="email"
+                id="inputEmail"
+                name="_username"
+                value="{{ last_username }}"
+                autocomplete="email"
+                aria-describedby="login-error"
+                {% if error %}aria-invalid="true"{% endif %}
+                autofocus
+            >
+        </div>
+
+        <div class="field">
+            <label for="inputPassword">Password</label>
+            <input
+                type="password"
+                id="inputPassword"
+                name="_password"
+                autocomplete="current-password"
+                aria-describedby="login-error"
+                {% if error %}aria-invalid="true"{% endif %}
+            >
+            {% if error %}
+                <p id="login-error" class="field-error" role="alert">Incorrect email or password</p>
+            {% else %}
+                <p id="login-error" class="field-error"></p>
+            {% endif %}
+        </div>
+
+        <input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}">
+
+        <button type="submit" class="btn">Sign in</button>
+    </form>
+
+    <p class="register-link">Don't have an account? <a href="/register">Create one</a></p>
+</div>
 </body>
 </html>