football2801/pictureFrame
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(story-1.4): user login with remember_me, inline error, logout
CI / test (push) Has been cancelled
Details

Browse Source 
- Login Twig template: styled to match register page; inline "Incorrect email or
  password" on both fields (no email-existence disclosure); aria-invalid on error
- security.yaml: always_remember_me: true — REMEMBERME cookie set on every login
- Logout: /logout → session invalidated → 302 /login (Symfony firewall handles it)

Verified: correct creds → 302 / + REMEMBERME cookie; wrong creds → 302 /login +
          inline error on re-render; logout → 302 /login; GET / after logout → 302 /login

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Matt Edholm
2026-04-27 23:36:39 -04:00
parent 85363e98bd
commit d6c21659f0
2 changed files with 103 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config/packages/security.yaml
+1 -1
View File
@@ -26,7 +26,7 @@ security:
remember_me: remember_me:
secret: '%kernel.secret%' secret: '%kernel.secret%'
lifetime: 2592000 # 30 days lifetime: 2592000 # 30 days
always_remember_me: false always_remember_me: true
role_hierarchy: role_hierarchy:
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN] ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN]
templates/security/login.html.twig
+102 -20
View File
@@ -5,29 +5,111 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Sign in — pictureFrame</title> <title>Sign in — pictureFrame</title>
<style> <style>
body { font-family: sans-serif; display: flex; align-items: center; justify-content: center; min-height: 100vh; margin: 0; background: #fdf6ee; } *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
form { width: 100%; max-width: 360px; padding: 2rem; background: #fff; border-radius: 12px; border: 1px solid #e8d9c4; } body {
h1 { margin: 0 0 1.5rem; font-size: 1.4rem; } font-family: system-ui, sans-serif;
label { display: block; margin-bottom: 0.25rem; font-size: 0.875rem; } display: flex;
input { width: 100%; padding: 0.75rem; border: 1px solid #ccc; border-radius: 8px; font-size: 1rem; margin-bottom: 1rem; box-sizing: border-box; } align-items: center;
button { width: 100%; padding: 0.875rem; background: #c97c3a; color: #fff; border: none; border-radius: 9999px; font-size: 1rem; font-weight: 600; cursor: pointer; } justify-content: center;
.error { color: #c0392b; font-size: 0.875rem; margin-bottom: 1rem; } min-height: 100dvh;
a { display: block; text-align: center; margin-top: 1rem; color: #c97c3a; } background: #fdf6ee;
color: #3a2e22;
}
.card {
width: 100%;
max-width: 380px;
margin: 1rem;
padding: 2rem;
background: #fff9f2;
border-radius: 16px;
border: 1px solid #e8d9c4;
}
h1 { font-size: 1.4rem; font-weight: 700; margin-bottom: 1.5rem; }
.field { margin-bottom: 1rem; }
label { display: block; font-size: 0.8125rem; font-weight: 600; color: #8a7060; margin-bottom: 0.375rem; }
input[type="email"],
input[type="password"] {
width: 100%;
min-height: 44px;
padding: 0 0.875rem;
border: 1px solid #e8d9c4;
border-radius: 10px;
background: #fff;
font-size: 1rem;
color: #3a2e22;
transition: border-color 0.15s;
}
input:focus { outline: none; border-color: #c97c3a; }
input[aria-invalid="true"] { border-color: #c0392b; }
.field-error {
margin-top: 0.25rem;
font-size: 0.8125rem;
color: #c0392b;
min-height: 1.2em;
}
.btn {
display: flex;
align-items: center;
justify-content: center;
width: 100%;
min-height: 44px;
margin-top: 1.25rem;
background: #c97c3a;
color: #fff;
border: none;
border-radius: 9999px;
font-size: 1rem;
font-weight: 700;
cursor: pointer;
transition: opacity 0.15s;
}
.btn:hover { opacity: 0.9; }
.register-link { display: block; text-align: center; margin-top: 1rem; font-size: 0.875rem; color: #8a7060; }
.register-link a { color: #c97c3a; text-decoration: none; font-weight: 600; }
</style> </style>
</head> </head>
<body> <body>
<form method="post"> <div class="card">
<h1>Sign in</h1> <h1>Sign in</h1>
{% if error %}
<p class="error">{{ error.messageKey|trans(error.messageData, 'security') }}</p> <form method="post" novalidate>
{% endif %} <div class="field">
<label for="inputEmail">Email</label> <label for="inputEmail">Email address</label>
<input type="email" id="inputEmail" name="_username" value="{{ last_username }}" required autofocus> <input
<label for="inputPassword">Password</label> type="email"
<input type="password" id="inputPassword" name="_password" required> id="inputEmail"
<input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}"> name="_username"
<button type="submit">Sign in</button> value="{{ last_username }}"
<a href="/register">Create account</a> autocomplete="email"
</form> aria-describedby="login-error"
{% if error %}aria-invalid="true"{% endif %}
autofocus
>
</div>
<div class="field">
<label for="inputPassword">Password</label>
<input
type="password"
id="inputPassword"
name="_password"
autocomplete="current-password"
aria-describedby="login-error"
{% if error %}aria-invalid="true"{% endif %}
>
{% if error %}
<p id="login-error" class="field-error" role="alert">Incorrect email or password</p>
{% else %}
<p id="login-error" class="field-error"></p>
{% endif %}
</div>
<input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}">
<button type="submit" class="btn">Sign in</button>
</form>
<p class="register-link">Don't have an account? <a href="/register">Create one</a></p>
</div>
</body> </body>
</html> </html>