vraith/symfony-auth-starter 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

vraith/symfony-auth-starter

Composer 安装命令:

composer require vraith/symfony-auth-starter

包简介

The Laravel Breeze of Symfony — scaffold complete authentication in minutes

README 文档

README

License Symfony PHP

The Laravel Breeze of Symfony — scaffold complete authentication into your app in one command.

One composer require, one php bin/console auth:install, and you have a fully working auth system. After install, you own all the code — no runtime dependency on this package.

Quick Start

composer require vraith/symfony-auth-starter

php bin/console auth:install

# Follow the interactive prompts, then:
php bin/console make:migration
php bin/console doctrine:migrations:migrate

The installer will ask whether to enable Google OAuth and prompt for your sender email address. It generates all files directly into your project.

What Gets Generated

src/
  Entity/User.php                           # Doctrine entity with email, password, googleId, isVerified
  Controller/Auth/
    LoginController.php                     # Login + logout
    RegistrationController.php              # Register + email verification
    ResetPasswordController.php             # Forgot password + reset
    GoogleController.php                    # Google OAuth (optional)
  Form/
    RegistrationFormType.php                # Email + password fields
    ResetPasswordRequestFormType.php        # Email field
    ChangePasswordFormType.php              # Repeated password field
  Security/
    LoginFormAuthenticator.php              # Form login with CSRF + remember me
    GoogleAuthenticator.php                 # OAuth2 authenticator (optional)
templates/auth/
    login.html.twig                         # Login page
    register.html.twig                      # Registration page
    forgot_password.html.twig               # Request password reset
    check_email.html.twig                   # "Check your email" confirmation
    reset_password.html.twig                # New password form
    email/verification.html.twig            # Verification email
    email/reset_password.html.twig          # Password reset email
config/packages/
    security.yaml                           # Full firewall + access control config
    knpu_oauth2_client.yaml                 # Google OAuth client (optional)

Routes

Method Path Name
GET /login app_login
GET /logout app_logout
GET|POST /register app_register
GET /verify/email app_verify_email
GET|POST /reset-password app_forgot_password_request
GET /reset-password/check-email app_check_email
GET|POST /reset-password/reset/{token} app_reset_password
GET /connect/google connect_google_start *
GET /connect/google/check connect_google_check *

* Only when Google OAuth is enabled.

What Each Component Does

LoginFormAuthenticator creates a Symfony Security Passport with UserBadge, PasswordCredentials, CsrfTokenBadge, and RememberMeBadge. It uses TargetPathTrait to redirect users back to where they were before login.

GoogleAuthenticator extends KnpU's OAuth2Authenticator. It fetches the Google user profile, finds or creates a local User, and automatically links Google accounts to existing users with matching email addresses. OAuth users are auto-verified.

ResetPasswordController uses SymfonyCasts' ResetPasswordBundle with an anti-enumeration pattern — it always redirects to the "check your email" page even when no user is found, preventing attackers from probing which emails have accounts.

RegistrationController hashes the password, persists the user, generates a signed email verification URL, and auto-logs in the user via UserAuthenticatorInterface.

Customization

All generated code lives in your src/ and templates/ directories. Edit it directly — there are no bundle overrides, no config layers, no abstractions to learn.

Want to add a username field? Add it to User.php and RegistrationFormType.php. Want to change the email template? Edit templates/auth/email/verification.html.twig. Want to redirect somewhere else after login? Change the route in LoginFormAuthenticator::onAuthenticationSuccess().

Google OAuth Setup

If you enabled Google OAuth during install:

  1. Go to Google Cloud Console
  2. Create a project and enable the Google+ API
  3. Create OAuth 2.0 credentials
  4. Add authorized redirect URI: https://yourdomain.com/connect/google/check
  5. Set the credentials in .env.local:
GOOGLE_CLIENT_ID=your-client-id
GOOGLE_CLIENT_SECRET=your-client-secret

If you didn't install Google OAuth initially, run auth:install again with --force.

To add Google OAuth to an existing install, first require the packages:

composer require knpuniversity/oauth2-client-bundle league/oauth2-google
php bin/console auth:install --force

Prerequisites

All dependencies are pulled in automatically via composer require, including:

  • symfony/security-bundle
  • symfony/twig-bundle
  • symfony/form
  • symfony/validator
  • symfony/mailer
  • doctrine/doctrine-bundle + doctrine/orm
  • symfonycasts/verify-email-bundle
  • symfonycasts/reset-password-bundle

The installer also checks at runtime that the required bundles are registered.

Re-running the Installer

Running auth:install a second time will skip files that already exist. Use --force to overwrite:

php bin/console auth:install --force

Removing the Package

After installation, all auth code lives in your project. You can safely remove the package:

composer remove vraith/symfony-auth-starter

Your auth system will continue to work since it has zero runtime dependency on the bundle.

Roadmap

  • Multi-provider OAuth (GitHub, Facebook, LinkedIn)
  • Two-Factor Authentication (2FA)
  • Rate limiting on login/registration
  • Account management (change email, change password)

License

MIT. See LICENSE.

vraith/symfony-auth-starter 适用场景与选型建议

vraith/symfony-auth-starter 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 5 次下载、GitHub Stars 达 1, 最近一次更新时间为 2026 年 03 月 12 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「symfony」 「security」 「Authentication」 「oauth2」 「login」 「google」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 vraith/symfony-auth-starter 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 vraith/symfony-auth-starter 我们能提供哪些服务?
定制开发 / 二次开发

基于 vraith/symfony-auth-starter 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 5
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 1
  • 点击次数: 30
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 1
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2026-03-12