How to definitely disable registration in FOSUserBundle

Question

In my project, I allow only one user to manage the content of the website. This user will be added using the command line at first.

Now, I want to get the registration action inaccessible and I don't know how? Till now, I just put the ROLE_ADMIN in the access control for the route register to avoid that visitors can go throw it.

Any tips?

Answer 1

Take a look at the routing configuration imported from

vendor/friendsofsymfony/user-bundle/Resources/config/routing/all.xml

If you want just the basic security actions, just import

@FOSUserBundle/Resources/config/routing/security.xml

instead of

@FOSUserBundle/Resources/config/routing/all.xml

This way you can simply select which components (security, profile, resetting, change_password) you want to use or event import only specific routes from those components.

Answer 2

You can just change app/config/security.yml:

- { path: ^/register, role: ROLE_ADMIN }

Change from the default (IS_AUTHENTICATED_ANONYMOUSLY) to ROLE_ADMIN and it will stop allowing anonymous users from getting to the /register form.

Answer 3

There are many ways to solve this issue. You can simply remove fos_user_registration_register route from routing.yml. Or use more complicated solution: set up event listener to FOS\UserBundle\FOSUserEvents::REGISTRATION_INITIALIZE event and redirect user to login page.

services.xml

<service id="app.registration.listener" class="AppBundle\EventListener\RegistrationListener">
    <tag name="kernel.event_subscriber" />
    <argument type="service" id="router" />
</service>

RegistrationListener.php

<?php

namespace AppBundle\EventListener;

use FOS\UserBundle\Event\GetResponseUserEvent;
use FOS\UserBundle\FOSUserEvents;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;

class RegistrationListener implements EventSubscriberInterface
{
    /**
     * @var UrlGeneratorInterface
     */
    private $router;

    /**
     * @param UrlGeneratorInterface $router
     */
    public function __construct(UrlGeneratorInterface $router) {
        $this->router = $router;
    }

    public static function getSubscribedEvents()
    {
        return [
            FOSUserEvents::REGISTRATION_INITIALIZE => 'onRegistrationInitialize',
        ];
    }

    public function onRegistrationInitialize(GetResponseUserEvent $event)
    {
        $url = $this->router->generate('fos_user_security_login');
        $response = new RedirectResponse($url);

        $event->setResponse($response);
    }
}