How to programmatically login/authenticate a user?

Question

I'd like to log the user in right after the registration process, without passing by the login form.

Is this possible ? I've found a solution with FOSUserBundle, but I'm not using it on the project I'm actually working on.

Here is my security.yml, I'm working with two firewalls. The plain text encoder is just for testing.

security:     encoders:         Symfony\Component\Security\Core\User\User: plaintext         Ray\CentralBundle\Entity\Client: md5      role_hierarchy:         ROLE_ADMIN:       ROLE_USER         ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]      providers:         in_memory:             users:                 admin: { password: admin, roles: [ 'ROLE_ADMIN' ] }         entity:             entity: { class: Ray\CentralBundle\Entity\Client, property: email }      firewalls:         dev:             pattern:  ^/(_(profiler|wdt)|css|images|js)/             security: false          user_login:             pattern:    ^/user/login$             anonymous:  ~          admin_login:             pattern:    ^/admin/login$             anonymous:  ~          admin:             pattern:    ^/admin             provider: in_memory             form_login:                 check_path: /admin/login/process                 login_path: /admin/login                 default_target_path: /admin/dashboard             logout:                 path:   /admin/logout                 target: /          site:             pattern:    ^/             provider: entity             anonymous:  ~             form_login:                 check_path: /user/login/process                 login_path: /user/login                 default_target_path: /user             logout:                 path:   /user/logout                 target: /      access_control:         - { path: ^/user/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }         - { path: ^/admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }         - { path: ^/user, roles: ROLE_USER }         - { path: ^/admin, roles: ROLE_ADMIN }         - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY } 

Answer 1

Yes, you can do this via something similar to the following:

use Symfony\Component\EventDispatcher\EventDispatcher,     Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken,     Symfony\Component\Security\Http\Event\InteractiveLoginEvent;  public function registerAction() {     // ...     if ($this->get("request")->getMethod() == "POST")     {         // ... Do any password setting here etc          $em->persist($user);         $em->flush();          // Here, "public" is the name of the firewall in your security.yml         $token = new UsernamePasswordToken($user, $user->getPassword(), "public", $user->getRoles());          // For older versions of Symfony, use security.context here         $this->get("security.token_storage")->setToken($token);          // Fire the login event         // Logging the user in above the way we do it doesn't do this automatically         $event = new InteractiveLoginEvent($request, $token);         $this->get("event_dispatcher")->dispatch("security.interactive_login", $event);          // maybe redirect out here     } } 

The event firing at the end isn't automatically done when you set a token into the context, whereas it would be normally when using eg a login form or similar. Hence the reason for including it here. You may need to adjust the type of token used, depending on your use case - the UsernamePasswordToken shown above is a core token, but you can use others if required.

Edit: Adjusted the above code to explain the 'public' parameter and also add in the roles of the user into the token creation, based on Franco's comment below.