From Zero to Cybersecurity Analyst

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

SymfonyCasts

API Platform Part 2: Security

via SymfonyCasts

Go to class Write review

Overview

Yep! You ❤️your new API Platform-powered API! It's just missing... well... any type of security! This is a big & important topic, so let's take it head-on in part 2 of our API Platform tutorial:

  • API token security? Or tried-and-true session based login form security?
  • CSRF protection? SameSite Cookies? Ice Cream?
  • Security firewall setup for json_login authentication
  • Authorization & roles: restricting access to your operations!
  • Encoding user's password (during user creation/update)
  • API Platform custom data persister
  • Dynamic serialization groups: showing different fields based on the user
  • Custom normalizer for dynamic fields based on user
  • Custom validator to control what data a user can set

Woh. Let's do this!

Syllabus

  • Hello API Security + API Docs on Production?
  • API Auth 101: Session? Cookies? Tokens?
  • Login with json_login
  • Authentication Errors
  • Login Success & the Session
  • On Authentication Success
  • Logout & Passing API Data to JS on Page Load
  • SameSite Cookies & CSRF Attacks
  • ApiResource access_control
  • Bootstrapping a Test Suite
  • Backport the API Platform 2.5 Test Tools
  • Api Tests & Assertions
  • Logging in Inside the Test
  • Resetting the Database Between Tests
  • Base Test Class full of Goodies
  • ACL: Only Owners can PUT a CheeseListing
  • ACL & previousObject
  • Access Control & Voters
  • Adding the plainPassword Field
  • Data Persister: Encoding the Plain Password
  • Validation Groups
  • Conditional Field Setup
  • Testing, Updating Roles & Refreshing Data
  • Context Builder & Service Decoration
  • Context Builder: Dynamic Fields/Groups
  • Automatic Serialization Groups
  • Resource Metadata Factory: Dynamic ApiResource Options
  • Dynamic Groups without Caching
  • Custom Normalizer: Object-by-Object Dynamic Fields
  • Diving into the Normalizer Internals
  • A "Normalizer Aware" Normalizer
  • Normalizer & Completely Custom Fields
  • Locking down the CheeseListing.owner Field
  • Custom Validator
  • Security Logic in the Validator
  • Auto-set the Owner: Entity Listener
  • Query Extension: Auto-Filter a Collection
  • Automatic 404 on Unpublished Items
  • Filtering Related Collections

Taught by

Niels van der Molen and Ryan Weaver

Reviews

Start your review of API Platform Part 2: Security

Go to class

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.