# User Entity with Symfony This documentation is based on the [official Symfony Documentation](https://symfony.com/doc/current/security/user_providers.html) with some API Platform integrations. ## Creating the Entity and Repository You can follow the [official Symfony Documentation](https://symfony.com/doc/current/security/user_providers.html) and add the API Platform attributes (e.g. `#[ApiResource]`) by your own, or just use the following entity file and modify it to your needs: ```php ['Default', 'user:create']]), new Get(), new Put(processor: UserPasswordHasher::class), new Patch(processor: UserPasswordHasher::class), new Delete(), ], normalizationContext: ['groups' => ['user:read']], denormalizationContext: ['groups' => ['user:create', 'user:update']], )] #[ORM\Entity(repositoryClass: UserRepository::class)] #[ORM\Table(name: '`user`')] #[UniqueEntity('email')] class User implements UserInterface, PasswordAuthenticatedUserInterface { #[Groups(['user:read'])] #[ORM\Id] #[ORM\Column(type: 'integer')] #[ORM\GeneratedValue] private ?int $id = null; #[Assert\NotBlank] #[Assert\Email] #[Groups(['user:read', 'user:create', 'user:update'])] #[ORM\Column(length: 180, unique: true)] private ?string $email = null; #[ORM\Column] private ?string $password = null; #[Assert\NotBlank(groups: ['user:create'])] #[Groups(['user:create', 'user:update'])] private ?string $plainPassword = null; #[ORM\Column(type: 'json')] private array $roles = []; public function getId(): ?int { return $this->id; } public function getEmail(): ?string { return $this->email; } public function setEmail(string $email): self { $this->email = $email; return $this; } /** * @see PasswordAuthenticatedUserInterface */ public function getPassword(): string { return $this->password; } public function setPassword(string $password): self { $this->password = $password; return $this; } public function getPlainPassword(): ?string { return $this->plainPassword; } public function setPlainPassword(?string $plainPassword): self { $this->plainPassword = $plainPassword; return $this; } /** * @see UserInterface */ public function getRoles(): array { $roles = $this->roles; $roles[] = 'ROLE_USER'; return array_unique($roles); } public function setRoles(array $roles): self { $this->roles = $roles; return $this; } /** * A visual identifier that represents this user. * * @see UserInterface */ public function getUserIdentifier(): string { return (string) $this->email; } /** * @see UserInterface */ public function eraseCredentials(): void { $this->plainPassword = null; } } ``` The repository is same as generated by Symfony. For completeness: ```php * * @method User|null find($id, $lockMode = null, $lockVersion = null) * @method User|null findOneBy(array $criteria, array $orderBy = null) * @method User[] findAll() * @method User[] findBy(array $criteria, array $orderBy = null, $limit = null, $offset = null) */ class UserRepository extends ServiceEntityRepository implements PasswordUpgraderInterface { public function __construct(ManagerRegistry $registry) { parent::__construct($registry, User::class); } public function save(User $entity, bool $flush = false): void { $this->getEntityManager()->persist($entity); if ($flush) { $this->getEntityManager()->flush(); } } public function remove(User $entity, bool $flush = false): void { $this->getEntityManager()->remove($entity); if ($flush) { $this->getEntityManager()->flush(); } } /** * Used to upgrade (rehash) the user's password automatically over time. */ public function upgradePassword(PasswordAuthenticatedUserInterface $user, string $newHashedPassword): void { if (!$user instanceof User) { throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', \get_class($user))); } $user->setPassword($newHashedPassword); $this->save($user, true); } } ``` ## Creating and Updating User Password There's no built-in way for hashing the plain password on `POST`, `PUT` or `PATCH`. Happily you can use the API Platform [state processors](../core/state-processors.md) for auto-hashing plain passwords. First create a new state processor: ```php */ final readonly class UserPasswordHasher implements ProcessorInterface { public function __construct( private ProcessorInterface $processor, private UserPasswordHasherInterface $passwordHasher ) { } /** * @param User $data */ public function process(mixed $data, Operation $operation, array $uriVariables = [], array $context = []): User { if (!$data->getPlainPassword()) { return $this->processor->process($data, $operation, $uriVariables, $context); } $hashedPassword = $this->passwordHasher->hashPassword( $data, $data->getPlainPassword() ); $data->setPassword($hashedPassword); $data->eraseCredentials(); return $this->processor->process($data, $operation, $uriVariables, $context); } } ``` Then bind it to the ORM persist processor: ```yaml # api/config/services.yaml services: # ... App\State\UserPasswordHasher: bind: $processor: '@api_platform.doctrine.orm.state.persist_processor' ``` You may have wondered about the following lines in our entity file we created before: ```php operations: [ ... new Post(processor: UserPasswordHasher::class), new Put(processor: UserPasswordHasher::class), new Patch(processor: UserPasswordHasher::class), ... ], ``` This just means we want to run the new created state processor to these specific operations. So we're done. Create a new user, change the password and enjoy!