How to definitely disable registration in FOSUserBundle

Question

In my project, I allow only one user to manage the content of the website. This user will be added using the command line at first.

Now, I want to get the registration action inaccessible and I don't know how? Till now, I just put the ROLE_ADMIN in the access control for the route register to avoid that visitors can go throw it.

Any tips?

Answer 1

There are many ways to solve this issue. You can simply remove fos_user_registration_register route from routing.yml. Or use more complicated solution: set up event listener to FOS\UserBundle\FOSUserEvents::REGISTRATION_INITIALIZE event and redirect user to login page.

services.xml

<service id="app.registration.listener" class="AppBundle\EventListener\RegistrationListener">
    <tag name="kernel.event_subscriber" />
    <argument type="service" id="router" />
</service>

RegistrationListener.php

<?php

namespace AppBundle\EventListener;

use FOS\UserBundle\Event\GetResponseUserEvent;
use FOS\UserBundle\FOSUserEvents;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;

class RegistrationListener implements EventSubscriberInterface
{
    /**
     * @var UrlGeneratorInterface
     */
    private $router;

    /**
     * @param UrlGeneratorInterface $router
     */
    public function __construct(UrlGeneratorInterface $router) {
        $this->router = $router;
    }

    public static function getSubscribedEvents()
    {
        return [
            FOSUserEvents::REGISTRATION_INITIALIZE => 'onRegistrationInitialize',
        ];
    }

    public function onRegistrationInitialize(GetResponseUserEvent $event)
    {
        $url = $this->router->generate('fos_user_security_login');
        $response = new RedirectResponse($url);

        $event->setResponse($response);
    }
}

Answer 2

Take a look at the routing configuration imported from

vendor/friendsofsymfony/user-bundle/Resources/config/routing/all.xml

If you want just the basic security actions, just import

@FOSUserBundle/Resources/config/routing/security.xml

instead of

@FOSUserBundle/Resources/config/routing/all.xml

This way you can simply select which components (security, profile, resetting, change_password) you want to use or event import only specific routes from those components.

Answer 3

You can just change app/config/security.yml:

- { path: ^/register, role: ROLE_ADMIN }

Change from the default (IS_AUTHENTICATED_ANONYMOUSLY) to ROLE_ADMIN and it will stop allowing anonymous users from getting to the /register form.

Answer 4

Another simple solution (the one I used) is to overwrite the registerAction() default FOSUserBundle controller method:

namespace Acme\UserBundle\Controller;

use FOS\UserBundle\Controller\RegistrationController as FOSRegistrationController;
use Symfony\Component\HttpFoundation\Request;

class RegistrationController extends FOSRegistrationController
{
    public function registerAction(Request $request)
    {
        return $this->redirectToRoute('getStarted', array(), 301);
    }
}

Doing this will leave active other routes, as the confirmation page.

I simply overwrote the register action and redirect the user to my first registration page (getStarted).

Answer 5

If you use the JMSSecurityExtraBundle you can use the denyAll directive like so:

- { path: ^/register, access: denyAll }

Answer 6

This is how I solve this issue...

First you have to define your listener in the services.yml file:

services:
    registrationListner:
      class: App\YourBundle\Listener\RegistrationListener
      arguments: [@service_container]
      tags:
    - { name: kernel.event_listener, event: kernel.request, method: onKernelRequest}

Then create your class RegistrationListener:

<?php
namespace App\YourBundle\Listener;

use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;

class RegistrationListener
{
private $router;

public function __construct(ContainerInterface $container){
    $this->router = $container->get('router');
}

public function onKernelRequest(GetResponseEvent $event)
{

    $route = $event->getRequest()->attributes->get('_route');
    if ($route == 'fos_user_registration_register') {
        //here we're gonna to redirect to you_route for example, I guess in the most cases it will be the index...
        $event->setResponse(new RedirectResponse($this->router->generate('your_route'))); 
    }
}
}

Hope it helps.

Answer 7

You can try to change your routing.yml

fos_user_registration_register:
    path:  /register{trailingSlash}
    defaults: { _controller: AcmeBundle:Default:register, trailingSlash : "/" }
    requirements: { trailingSlash : "[/]{0,1}" }

And in your DefaultController

    public function registerAction(Request $request)
    {
       
        return $this->redirectToRoute('404OrWhatYouWant');
    }