Architecture of a web project on Symfony Maksym Moskvychev 

Page with a Form in Symfony 

Validation rules Application design for a page with a form Form Entity Template Symfony 2 Core Controller Request Response Form instance Doctrine If Form is valid It contains Entity Controller asks to save Entity Session Set success message Is Form Valid ? HTTP Request HTTP Response 

Application design for a page with a form Controller action is responsible for 3 types of requests: 1. Form is rendered first time 2. Handle success form submission 3. There was error in form validation. Render a form with errors. Get form instance Handle Request by the form Render a template Check if Form is Valid Save entity to DB. Add success message to session. Add error message to session. Form is submitted 1 3 2 + + Redirect to some page 

Page with a form and custom logic Registration service Authentication Service For example, this is a registration form. After user is registered we have to send him welcome email, then notify moderator to check this user, and authenticate. User Mailer Service send welcome email authenticate Doctrine persist in database 

Page with a form and custom logic Registration service If you have any custom logic – keep it all in a service classes. Get form instance Handle Request by the form Render a template Check if Form is Valid Add error message to session. Form is submitted 1 3 2 + + Redirect to some page 

Unit testing of the Service class All relations are replaced by mocks Tested class is the only one real class in the test. Only it can be created via new Unit test Registration service Authentication Service User Mailer Service send welcome email authenticate Doctrine persist in database The test itself checks that when user is registered – all needed services will be called. 

Page with a List in Symfony 

Application design for a page with a list Template Symfony 2 Core Controller Request Response Doctrine Controller fetch entity repository HTTP Request HTTP Response Entity repository ->findBy() data 

Introduction of service layer Template Symfony 2 Core Controller Request Response Doctrine Fetch entity repository HTTP Request HTTP Response Entity repository ->findBy() data Service class getListData data 

Advantages of service layer on a page with a list  Less logic and dependencies in controller.  Ability to re-use data for the list in another place.  Ability to cover fetching logic by Unit test. 

Build-in abilities of entity repositories findBy( array $criteria, array $orderBy = null, $limit = null, $offset = null ) 

When you need a custom SQL query 1. Create method in entity repository 2. Define your logic in object-oriented way 

Functional tests in Symfony 

Tips about Functional tests • Functional tests make requests to controllers, and check response. • Functional tests are good in checking that all components are integrated in a right way. • Amount of tests should by under control. 

Functional and Unit tests Run Functional tests Clear database Create database schema Run fixtures Run migrations Run test Run test Run Unit tests Run next test Run next test 

How to set up environment for Functional tests Option 1. Bootstrap file. Option 2. setUp method. 

Bundles in Symfony 

Bundle structure Controllers Templates Services Entities Entity Repositories Pictures JavaScript CSS Listeners Presentation layer Service layer Database layer Unit tests Functional tests 

Use one App Bundle 

Example of multiple bundle architecture All custom bundles Bundles in Vendors Symfony Framework Bundle Symfony Components Doctrine Twig Core Bundle Site A Bundle Site B Bundle Incorrect case Core Bundle Site A Bundle Site B Bundle 

Multilingual support in Symfony 

Purpose of multilingual support Translation of user interface Translation of content Switching between locales  Static text on pages  Form fields  Menus  Messages to user Localized versions of content from DB  How to determine User locale?  Switching between locales Even if your site is only in English now, you should take care of its multilingual abilities. Nobody knows what will be with the project in 5 years. But if the project is success, it will go to another countries. 

 Use keys instead of strings everywhere  Define real text for each key in translation file. Translation of user interface 

Validation rules Form Entity Template Symfony 2 Core Controller Request Response Form instance Doctrine If Form is valid It contains Entity Controller asks to save Entity Translation files Session Set success message Is Form Valid ? HTTP Request HTTP Response Translation of user interface 

Translation of content Custom DB structure. Doctrine ODM 

Web application security and Symfony 

Symfony resolves some vulnerabilities Cross Site Scripting SQL Injection Cross Site Request Forgery Information Disclosure Authorization policy 

Policy: save as it is, escape on output 

SQL Injection Policy: pass to database raw data, bind variables to query. 

Cross Site Request Forgery Policy: all not-safe requests should be protected by CSRF token 

Information Disclosure & Authorization policy Policy: white-list access to resources Security component in Symfony allows to configure: • Firewalls to set up Authentication policy. • User providers to get list of users for Authentication. • Access rules to match a resource and a role. • Role hierarchy to define dependencies between roles. • Encoders to define algorithm to encode passwords. 

Q & A