108

In Symfony 2 templates (using Twig), how can I effectively check whether a user is not logged in?

I don't want to use ROLE checks. I want a straightforward way to check if a user is not logged in.

I'm aware that comparing app.user.username with anon works, but that just doesn't feel right to me.

Mohammed Zayan
  • 859
  • 11
  • 20
Tool
  • 12,126
  • 15
  • 70
  • 120

2 Answers2

200

You can check if app.user is set. 

 {% if app.user %}
    # user is logged in
 {% else %}
    # user is not logged in
 {% endif %}
Pedro Cordeiro
  • 2,085
  • 1
  • 20
  • 41
Checksum
  • 3,220
  • 3
  • 23
  • 24
  • 17
    Note that if you want to check if the user is NOT logged in you can use: `{% if not app.user %}` – Mac_Cain13 Feb 11 '13 at 15:49
  • 45
    Use `{% if is_granted('IS_AUTHENTICATED_FULLY') %}` instead. See Symfony2 doc : http://symfony.com/doc/current/book/security.html#retrieving-the-user-object. Also available for Silex : http://silex.sensiolabs.org/doc/providers/security.html#checking-user-roles – Ronan Oct 01 '13 at 10:04
  • 16
    @Ronan ```{% if is_granted('IS_AUTHENTICATED_FULLY') %}``` will only return true if the user has authenticated in the current session. It will return false if the user authenticated via a remember me cookie. Using ```{% if app.user %}``` is correct, if one wants to return true regardless of when the user authenticated. – RayOnAir May 28 '14 at 18:40
  • @Ronan, that doesn't work as it results in the following error: No Authentication Provider found for token of class "Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken". – Harold Jun 20 '14 at 10:26
  • `{% if app.security.token is null or app.security.token.user == 'anon.' %}` that's how I got it working for me – Sebastian G. Marinescu Sep 03 '15 at 22:42
103

Although the current answer answers the OP's question, I would like to add more details.

I understand the OP did not want to check roles, but I am including them so other SO users can copy and paste from this in the future. - everytime I google this, I end up here!

Symfony Doc Sources:

Check if any user logged in (regardless of role)

As answered, you can use app.user to check if any user is logged in.

{% if app.user %}
    # user is logged in (any and all users, regardless of ROLE_*)
{% elseif not app.user %}
    # user is not logged in (note the `not` in the `elseif` statement)
{% endif %}

Checking authentication status

You can use the is_granted() method to check for ROLES, (The below are all roles assigned by symfony, You may also have you own roles (more below)) 

{% if is_granted('IS_AUTHENTICATED_FULLY') %}
    # This user entered their credentials THIS session
{% elseif is_granted('IS_AUTHENTICATED_REMEMBERED') %}
    # User logged in via a cookie (ie: Auth again before doing sensitive things)
{% elseif is_granted('IS_AUTHENTICATED_ANONYMOUSLY') %}
    # This is a `guest` or anonymous user
{% endif %}

from the docs:

IS_AUTHENTICATED_ANONYMOUSLY - automatically assigned to a user who is in a firewall protected part of the site but who has not actually logged in. This is only possible if anonymous access has been allowed.

IS_AUTHENTICATED_REMEMBERED - automatically assigned to a user who was authenticated via a remember me cookie.

IS_AUTHENTICATED_FULLY - automatically assigned to a user that has provided their login details during the current session.

Checking Roles

You can also use is_granted() to check for roles.
Assuming we have 3 roles (ROLE_SUPER_ADMIN, ROLE_ADMIN, & ROLE_USER)

{% if is_granted('ROLE_SUPER_ADMIN') -%}
    # You're `ROLE_SUPER_ADMIN`
{% elseif is_granted('ROLE_ADMIN') -%}
    # You're `ROLE_ADMIN`
{% elseif is_granted('ROLE_USER') -%}
    # You're `ROLE_USER`
{% else %}
    # You're a `nobody` ;P
{%- endif %}

Doing the above inside a controller

View the following answer: How to check if an user is logged in Symfony2 inside a controller?

Community
  • 1
  • 1
Anil
  • 21,730
  • 9
  • 73
  • 100
  • 2
    I'm just curious... what `-%}` and `{%-` stands for ? why not `%}` and `{%` ? – V-Light Jan 01 '15 at 23:42
  • 12
    The `-` removes all trailing whitespace so that it's more readable in the browser source source. More info here: http://twig.sensiolabs.org/doc/templates.html#whitespace-control – Anil Jan 01 '15 at 23:44
  • Forgive me for bringing this old question to live again, but I think I read somewhere that app.user will not be null for anonymous users, isn't that correct? Wouldn't that mean that check for app.user is not sufficient? – pzaj Apr 19 '17 at 12:26
  • @Anil http://symfony.com/doc/2.8/templating/app_variable.html second parameter described is `app.user`, going like that `The value stored in this variable can be a UserInterface object, any other object which implements a __toString() method or even a regular string.`. I don't remember where I read that app.user returns "anon." string unfortunately and under what circumstances. – pzaj Apr 19 '17 at 14:37
  • 1
    @user1970395 The first line in the docs read `The representation of the current user or null if there is none.`, so it will be null. A third party bundle could return a string if it's custom `UserInterface` implementation has a `__toString()` method which is called when anonymous. – Anil Apr 19 '17 at 14:42