So I made that Role_User could access the website only from a certain IP adress. Everything works like a charm except if a user is connecting from a different IP I try to redirecting it to /en/logout. But it pops up an error
"You must activate the logout security firewall configuration".
Really need help.
security:
encoders:
App\Entity\User: bcrypt
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/
user_checker: App\Security\UserChecker
anonymous: true
stateless: false
guard:
authenticators:
- App\Security\TokenAuthenticator
remember_me:
secret: '%kernel.secret%'
lifetime: 604800
path: /
form_login:
provider: fos_userbundle
check_path: fos_user_security_check
login_path: fos_user_security_login
csrf_token_generator: security.csrf.token_manager
logout:
path: fos_user_security_logout
target: /(%app_locales%)/login
access_denied_url: /(%app_locales%)/logout
role_hierarchy:
ROLE_USER: ROLE_USER
ROLE_TEAMLEAD: ROLE_CUSTOMER
ROLE_ADMIN: ROLE_TEAMLEAD
ROLE_SUPER_ADMIN: ROLE_ADMIN
access_control:
- { path: '^/(%app_locales%)/timesheet', role: ROLE_USER, ip: [IP.IP.IP.IP] }
- { path: '^/(%app_locales%)/timesheet', role: ROLE_ADMIN }
- { path: '^/(%app_locales%)/timesheet', roles: ROLE_NO_ACCESS }
- { path: '^/(%app_locales%)$', role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '^/(%app_locales%)/login', role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '^/(%app_locales%)/register', role: IS_AUTHENTICATED_ANONYMOUSLY, ip: [IP.IP.IP.IP] }
- { path: '^/(%app_locales%)/resetting', role: IS_AUTHENTICATED_ANONYMOUSLY, ip: [IP.IP.IP.IP] }
- { path: '^/(%app_locales%)/', roles: ROLE_USER, ip: [IP.IP.IP.IP] }
- { path: '^/api', roles: IS_AUTHENTICATED_REMEMBERED, ip: [IP.IP.IP.IP] }
- { path: '^/(%app_locales%)/login$', roles: ROLE_NO_ACCESS }
You need to provide path to logout in your access_control list with right parameters. Now your /en/logout authorised by role ROLE_USER and ip [IP.IP.IP.IP]. You need to add next line:
access_control:
...
- { path: '^/(%app_locales%)/logout', roles: ROLE_USER }
...
As you can see I removed dependency on IP-address to be authorised on path /en/logout. Now it depends only on ROLE_USER role of your user.
I think that on top of the access_control entry that Michael posted, you should change the
access_denied_url: /(%app_locales%)/logout
into
access_denied_url: fos_user_security_logout
That seemed to be the issue in a similar case
Related
i created this website and used FOS_user bundle as user Manager, while developing the application everything worked fine, i can log in and register and everything on local machine using wampserver, but when i uploaded it to a hosting server the problem started, i can login on admin.domain on both dev and prod environments but not on www.domain, i get www.domain/login_check and "this page isn't working" any help will be appreciated
security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
# https://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
user_checker: security.user_checker
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
check_path: fos_user_security_check
csrf_token_generator: security.csrf.token_manager
# default_target_path: homepage
# always_use_default_target_path: true
logout:
path: fos_user_security_logout
target: homepage
anonymous: true
http_basic: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/ar/admin/, role: ROLE_ADMIN }
- { path: ^/en/admin/, role: ROLE_ADMIN }
- { path: ^/fr/admin/, role: ROLE_ADMIN }
after 3 days of trying to figure this out and after trying every possible solution turns out it's a server problem, they needed to add permission to access user table from www.domain
I have got a v weird issue with one of my symfony ( 2.8) apps, out of nowhere the login just stopped working, submitting the login form just brought me back to login page again, no bad credentials error and no system issue warning.
I looked at my cookies in the browser , as this worked in incognito mode, and i had 2 PHPSESSID, is this normal? removing the cookies allowed me to log in again with no issue. am trying to get to the bottom of how to reproduce this as its not something i want to go into my production env
here is the current security yml:
security:
acl:
connection: default
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_USER: ROLE_USER
ROLE_CLIENT_PROGRAMME_ADMIN: ROLE_CLIENT_PROGRAMME_ADMIN
ROLE_ADMIN: ROLE_PROGAMME_ADMIN
ROLE_SUPER_ADMIN: ROLE_SUPER_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
oauth_token:
pattern: ^/oauth/v2/token
anonymous: true
api:
pattern: ^/api
fos_oauth: true
stateless: true
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: security.csrf.token_manager # Use form.csrf_provider instead for Symfony <2.4
success_handler: auth.service.redirect.after.login
logout: true
anonymous: true
access_control:
- { path: ^/oauth/v2/token, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/user/password/reset$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/docs$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/$, roles: [ROLE_USER] }
- { path: ^/client, roles: [ROLE_CLIENT_PROGRAMME_ADMIN, ROLE_ADMIN, ROLE_SUPER_ADMIN] }
- { path: ^/portal, roles: [ROLE_ADMIN, ROLE_SUPER_ADMIN] }
- { path: ^/admin, roles: [ROLE_ADMIN, ROLE_SUPER_ADMIN] }
- { path: ^/, roles: [SECTION_CHECK, ROLE_PROGAMME_ADMIN, ROLE_SUPER_ADMIN] }
My access control doesn't work. When I'm anonymous, I can access to the url /admin, or normally it's must be impossible.
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
default_target_path: liste_projet
always_use_default_target_path: true
login_path: /
# if you are using Symfony < 2.8, use the following config instead:
# csrf_provider: form.csrf_provider
logout: true
anonymous: ~
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/inscription, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
Do you have an idea? A bad configuration of me? I'm using symfony3
Change
- { path: ^/admin/, role: ROLE_ADMIN }
to
- { path: ^/admin, role: ROLE_ADMIN }
Otherwise when you request the /admin page, the path won't match with the first one.
I have a little problem of logout on my admin bundle.
When I log in to admin with the In Memory, this works but I can't logout.
On the other side, logout for users works perfectly. Did I miss something ?
This is my security.yml
security:
encoders:
Esimed\FrontBundle\Entity\Company:
algorithm: sha1
encode_as_base64: false
iterations: 1
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
companies:
entity: { class: Esimed\FrontBundle\Entity\Company, property: email }
in_memory:
memory:
users:
admin: { password: adminpass, roles: 'ROLE_ADMIN' }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
admin:
pattern: ^/admin
http_basic:
realm: "Administration"
provider: in_memory
logout:
invalidate_session: true
path: /admin/company/logout
target: /
anonymous: ~
main:
pattern: ^/
form_login:
check_path: esimed_front_company_login_check
login_path: esimed_front_company_login
logout:
path: /company/logout
target: /
anonymous: ~
access_control:
- { path: ^/company/add$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/company/create$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/company/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/job/view/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/company/search, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/company/category-list, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/company/company-list, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/company, roles: ROLE_COMPANY }
- { path: ^/job, roles: ROLE_COMPANY }
- { path: ^/admin, roles: ROLE_ADMIN }
As Elnur Abdurrakhimov states for an answer to a similar question:
Since you are using HTTP authentication, the reason might be that your
browser caches your credentials and relogins automatically. Try using
HTML form authentication and see if the problem persists.
Try using the following for your security.yml
admin:
pattern: ^/admin
provider: in_memory
form_login:
check_path: /check_login
login_path: /admin/login
logout:
invalidate_session: true
path: /admin/company/logout
target: /
anonymous: ~
...
access_control:
- { path: ^/admin/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
...
This way you are still able to authenticate using the in memory provider and if you want you can still have your credentials saved by the browser but logging out will destroy the cookie and session used to authenticate you and wont automatically log you back in.
I have a symfony 2 app, with normal members and admin area, but for some reason, i can't get the admin area login part to work. Read all the questions here about the theme and try them but none of them worked for me.
The initial problem i think, is the check route is not behind the firewall, so symfony security not recognise it.
my security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
Symfony\Component\Security\Core\User\User: sha512
firewalls:
alogin:
pattern: ^/admin/login$
security: false
main:
pattern: ^/admin
provider: in_memory
form_login:
check_path: /admin/login_check
login_path: /admin/login
default_target_path: /admin/list
logout:
path: /admin/logout
target: /admin
main:
pattern: ^/(?!admin)
form_login:
provider: fos_userbundle
login_path: /
failure_handler: public.failed_login_handler
success_handler: public.success_login_handler
logout: true
anonymous: true
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
in_memory:
memory:
users:
ryan: { password: ryanpass, roles: 'ROLE_ADMIN' }
role_hierarchy:
ROLE_VIP: ROLE_USER
ROLE_ADMIN: ROLE_VIP
ROLE_SUPER_ADMIN: ROLE_ADMIN
access_control:
- { path: ^/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/.*, role: ROLE_ADMIN }
- { path: ^/admin, role: ROLE_ADMIN }
- { path: ^/.*, role: ROLE_USER }
Without the main firewall, it's working, with it, i got 404 for the /admin/login_check.
Problem that you have 2 firewalls with the same name main. Firewall must be with unique name.