How to setup all pdf files in specify folder under the symfony firewall ?
I`ve tried:
firewalls:
main:
pattern: ^/(admin|uploads/umowy|uploads/invoices|*.pdf)/
I want to disable open/download any pdf file in /uploads/umowy or /uploads/invoices, User need to be login.
Any Idea?
Related
I am trying to create a custom bundle that is using a special authentication service. This bundle will be used by all of our projects.
I want to make it so it is needed a little configuration to use it.
My problem appears when i'm trying to add a security config inside my package like so:
# security.yml
security:
providers:
specialauth:
id: AuthBundle\Security\SpecialAuthProvider
firewalls:
main:
logout:
path: '/logout'
When I do this inside my bundle I get this error:
Looked for namespace "security", found none
If I move this security configuration inside my app/config it works ok but I want this config to stay in the AuthBundle so the developers don't have to configure much stuff for every project.
Is this a restriction from symfony not allowing security configs from external bundles or what can the problem be?
You can import your security.yml inside the security file of the project:
app/config/security.yml :
imports:
- { resource: '#AuthBundle/Resources/config/security.yml' }
I'm trying to implement a simple login and logout in my symfony app and in the documentation it says I need to create a route to the logout page. And there is a code like this:
# app/config/routing.yml
logout:
path: /logout
I'm trying to paste it into my app/config/routing.yml, so it looks like this:
# app/config/routing.yml
app:
resource: '#AppBundle/Controller/'
type: annotation
logout:
path: /logout
But I get an error
The file "(...)\app/config\routing.yml" does not contain valid YAML
I was searching through the documentation and couldn't find anythig that would help me solve it. I can't really understand how this routing configuration file works and why I get this error.
Suggest when making changes to any yaml file in a development environment, save the yaml first, make the change, then check for error messages. If you get error messages back them out.
Also set up your editor so that it points out things like tabs, spaces, etc... So it's easier to see right away.
I purchased an SSL certificate at OVH in order to have a URL https. They set me the certificate on my website but now, when I access using the https://www.shootandgo.fr , I get errors like
:net::ERR_SSL_UNRECOGNIZED_NAME_ALERT
and the images, the CSS files, and everything else are not found...
I use Symfony 2 and all my resources are on local, in the web directory of Symfony.
OVH has said "we need to tell Symfony2 to use HTTPS" but I do not see how... does anyone have a solution? Thank you in advance!
PS: Sorry for my English... I'm French ^^'
To make symfony2 work with HTTPS, you need to reference these sections in their manual:
http://symfony.com/doc/current/cookbook/routing/scheme.html
http://symfony.com/doc/current/cookbook/security/force_https.html
More information could be found by the links above, but generally speaking everything is defined in app configs:
secure:
path: /secure
defaults: { _controller: AppBundle:Main:secure }
schemes: [https]
and this:
# app/config/security.yml
security:
# ...
access_control:
- { path: ^/secure, roles: ROLE_ADMIN, requires_channel: https }
The said above was related to Symfony2 thing, which you was asking about.
But my guess is, that this error ERR_SSL_UNRECOGNIZED_NAME_ALERT belongs to the wrong server/certificate setup, not to specific framework you are using. You'd need to elaborate more, and to provide additional information to figure this out.
Well i have upload again my website on the server, and everything is normal now...I don't know why there was a problem on it las tt
I am developping a SF2 web-app which is fully behind a firewall: nobody shouldn't be able to see or modify anything before behing logged (except login form, of course).
So here is the firewall part of my security.yml file:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main_login:
pattern: ^/login$
anonymous: true
main:
pattern: ^/
anonymous: false
form_login:
login_path: fos_user_security_login
check_path: fos_user_security_check
logout:
path: fos_user_security_logout
target: /
This works fine: if I type the url http://mywebsite.com/app.php/article/show/1 while unlogged, I am forwarded to the login page.
My problem is that I have some documents and media files located in Symfony's web directory (e.g. myapp/web/document/myTextFile.txt). They are accessible via my app for logged users, but also for non-logged users!
Anybody who types http://mywebsite.com/app.php/document/myTextFile.txt can download the file...
Why doesn't the pattern: ^/ line prevent this? Is the web folder excluded by default because it contains app.php and js/and css/ folder?
How do I protect my documents?
Update: Display protected images
I tried the solution suggested by Gerry, it works fine to protect the download of my documents.
However, I also have pictures in my document folder and I would like to display these pictures, directly included in the relevant pages.
For example, in http://mywebsite.com/app.php/article/show/1 there will be some text and the picture myapp/app/Resources/document/AAA.jpg, and in http://mywebsite.com/app.php/article/show/2 there will be some text and the picture myapp/app/Resources/document/BBB.jpg, etc.
I tried to do it with Assetic but it seems that it is done for "static" images (like top logo, or images which are not object-dependent).
A solution I see is to convert the image in Base64 and include it like this : <img alt="" src="data:image/png;base64(...)" />, but it seems really ugly...
The web directory is your public root directory, being served by the webserver (Apache/Nginx/...).
By default any request to an existing file does not pass Symfony at all, so no firewall setting is going to prevent access to files residing in the web root.
The clean solution is to move these files to another directory, outside the webroot, for example app/Resources/uploads. Then you could write a Symfony controller for downloading these files.
I don't have a working installation of Symfony right now, but try to move your documents from web, if will firewall proceed.
Let me know the answer please, will try to find out a solution if it will not work, or if you will not be able to move those files in production.
I've setup a LiipImagineBundle configuration on a linux computer (xubuntu 14.10) :
routing.yml
_liip_imagine:
resource: "#LiipImagineBundle/Resources/config/routing.xml"
config.yml
liip_imagine:
resolvers:
default:
web_path: ~
filter_sets:
cache: ~
dashboard_thumb:
quality: 75
filters:
thumbnail: { size: [60, 60], mode: outbound }
and in my twig template :
<img src="{{ asset(company.logo.getPath) | imagine_filter('dashboard_thumb') }}">
All sources images are under web/uploads path
This was working fine, image thumbnails are generated under web/media/cache/dashboard_thumb/uploads/
My source files are stored under an USB stick, and i lanch server with server:run commande (so under 127.0.0.1:8000)
But recently, i lanched the server under another computer (linux mint 17) and then, image cache are not generated anymore.
when i look at the generated html source, file path for images are :
http://127.0.0.1:8000/media/cache/resolve/dashboard_thumb/uploads/myimage.png
so i dont know why there is a 'resolve' in the path
Other thing, if i launch the command :
liip:imagine:cache:resolve uploads/myimage.png
the path and image web/media/cache/dashboard_thumb/uploads/myimage.png are well created
why this doesnt work automatically?
Thanks.
Seem a problem about Setting up Permissions. Basically the System operating users for the CLI(and deploy) and the web server must be on the same group.
Check the doc for Symfony Application Configuration and Setup
PS: the command you are looking for is chown but is only a workaround an i suggest you to fix to operating user layer.
Hope this help
... so i dont know why there is a 'resolve' in the path
If You do not have a cache for your image, LiipImagineBundle (imagine_filter in your case) generates a route according this rule
liip_imagine_filter:
path: /media/cache/resolve/{filter}/{path}
defaults:
_controller: '%liip_imagine.controller.filter_action%'
methods:
- GET
requirements:
filter: '[A-z0-9_-]*'
path: .+
, and your request handles by ImagineController https://github.com/liip/LiipImagineBundle/blob/1.0/Controller/ImagineController.php
So, You see not image path, but route. Controller generates the cache and your second request to this image will give you actually path to image.
There is a problem, if your need to attach image to mail message, You have to resolve image before attaching this one.
Also if cache not generates anymore, the problem maybe in your web server configuration. Imagine that Your Nginx decides that web/media/cache/* is static content, so, the route web/media/cache/resolve just not working.