In security.yml in firewall/main/form_login I have this:
default_target_path: after_login
always_use_default_target_path: true
I want to create a route named after_login, but without a path, but symfony redirects me to homepage after login.
/**
* #Route(name="after_login")
*/
public function afterloginAction()
I want to nobody have access to this controller's method.
Is it possible to create such route or maybe another way to redirect after login to this method?
I want to add some variables to session but only once after login.
Best way approaching this would be listen on the security.interactive_login event:
default_target_path is not meant for that. That is just an redirect to an controller action, the user profile for example.
Using an controller action once and then make it not-accessible by setting a session key would be an ugly hack.
Read https://symfony.com/doc/current/components/security/authentication.html#authentication-events for that purpose. Using an event listener would make it hidden form the outside world automatically.
This is not possible with #Route. Is there wrong something here, why you want it?
Related
I'm working on a client project that wasn't conceived with services and authorizations, so the user gets logged in and creates a user session.
I have to control the access in a basic "UserboardController".
I have a constructor before any methods :
class UserboardController extends Controller
{
public function __construct() {
$session = new Session();
$uSession = $session->get('user');
if (!isset($uSession)){
return $this->redirectToRoute('logout');
}
}
I tried many ways to redirect and always get this error :
Call to a member function get() on null
Symfony will show me two other traces inside redirectToRoute from ControllerTrait.php :
return $this->redirect($this->generateUrl($route, $parameters), $status);
and
return $this->container->get('router')->generate($route, $parameters, $referenceType);
Any idea how I could simply redirect the user to the logout route ?
This is an important step as the logout method will do other actions based on cookies before logging out and redirecting to the login form.
Logout route is defined and works if the user accesses it from the URL.
Thank you
First of all, if you want to access session you should pass it as argument and get benefit of autowiring. Secondly, this shouldn't be done in a controller's constructor.
Thirdly this looks like the case for the security module of symfony. Symfony when properly configure will return use by default to /logout route of any route that is defined as logout route
So what you need to do is define in security.yaml your firewalls and define in access_control the path that should be under the firewall
Check this for more clues https://symfony.com/doc/current/security/form_login_setup.html
I have two types of users: "vendors" and "clients". And I'm currently using Laravel's built-in Auth Controllers (from the make:auth command) to do my client user authentication.
And since I have two kinds of users, I have changed the $redirectTo property on the LoginController, RegisterController, and ResetPasswordController to /client/home.
Here is proof:
RegisterController
LoginController
Now, it redirects to /client/home every time I successfully do registration, login, and password reset.
But the problem is when I'm in mysite.com/client/home already, whenever I would try to go to mysite.com/register or mysite.com/login via the address bar, it would redirect to mysite.com/home instead of mysite.com/client/home...
How can I make it redirect to mysite.com/client/home whenever an authenticated user tries to go to /login or /register?
The simplest option is to create separate controllers for both of your login areas. It will be easier to manage later on, and you can customise the behaviour a bit better.
The default folder structure looks like this:
app
|__Http
|__Controllers
|__Auth
|__ForgotPasswordController.php
|__LoginController.php
|__RegisterController.php
|__ResetPasswordController.php
You could create an additional folder for your client controllers, like so:
app
|__Http
|__Controllers
|__Auth
| |__ForgotPasswordController.php
| |__LoginController.php
| |__RegisterController.php
| |__ResetPasswordController.php
|__Client
|__Auth
|__ForgotPasswordController.php
|__LoginController.php
|__RegisterController.php
|__ResetPasswordController.php
This way you can customise the $redirectTo properties of each controllers individually.
As an alternative solution, you could overwrite the redirectPath of the RedirectsUsers trait, by creating a redirectPath method in your respective controllers, and return the URL you'd like:
public function redirectPath()
{
if (\Request::is('client/*'))
{
return url('client/home');
}
return url('home');
}
The advantage of this second solution is that you can return controller actions and named routes as well. I personally don't like routing to URLs, as if I ever decide to change them, then I'll have to change them everywhere. Using controller actions seems like a better idea, but you could run into the same problem if you refactor your code later on. I prefer using named routes, as I can give them a sensible name, and never change them again, yet still keep all my redirects in a working order.
I know logout action can be performed by symfony2 security controller by default.
when we give the path Logout like this it works fine.
but I need to perform some action like storing some data into the database when logout is happened.So how can i achieve this thing.
If any have an idea please help me.
you need to define new rule for logout action in routing.yml or annotation (it`s up to you)
logout_user:
pattern: /logoutUser
defaults: { _controller: YourBundle:YourController:logout }
Then it`s only writing code for this action like this:
public function logoutAction() {
//do whatever you want here
//clear the token, cancel session and redirect
$this->get('security.context')->setToken(null);
$this->get('request')->getSession()->invalidate();
return $this->redirect($this->generateUrl('login'));
}
There is also way to do the job proposed by tesmojones
here symfony2 logout
I have an application with people and groups in Symfony, where a person may have a membership with multiple groups. To remove a person from a group, I currently have an action in a 'groupMembers' module that takes a 'delete' method and removes the pair from a many-to-many entity 'group_membership'. The route currently looks something like this:
remove_membership:
url: /group-membership/:group_id/:person_id
class: sfPropelRoute
options: { model: GroupMembership, type: object }
param: { module: groupMembers, action: remove }
requirements:
sf_method: [delete]
To perform this action, the user needs to be logged in, so I restricted it using sfGuard in the module's security.yml:
remove:
is_secure: true
So after clicking a 'remove' link, a user who isn't logged in is taken to the log in screen, but after clicking 'submit' the request is no longer a 'delete' but a 'get', meaning the similar add_to_group route is called instead!
add_to_group:
url: /group-membership/:group_id/:person_id
param: { module: groupMembers, action: create }
...
Is there any way to make sfGuard emulate a delete action and pass the parameters properly, or will I have to use a different route?
It seems that there is no way to achieve this without writing custom code or editing code of sfGuard plugin.
See plugins/sfGuardPlugin/modules/sfGuardAuth/lib/BasesfGuardAuthActions.class.php (its executeSignin method for details) how sign in is handled.
sfGuard gets user referrer and performs redirect with appropriate method of sfAction. This redirect is performed by using http header Location. So browser will use GET method to receive url content.
You can override default signin action and perform redirects from remove_membership route to an action which will use sfBrowser component to emulate POST request, but I highly recommend you to change routing scheme.
In everything CakePHP app I have worked with recently, the login function is empty so how on earth does the login functionality work?? I presume somehow Cake is defaulting, not sure how it knows to even default it, but where is/are these defaults?
i.e function login() {}
look at the auth component https://github.com/cakephp/cakephp/blob/master/cake/libs/controller/components/auth.php#L680
The whole magic happens in the startup() callback of the AuthComponent. That method is triggered before the controller action is executed. It checks if there is POST data in the defined format (data[UserModel][usernameField], etc.), validates it against the User model and redirects you to loginRedirect, if it was successful.
CakePHP knows on which controller/action pair to act through the $loginAction property you can set to the AuthComponent.
http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html
i hope this tutorial will be useful for user login management