I'm using Symfony 3.3 with FOSUserBundle 2.0. I can't get the reset password feature to work. I go to request resetting page, type an email or username and click on submit and it redirects me to login page without any error shown in the view.
I looked at the log and it gives me this error :
security.DEBUG: Access denied, the user is not fully authenticated; redirecting to authentication entry point. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AccessDeniedException(code: 403): Access Denied. at .../vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php:125)"} []
Security.yml :
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
{...}
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
default_target_path: /verifInit
logout: true
anonymous: true
switch_user:
role: ROLE_ADMIN
provider: fos_userbundle
parameter: username
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
providers:
in_memory:
memory:
users:
user: { password: userpass, roles: [ 'ROLE_USER' ] }
admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
fos_userbundle:
id: fos_user.user_provider.username
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
When I remove switch_user part in security.yml, it's working well. Do you have an idea why ? I need switch_user feature for my project so I can't remove it.
switch_user: true
and
security:
role_hierarchy:
ROLE_ADMIN: [ROLE_USER, ROLE_ALLOWED_TO_SWITCH]
Try this way.
Related
I'm using Symfony 3.1 with FOSUserBundle.
I read the docs and integrated FOS in Symfony, here all right, the registration seems to work well and persists the data to the DB, BUT, if I try to login I get redirected again to the login page as an anonymous user.
I checked the Symfony Profiler, and I can see that when it's called the path /login_check (in the profiler) the user result as authenticated, but then after the /login_check phase, when I get redirected, the user is as anonymous...
--
/login_check from profiler:
Property Value
Roles [ROLE_USER]
Inherited Roles none
Token class Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken
--
The sessions seems to exist (dump(app.session)) is not empty, but no stores data of user.
That's my security.yml:
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
login_path: /login
check_path: /login_check
default_target_path: /redirLogIn
# csrf_token_generator: security.csrf.token_manager
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: ^/admin.*, role: ROLE_ADMIN}
# - { path: ^/, role: ROLE_USER}
(I disabled the csrf token due to problems on registration)
(This is an intranet, there is no "homepage", as you open the site you are requested to login)
Why this?
Thanks
I'm not sure I understand the question you are asking, but maybe it's why you are being directed to login when you open the site?
If so, this is why:
default_target_path: /redirLogIn
Change the above to the path (route) you need.
You need to improve the indentation in the file
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
in_memory:
memory: ~
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
# activate different ways to authenticate
# http_basic: ~
# http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate
# form_login: ~
# http://symfony.com/doc/current/cookbook/security/form_login_setup.html
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
# if you are using Symfony < 2.8, use the following config instead:
# csrf_provider: form.csrf_provider
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
I can't understand why anonimous user can access to routes I want to protect "^/nodes$" and "^/destinations$".
Where I'm wrong? I've read with attention this resource http://symfony.com/doc/current/book/security.html but anyway those url can viewed by anonimous!
This is my security.yml:
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
memory:
users:
user: { password: athena_user_2014, roles: [ 'ROLE_USER' ] }
admin: { password: athenaspa2014, roles: [ 'ROLE_ADMIN' ] }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/backend
form_login:
check_path: /backend/login_check
login_path: /backend/login
csrf_provider: form.csrf_provider
logout:
path: /backend/logout
target: /
#http_basic:
# realm: "Secured Demo Area"
access_control:
- { path: ^/nodes, roles: ROLE_ADMIN }
- { path: ^/destinations, roles: ROLE_ADMIN }
Your paths are not part of any of your firewall-patterns. You could make the following changes for it to work:
firewalls:
secured_area:
pattern: ^/
...
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/backend, role: ROLE_ADMIN }
- { path: ^/node, role: ROLE_ADMIN }
...
- { path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }
The last path is pretty much, what anonymous: true does. When no other access-control matched, the user is not required to be logged in. If you want to be more restrictive, you could do it like the first path ^/login$ which specifies which routes require authentication. Be aware, that the first matching route is used, so be careful of how you order them.
Alternatively you could add another firewall. But keep in mind, that each firewall provides a separate login.
You can also test your routes from the console using the php app/console router-commands. If you are not sure how to use them just type php app/console help router:match for instance
I have a little problem of logout on my admin bundle.
When I log in to admin with the In Memory, this works but I can't logout.
On the other side, logout for users works perfectly. Did I miss something ?
This is my security.yml
security:
encoders:
Esimed\FrontBundle\Entity\Company:
algorithm: sha1
encode_as_base64: false
iterations: 1
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
companies:
entity: { class: Esimed\FrontBundle\Entity\Company, property: email }
in_memory:
memory:
users:
admin: { password: adminpass, roles: 'ROLE_ADMIN' }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
admin:
pattern: ^/admin
http_basic:
realm: "Administration"
provider: in_memory
logout:
invalidate_session: true
path: /admin/company/logout
target: /
anonymous: ~
main:
pattern: ^/
form_login:
check_path: esimed_front_company_login_check
login_path: esimed_front_company_login
logout:
path: /company/logout
target: /
anonymous: ~
access_control:
- { path: ^/company/add$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/company/create$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/company/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/job/view/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/company/search, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/company/category-list, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/company/company-list, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/company, roles: ROLE_COMPANY }
- { path: ^/job, roles: ROLE_COMPANY }
- { path: ^/admin, roles: ROLE_ADMIN }
As Elnur Abdurrakhimov states for an answer to a similar question:
Since you are using HTTP authentication, the reason might be that your
browser caches your credentials and relogins automatically. Try using
HTML form authentication and see if the problem persists.
Try using the following for your security.yml
admin:
pattern: ^/admin
provider: in_memory
form_login:
check_path: /check_login
login_path: /admin/login
logout:
invalidate_session: true
path: /admin/company/logout
target: /
anonymous: ~
...
access_control:
- { path: ^/admin/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
...
This way you are still able to authenticate using the in memory provider and if you want you can still have your credentials saved by the browser but logging out will destroy the cookie and session used to authenticate you and wont automatically log you back in.
I have a symfony 2 app, with normal members and admin area, but for some reason, i can't get the admin area login part to work. Read all the questions here about the theme and try them but none of them worked for me.
The initial problem i think, is the check route is not behind the firewall, so symfony security not recognise it.
my security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
Symfony\Component\Security\Core\User\User: sha512
firewalls:
alogin:
pattern: ^/admin/login$
security: false
main:
pattern: ^/admin
provider: in_memory
form_login:
check_path: /admin/login_check
login_path: /admin/login
default_target_path: /admin/list
logout:
path: /admin/logout
target: /admin
main:
pattern: ^/(?!admin)
form_login:
provider: fos_userbundle
login_path: /
failure_handler: public.failed_login_handler
success_handler: public.success_login_handler
logout: true
anonymous: true
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
in_memory:
memory:
users:
ryan: { password: ryanpass, roles: 'ROLE_ADMIN' }
role_hierarchy:
ROLE_VIP: ROLE_USER
ROLE_ADMIN: ROLE_VIP
ROLE_SUPER_ADMIN: ROLE_ADMIN
access_control:
- { path: ^/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/.*, role: ROLE_ADMIN }
- { path: ^/admin, role: ROLE_ADMIN }
- { path: ^/.*, role: ROLE_USER }
Without the main firewall, it's working, with it, i got 404 for the /admin/login_check.
Problem that you have 2 firewalls with the same name main. Firewall must be with unique name.
I have followed the installation guide for FOSUserBundle and got the following error on the step 8:
[Symfony\Component\DependencyInjection\Exception\ServiceNotFoundException]
ServiceNotFoundException: The service "security.authentication.manager" has a dependency on a non-existent service "security.user.provider.concrete.fos_userbundle".
This is my security.yml:
# app/config/security.yml
security:
providers:
fos_userbundle:
id: fos_user.user_manager
encoders:
Symfony\Component\Security\Core\User\User: plaintext
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
users:
user: { password: userpass, roles: [ 'ROLE_USER' ] }
admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/demo/secured/login$
security: false
secured_area:
pattern: ^/demo/secured/
form_login:
check_path: /demo/secured/login_check
login_path: /demo/secured/login
logout:
path: /demo/secured/logout
target: /demo/
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
Should I register service manually? How to proceed?
Try removing the second providers: block (so just the fos_userbundle one remains) ...