I would like to add facebook login option to my website. I try to follow this tutorial. But if I add the knpu_guard part under the main section, I get this error:
Unrecognized option "knpu_guard" under "security.firewalls.main"
My firewalls section in the security.yml looks like this:
firewalls:
main:
anonymous: ~
#pattern: ^/
provider: our_db_provider
form_login:
login_path: login
check_path: login
logout:
path: /logout
target: /
knpu_guard:
authenticators:
- app.form_login_authenticator
- app.api_token_authenticator
- app.facebook_authenticator
# by default, use the start() function from FormLoginAuthenticator
entry_point: app.form_login_authenticator
I just added the knpu_guard section, nothing else changed under the firewalls section
I think that the tutorial is a little bit obsolete because knpu_guard is no longer accepted.
You can use guard instead as a key in the security.yml file
Discussion
Try to use this
form_login:
login_path: login
check_path: login
provider: user_provider #where is this provider? It shouldn't be fos_userbundle for example?
anonymous: true
Related
I have a symfony application which has inside the Sonata Admin Bundle for the admin part, with it's own firewall (admin) and the firewall for the user part of the application (main).
At the moment, the admin which is connected with sonata can't access the API that is designed for the user because it is authenticated for the Sonata Admin Bundle authenticator and for the API it sees him as a null user or not authenticated one.
I want to allow the admin to access an API that is made for the part of the application that is behind the firewall for the user part.
Config for the firewalls in the security.yaml file:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
admin:
pattern: ^/admin(.*)
form_login:
provider: app_user_admin
login_path: admin_login
use_forward: false
check_path: admin_login
failure_path: null
logout:
path: admin_logout
target: admin_login
anonymous: true
guard:
authenticators:
- App\Security\AdminLoginAuthenticator
main:
anonymous: true
logout:
path: security_logout
guard:
authenticators:
- App\Security\UserLoginAuthenticator
Is there a way to can connect the two authenticators for the admin? Like, on a success login for the admin to call the authenticator for the main firewall?
After some digging and some help, I found out that symfony security has something like this built in.
It's called Symfony context and does the exact same thing.
For future reference, this is what you really need to add to the config file:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
admin:
context: just_a_random_name
pattern: ^/admin(.*)
form_login:
provider: app_user_admin
login_path: admin_login
use_forward: false
check_path: admin_login
failure_path: null
logout:
path: admin_logout
target: admin_login
anonymous: true
guard:
authenticators:
- App\Security\AdminLoginAuthenticator
main:
context: just_a_random_name
anonymous: true
logout:
path: security_logout
guard:
authenticators:
- App\Security\UserLoginAuthenticator
I am using symfony2 with FOSUserBundle and i am trying to set up correctly my firewall.
I want the major part of my website to not be available to anonymous users. Home page (the $ in the public pattern) and some others should be available according to a pattern.
With my current configuration, after login I am redirected to the home page but still as anonymous. If i directly type a url of a page not allowed to anonymous directly afterwards, I can access it and I am logged (in the profiler).
My configuration:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
public:
pattern: /(login$|register|resetting|public|$)
anonymous: true
main:
pattern: ^/
anonymous: false
provider: main
form_login:
login_path: fos_user_security_login
check_path: fos_user_security_check
logout:
path: fos_user_security_logout
target: /
What can I do to make it work properly (logged correctly after login).
EDIT:
I understand better what is happening: after login, I am being redirected to the home page=root address. This falls first into the public firewall and that's whay I'm not seen as connected.
Well you always can hardcode the path that you're redirected after login (in your security.yml file). You can read more here
security:
firewalls:
main:
form_login:
default_target_path: default_security_target
Done! Solution involves the context property of the firewall which is better described here :
Authenticate multiple symfony2 firewalls with one login form
My configuration now becomes:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
guest:
pattern: /(user/login$|user/register|user/resetting|$)
anonymous: true
context: main_auth
main:
pattern: ^/(?!user/login$)
anonymous: false
provider: main
context: main_auth
form_login:
login_path: fos_user_security_login
check_path: fos_user_security_check
logout:
path: fos_user_security_logout
target: /
remember_me:
key: "%secret%"
lifetime: 86400 # 365 jours en secondes
path: /
domain: ~ # Prend la valeur par défaut du domaine courant depuis $_SERVER
oauth:
remember_me: true
resource_owners:
facebook: "/loginhwi/check-facebook"
github: "/loginhwi/check-github"
google: "/loginhwi/check-google"
twitter: "/loginhwi/check-twitter"
linkedin: "/loginhwi/check-linkedin"
flickr: "/loginhwi/check-flickr"
login_path: fos_user_security_login
check_path: fos_user_security_check
failure_path: fos_user_security_login
success_handler: foodmeup_user.handler_auth
oauth_user_provider:
service: fosubuser.provider
So, i have two differents route on my project :
/memberarea
/mobile
The first is for the web version on my application, and the second is for the mobile version.
Here you can see a part of my security.yml :
firewalls:
main:
pattern: ^/
form_login:
login_path: /
provider: fos_userbundle
csrf_provider: form.csrf_provider
default_target_path: /memberarea
logout: true
anonymous: true
mobile:
pattern: /mobile/.*
logout: true
anonymous: true
access_control:
- { path: ^/memberarea, roles: IS_AUTHENTICATED_FULLY }
- { path: ^/mobile, roles: IS_AUTHENTICATED_FULLY }
My problem, when a user login on mobile, i create a session on symfony with the firewall mobile like : $token = new UsernamePasswordToken($user, $request->get('password'), "mobile", $user->getRoles());.....
this user can use all route in /mobile, it's ok. But he can use /memberarea too.
How can i do for login a user just for /mobile, just for /memberarea or for both ?
If I have correctly understood, you want to log into your mobile application with a different session than on your web application.
What I am doing in order to obtain this result is setting up in my security.yml file a different context for each firewall I have.
(If you want to have one session for both you must have the context with the same value for the given firewalls.)
File: app/config/security.yml
firewalls:
main:
pattern: ^/
**context: user**
form_login:
login_path: /
provider: fos_userbundle
csrf_provider: form.csrf_provider
default_target_path: /memberarea
logout: true
anonymous: true
mobile:
pattern: /mobile/.*
*context: mobile_user*
logout: true
anonymous: true
Hope this helped.
I have this in my config
firewalls:
login_firewall:
pattern: ^/login$
anonymous: ~
secured_area:
pattern: ^/admin
form_login:
login_path: /login
check_path: /login_check
logout:
path: /logout
My problem is if i use this then i get
Unable to find the controller for path "/login_check" error
Everything works ok if use
pattern: ^/
Symfony decumentation says to put login_check behind firewall and i don't know how can i do that
As you correctly mentioned Symfony decumentation says to put login_check behind firewall and i don't know how can i do that - this means, that you have to define your login_check in this way:
check_path: /admin/login_check
Source - Common Pitfalls section
I have this security.yml file. I want to know do i need two firewalls or one is ok.
I have read in docs that one firewall is ok and use ACL for further things.
firewalls:
admin:
pattern: /admin(.*)
form_login:
provider: fos_userbundle
login_path: /admin/login
use_forward: false
check_path: /admin/login_check
failure_path: /admin/login
use_referer: true
default_target_path: /admin/dashboard
logout:
path: /admin/logout
target: /admin/login
anonymous: true
main:
pattern: .*
form-login:
provider: fos_userbundle
login_path: /login
use_forward: false
check_path: /login_check
failure_path: null
default_target_path: /main
logout: true
anonymous: true
Yes, you will need two. One firewall protects secure pages, the second firewall allows anonymous access to open pages, which you need to open up at least for your login page (see the common pitfalls section of the security documentation).
You will probably want to add paths to the second firewall for home, password recovery, and any other pages you want anyone to be able to access.
You have two entry points: /login and /admin/login. If you can make do with one, then you could merge down to one firewall.