I'm trying to implement ACL to restric comments on FOSCommentBundle to users role.
I followed step by step the Bundles Doc but shows me an error:
The definition for "acl" has no class.
Thats my app/config/config.yml
fos_comment:
db_driver: orm
class:
model:
comment: BackEndBundle\Entity\Comment
thread: BackEndBundle\Entity\Thread
vote: BackEndBundle\Entity\Vote
acl: true
service:
acl:
thread: fos_comment.acl.thread.roles
comment: fos_comment.acl.comment.roles
vote: fos_comment.acl.vote.roles
manager:
thread: fos_comment.manager.thread.acl
comment: fos_comment.manager.comment.acl
vote: fos_comment.manager.vote.acl
acl_roles:
comment:
create: IS_AUTHENTICATED_ANONYMOUSLY
view: IS_AUTHENTICATED_ANONYMOUSLY
edit: ROLE_ADMIN
delete: ROLE_ADMIN
thread:
create: IS_AUTHENTICATED_ANONYMOUSLY
view: IS_AUTHENTICATED_ANONYMOUSLY
edit: ROLE_ADMIN
delete: ROLE_ADMIN
vote:
create: IS_AUTHENTICATED_ANONYMOUSLY
view: IS_AUTHENTICATED_ANONYMOUSLY
edit: ROLE_ADMIN
delete: ROLE_ADMIN
assetic:
bundles: [ "FOSCommentBundle" ]
I thought that symfony3 didn't have the ACL installed so i tried to with commands but gives me the same error "The definition for "acl" has no class".
Thats my app/config/services.yml
parameters:
services:
acl:
connection: default
You don't have to add ACL configuration to app/config/services.yml. The bundle, FOSCommentBundle in this case, has its own config file for services.
Just install the bundle via Composer and add the bundle into AppKernel.php
$bundles = [
...
new FOS\CommentBundle\FOSCommentBundle(),
...
If you have done all above, just remove the acl: connection: default from app/config/services.yml and it should work. You can check if there are FOSCommentBundle services available by bin\console debug:container fos_comment.
Related
My initial problem is this error:
Too few arguments to function
FOS\UserBundle\Controller\ResettingController::__construct(), 0 passed
in
/var/www/project/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Controller/ControllerResolver.php
on line 200 and exactly 6 expected
that happens when i open the link in the automatic Mail of FosUserBundle FOSMailer::sendResettingEmailMessage
// routing.yml
app:
resource: "#AppBundle/Controller"
type: annotation
prefix:
/{_locale}/
requirements:
_locale: fr|en|es
app_api:
resource: "#AppBundle/Controller/Api"
type: annotation
fos_js_routing:
resource: "#FOSJsRoutingBundle/Resources/config/routing/routing.xml"
fos_user_security_login:
path: /connexion
methods: [ GET, POST ]
defaults: { _controller: FOSUserBundle:Security:login }
fos_user_security_check:
path: /login_check
methods: [ POST ]
defaults: { _controller: FOSUserBundle:Security:check }
fos_user_security_logout:
path: /logout
methods: [ GET, POST ]
defaults: { _controller: FOSUserBundle:Security:logout }
fos_user_resetting_reset:
path: /resetting/reset/{token}
methods: ['GET', 'POST']
defaults: { _controller: FOSUserBundle:Resetting:reset }
I cleared the cache, and i added the 6 parameters with dependency injection:
//services.yml
services:
fos_user.resetting.reset:
class: FOS\UserBundle\Controller\ResettingController
arguments:
- "#event_dispatcher"
- "#fos_user.resetting.form.factory"
- "#fos_user.user_manager"
- "#fos_user.util.token_generator"
- "#fos_user.mailer"
- "%fos_user.resetting.retry_ttl%"
That worked well in dev environnement (in local and on a server), but i still got the same error "too few arguments..." in production.
So cleared the cache again : bin/console c:c --env=prod
removed the cache folder: rm -Rf var/cache/prod
But i still got the error :/
Does anyone have an idea ?
Thank you #Cerad for your help.
I finally found the solution to my problem :
i just realized that the version of fosUserBundle wasn't the same on the 2 servers ...
so i just changed my composer.json with that:
"friendsofsymfony/user-bundle": "2.0.*"
And this works fine!
I am using Symfony 4.1.
I am trying to allow/deny a route according the "dev"/"prod" environment.
I tried to define distinct security configuration files per environment but I am not allow. The following message is displayed loading the Symfony cache :
Configuration path "security.access_control" cannot be overwritten. You have to define all options for this path, and any of its sub-paths in one configuration section.
Here my security section :
security:
access_control:
- { path: '^/$' , roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '^/ping$' , roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '^/docs\.json$' , roles: IS_AUTHENTICATED_ANONYMOUSLY }
I want to allow (without authentication) the docs.json route in dev environment and restrict (with authentication) the docs.json route in prod environment.
Any ideas on how to do that?
With the Symfony ExpressionLanguage component, you can try to add condition: "'%kernel.environment%' === 'dev'" In annotations or whatever you are using to define your route.
The security.firewalls.dev: configuration is used in every Symfony environment (dev,test,prod)!
In Symfony 4, to achieve making some routes available in just some environments, you could do something like this:
Setup:
config/packages/security.yaml:
parameters:
# Adds a fallback SECURITY_DEV_PATTERN if the env var is not set.
env(SECURITY_DEV_PATTERN): '^/(_(profiler|wdt)|css|images|js)/'
security:
firewalls:
dev:
pattern: '%env(SECURITY_DEV_PATTERN)%'
security: false
Override per Symfony environment:
create a new file config/packages/dev/parameters.yaml:
parameters:
env(SECURITY_DEV_PATTERN): '^/(_(profiler|wdt)|css|images|js)/|^/docs'
Now /docs is only available without firewall in the Symfony dev environment
Override using environment variables:
You could also override SECURITY_DEV_PATTERN in the .env file:
SECURITY_DEV_PATTERN=^/(_(profiler|wdt)|css|images|js)/|^/docs
This only works if you don't include the .env in your production environment, or if you specifically override the SECURITY_DEV_PATTERN environment variable there as well.
So I solve the issue by setting-up the dev firewall and updating the pattern to bypass the security.
security:
access_control:
- { path: '^/$' , roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '^/ping$' , roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '^/docs\.json$' , roles: IS_AUTHENTICATED_ANONYMOUSLY }
firewalls:
dev:
pattern: '^/(_(profiler|wdt)|css|images|js|docs)/'
security: false
I wanted to try the new LDAP component in Symfony 2.8 and started to play with it few days ago. However I don't really get it and have problems to authenticate the users. I have followed this article:
http://symfony.com/blog/new-in-symfony-2-8-ldap-component
Here are my configuration files:
# app/config/services.yml
services:
app.ldap:
class: Symfony\Component\Ldap\LdapClient
arguments: ["ldaps://ldap.uni-rostock.de"]
and:
# app/config/security.yml
security:
providers:
# in_memory:
# memory: ~
app_users:
ldap:
service: app.ldap
base_dn: ou=people,o=uni-rostock,c=de
search_dn: uid=tester,ou=people,o=uni-rostock,c=de
search_password: testpass
#filter: (sAMAccountName={username})
filter: (uid={username})
default_roles: ROLE_USER
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
admin:
provider: app_users
stateless: true
pattern: ^/admin
http_basic_ldap:
service: app.ldap
dn_string: "{username}"
Here is a guide (only in German, but the essential part is the code) to connecting to the server:
http://www.itmz.uni-rostock.de/en/software/windows/universitaetsweite-dienste/ldap-authentifizierungsserver/
When I run the server like this: php app/console server:run -vvv and open http://localhost:8000/admin I'm prompted to enter the credentials. Unfortunately I'm not passing through even though I tried many times and I'm very sure I didn't make a typo. In the console there is only this relevant line:
[Fri Mar 11 08:39:32 2016] 127.0.0.1:36632 [401]: /admin
I'm unauthorized (401) and prompted again to enter the credentials.
Am I maybe missing something? I have tried many different combinations, put the values in quotes, tried to add:
access_control:
- { path: ^/admin, roles: ROLE_USER }
to the security.yml, but it didn't help.
There is also another question with somewhat similar problematic:
LDAP Authentication with Symfony 2.8
but I couldn't really move further.
Does someone maybe have an idea what else could I try?
Just for reference, adding this in as the answer:
The issue would be dn_string: "{username}". Unless you're typing a full DN when prompted for a username/password, this will not work. For example, if all your users are in a common OU/container you could make it something like: dn_string: uid={username},ou=people,o=uni-rostock,c=de.
Glad this fixed it!
Hopefully I'm missing something here.
The following security.yml file works without issue in Symfony 2.3. However, upgrading to Symfony 2.8 throws this error:
Argument 2 passed to Symfony\Component\Security\Core\Authentication\Provider\DaoAuthenticationProvider::__construct() must be an instance of Symfony\Component\Security\Core\User\UserCheckerInterface
I've tested this on a fresh install of Symfony 2.8.2 and 2.3, having only changed the security.yml file.
security.yml
security:
providers:
my_in_memory_provider:
memory:
users:
foo:
password: foo
roles: ROLE_USER
bar:
password: bar
roles: [ROLE_USER, ROLE_ADMIN]
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
api:
pattern: ^/api
http_digest:
key: %secret%
anonymous: false
I've checked the upgrade path from 2.3 to 2.8 and nothing has jumped out at me as obviously being the problem. However searching online for the issue hasn't brought up much so I'm guessing I've missed something?
Eventually found out this was a bug in Symfony 2.8.
Fixed here https://github.com/symfony/symfony/pull/17559
I am new to the FriendsOfSymfony UserBundle and everything has been going well until I try to have a user logout. The login works perfectly and I am using the basic configuration that I have seen on many sites. I only have 2 users that need to login. The problem occurs when the user clicks on the logout URL. In this case /logout. I receve a generic server error in the browser and the error_log shows "Premature end of script headers: app_dev.php". If I hit refresh on the error page it goes back to my home page and I am logged out successfully.
Here is my firewall section in security.yml:
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
check_path: fos_user_security_check
csrf_provider: form.csrf_provider
logout: true
anonymous: true
Here is the access_control section of security.yml:
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel:https }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/logout, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
Here is the fos_user section in config.yml
fos_user:
db_driver: orm
firewall_name: main
user_class: Wielding\BassBundle\Entity\User
I am generating the logout url in my twig form with:
logout
If I am not logged into the site and I go manually to the logout url I get redirected back to the default index page without any error. If I am logged in and manually type in the logout url I get the server error. I have tried so many variations of config changes I can't even list them here. They all failed.
I even tried to write my own logout by invalidating the session in the controller and that generates the same error.
My only clue so far is an entry in dev.log:
[2013-07-27 14:51:26] request.CRITICAL: Uncaught PHP Exception Symfony\Component\Debug\Exception\ContextErrorException: "Warning: SessionHandler::write(): Parent session handler is not open in /home/dev2/app/cache/dev/classes.php line 407" at /home/dev2/app/cache/dev/classes.php line 407 {"exception":"[object] (Symfony\\Component\\Debug\\Exception\\ContextErrorException: Warning: SessionHandler::write(): Parent session handler is not open in /home/dev2/app/cache/dev/classes.php line 407 at /home/dev2/app/cache/dev/classes.php:407)"} []
Searching on this initially indicated that this was not something to worry about but I am out of other ideas. This is my final task in getting security working and its freaking me out.
I will gladly provide any other information needed to help solve this really annoying problem. Thanks in advance for any assistance.
It's error of PHP. You need to upgrade php to minium 5.4.11.
Reference:
https://github.com/symfony/symfony/issues/5868