Im just new to Symfony. So I have a task on my work to create a
traditional login form. So I've created a firewall and access_control on my security.yml named main like so:
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
profiler1:
pattern: ^/_profiler
security: false
anonymous: true
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
gos_websocket:
pattern: ^/channel
security: false
oauth_token:
pattern: ^/oauth/v2/token
security: false
api_doc:
pattern: ^/api/doc
security: false
oauth_authorize:
pattern: ^/oauth/v2/auth
security: false
api:
pattern: ^/api
fos_oauth: true
stateless: true
anonymous: false
main:
pattern: ^/
#stateless: false
#simple_preauth:
# authenticator: apikey_authenticator
#provider: api_key_account_provider
provider: ms.user_provider
logout:
path: /security/logout
target: /security/login
form_login:
login_path: /security/login
check_path: /security/check-login
default_target_path: /dashboard
always_use_default_target_path: true
#anonymous: true
# activate different ways to authenticate
# http_basic: ~
# http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate
# form_login: ~
# http://symfony.com/doc/current/cookbook/security/form_login_setup.html
access_control:
#- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
# - { path: ^/, roles: IS_AUTHENTICATED_FULLY }
- { path: ^/security/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: IS_AUTHENTICATED_FULLY }
When I try to access the security/login URL it said that it encounters too many redirects? Why is that so?
Thanks!
You missed an "s"
- { path: ^/security/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
Related
I have to have jwt auth for my REST API. Now everything works fine but when I'm trying to get token via pair email/password I get an error: Bad credentials. When I use username/password everything is ok.
My security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
api_doc:
pattern: ^/api/doc
anonymous: true
security: false
login:
pattern: ^/login
stateless: true
anonymous: true
form_login:
check_path: /login
username_parameter: username
password_parameter: password
provider: fos_userbundle
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
require_previous_session: false
api:
pattern: ^/api
stateless: true
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
password:
pattern: ^/user/passwords
anonymous: true
security: false
access_control:
- { path: ^/user/passwords, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
config.yml
lexik_jwt_authentication:
private_key_path: '%jwt_private_key_path%'
public_key_path: '%jwt_public_key_path%'
pass_phrase: '%jwt_key_pass_phrase%'
token_ttl: '%jwt_token_ttl%'
user_identity_field: email
So the answer was to add new user provider:
providers:
main_provider:
entity: { class: UserBundle\Entity\User, property: email }
I don't know why default fos_userprovider didn't work. Maybe some setup in error.
For check_path it have be
check_path: /login_check
Question,
I have ldap login page for symphony2 that works well, i can login and it redirects to correct page, what bothers me is that, when i try to go to /login url yet again as user, i still can see login page/form, it does not redirect me to homepage?
After i login i can see i have role -> Roles [ROLE_USER]
Any idea how to fix that?
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/css/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/js/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/images/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_USER }
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/
provider: app_users
form_login_ldap:
service: app.ldap
dn_string: "cos"
check_path: /login_check
login_path: /login
default_target_path: homepage
logout:
path: /logout
target: /
invalidate_session: false
delete_cookies:
a: { path: null, domain: null }
b: { path: null, domain: null }
anonymous: ~
try to change firewalls settings as below
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/
provider: app_users
form_login_ldap:
service: app.ldap
dn_string: "cos"
check_path: /login_check
use_forward: false
login_path: /login
default_target_path: homepage
logout:
path: /logout
target: /
invalidate_session: false
delete_cookies:
a: { path: null, domain: null }
b: { path: null, domain: null }
anonymous: ~
You could add the following in your loginAction()
if ($this->get('security.context')->isGranted('ROLE_USER')) {
return $this->redirect($this->generateUrl('homepage'));
} else {
return $this->redirect($this->generateUrl('login'));
}
I'm trying to create a login form in symfony2
When enter correct information, the redirect enter in loop and a message: "No data received" or "Connect Reset" is showed. if i enter with wrong information, the message: Bad Credencial is showed.
My security.yml
Segue o security.yml que criei
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login_firewall:
pattern: ^/login$
anonymous: ~
secured_area:
pattern: ^/
provider: meu_provider
form_login:
login_path: login
check_path: login_check
logout:
path: logout
target: homepage
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_USER }
The user IS ROLE_USER in $user->getRoles()
Thanks!
Sorry by my English!
In cookbook http://symfony.com/doc/current/cookbook/security/form_login_setup.html firewall containing login form and check path (which is the same in example) are defined in firewall which can be accessed by anonymous users.
In your config only /login is accessible (line: pattern: ^/login$).
Try to change anonymous: ~ to security: false in login_firewall section
Your login and login_check routes should be under the firewall you are using.
In other words, you have to remove/comment those 3 lines:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
#login_firewall:
# pattern: ^/login$
# anonymous: ~
secured_area:
pattern: ^/
provider: meu_provider
form_login:
login_path: login
check_path: login_check
logout:
path: logout
target: homepage
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_USER }
This line - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } - is enough for users being able to use login form without having a redirection loop.
i am using HWIOAuthBundle to integrate Facebook oAuth and when i update my schema i am getting following error
[Symfony\Component\Config\Definition\Exception\InvalidConfigurationException]
Unrecognized options "resource_owners" under "security.firewalls.oauth"
here is my security.yml and i really dont know what is this error
jms_security_extra:
secure_all_services: false
expressions: true
security:
providers:
fos_userbundle:
id: fos_user.user_provider.username
# administrators:
# entity: { class: NotificaHomeBundle:TbNotificaUser }
encoders:
"FOS\UserBundle\Model\UserInterface": sha512
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /login
check_path: /login_check
logout: true
anonymous: true
oauth:
resource_owners:
facebook: "/login/check-facebook"
oauth_user_provider:
#this is my custom user provider, created from FOSUBUserProvider - will manage the
#automatic user registration on your site, with data from the provider (facebook. google, etc.)
service: my_user_provider
oauth_token:
pattern: ^/oauth/v2/token
security: false
oauth_authorize:
pattern: ^/oauth/v2/auth
form_login:
provider: fos_userbundle
check_path: /oauth/v2/auth/login_check
login_path: /oauth/v2/auth/login
anonymous: true
# Add your favorite authentication process here
api:
pattern: ^/api
fos_oauth: true
stateless: true
anonymous: true # can be omitted as its default value
# admin_area:
# pattern: ^/xadmin
# http_basic: ~
access_control:
- { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/notifica/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: ^/xadmin/, role: ROLE_ADMIN }
- { path: ^/api, roles: [ IS_AUTHENTICATED_ANONYMOUSLY ] }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
Your identation is wrong. YAML files are based on identation.
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /login
check_path: /login_check
oauth:
resource_owners:
facebook: "/login/check-facebook"
google: "/login/check-google"
login_path: /login
failure_path: /login
oauth_user_provider:
#this is my custom user provider, created from FOSUBUserProvider - will manage the
#automatic user registration on your site, with data from the provider (facebook. google, etc.)
service: my_user_provider
I've got a wired problem with the symfony 2 security component. Due to the fact that the {{ app.user }} object is only available within the secured area, I set the firewall pattern to ^/. Now I want to "unsecured" some pages, like registration. I've tried this by using access_control but it doesn't work.
Here is my security.yml
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/account/login$
security: false
account_area:
pattern: ^/
form_login:
check_path: /account/login_check
login_path: /account/login
default_target_path: /account
remember_me:
key: blaBlubKey
lifetime: 3600
path: /
domain: ~
logout:
path: /account/logout
target: /
access_control:
#works
- { path: ^/backend, roles: ROLE_USER }
#works not
- { path: ^/registration, roles: IS_AUTHENTICATED_ANONYMOUSLY }
Thanks in advance!
Worth mentioning is that the best practice here is to use only one firewall with access_control for login page. Why? What would You do if the logged user tries to access the /login page? You won't be able to check in controller if he is authenticated and redirect him, because the user will be authenticated to your main firewall, but not to the login firewall, as they are separate security systems.
Here is the security.yml that works great for me:
security:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: true
anonymous: ~
secured_area:
pattern: ^/
anonymous: ~
form_login:
login_path: /login
check_path: /login_check
always_use_default_target_path: true
default_target_path: /
logout:
path: /logout
target: /
providers:
main:
entity: { class: Core\UserBundle\Entity\User, property: username }
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_SUPERADMIN }
- { path: ^/user, roles: ROLE_USER }
- { path: ^/, roles: IS_AUTHENTICATED_FULLY }
USe anynymous directive in account_area:
account_area:
pattern: ^/
anonymous: ~