I am new to symfony, and now I get an exception:
The routing file "/Users/alex/myProjectName/src/Custom/CMSBundle/Resources/config/routing.yml" contains unsupported keys for "logout": "pattern". Expected one of: "resource", "type", "prefix", "path", "host", "schemes", "methods", "defaults", "requirements", "options", "condition" in /Users/alex/myProjectName/src/Custom/CMSBundle/Resources/config/routing.yml (which is being imported from "/Users/alex/myProjectName/app/config/routing.yml").
The online linter says this line isn't correct:
found unexpected ':' while scanning a plain scalar at line 18 column 24):
user_db:
entity: { class: CustomCMSBundle:User, property: username }
security:
encoders:
Symfony\Component\Security\Core\User: plaintext
Custom\CMSBundle\Entity\User: bcrypt
role_hierarchy:
ROLE_ADMIN: [ROLE_USER]
providers:
chain_provider:
chain:
providers: [in_memory, user_db]
in_memory:
memory:
users:
admin: { password: adminpass, roles: ROLE_ADMIN }
user_db:
entity: { class: CustomCMSBundle:User, property: username }
firewalls:
main:
pattern: /.*
form_login:
login_path: /login
check_path: /login_check
default_target_path: /
logout:
path: /logout
target: /
security: true
anonymous: true
access_control:
- { path: /login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /cms/user, roles: ROLE_ADMIN }
- { path: /.*, roles: IS_AUTHENTICATED_ANONYMOUSLY }
maybe try
user_db:
entity: { class: Custom\CMSBundle\Entity\User, property: username }
instead of
user_db:
entity: { class: CustomCMSBundle:User, property: username }
Related
I was trying to restrict access to the / path for the ROLE_USER, but when it redirects once to the login page, it keeps doing it and I get this :
ERR_TOO_MANY_REDIRECTS
Here's my security.yaml :
security:
encoders:
App\Entity\User:
algorithm: bcrypt
providers:
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: true
guard:
authenticators:
- App\Security\UserAuthenticator
form_login: true
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/, roles: ROLE_USER }
# - { path: ^/profile, roles: ROLE_USER }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
Here's my SecurityController :
/**
* #Route("/login", name="app_login")
*/
public function login(AuthenticationUtils $authenticationUtils): Response
{
// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('security/login.html.twig', ['last_username' => $lastUsername, 'error' => $error]);
}
I had to add this to security.yml :
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
I use UserBundle and HWIO for social network, but If user have not socials I create custom registration, when user have email and password for email I try authentication but have many error last error:
Error: User account is disabled.
I don’t know how to be tune service.yml and HWIO still work and standart authentication help please
And know not working enter with HWIO:
Unable to find the controller for path "/login/check-vkontakte". The route is wrongly configured.
with this work fine security:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
my_custom_hwi_provider:
id: app.provider.user_provider
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
oauth:
resource_owners:
facebook: "/login/check-facebook"
vkontakte: "/login/check-vkontakte"
login_path: /login
failure_path: /login
oauth_user_provider:
#this is my custom user provider, created from FOSUBUserProvider - will manage the
#automatic user registration on your site, with data from the provider (facebook. google, etc.)
service: app.provider.user_provider
logout: true
anonymous: true
login:
pattern: ^/login$
security: false
remember_me:
key: "%secret%"
lifetime: 60 # 365 days in seconds
path: /
domain: ~ # Defaults to the current domain from $_SERVER
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
this my security
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
PillsBundle\Entity\User:
algorithm: sha1
encode_as_base64: false
iterations: 1
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
my_custom_hwi_provider:
id: app.provider.user_provider
chain_provider:
chain:
providers: [user_db, in_memory]
user_db:
entity: { class: UserBundle\Entity\User, property: email }
in_memory:
memory:
users:
admin_tyty: { password: adminpass_tyty, roles: [ 'ROLE_ADMIN' ] }
firewalls:
admin_secured_area:
pattern: /(.*)
anonymous: ~
form_login:
provider: chain_provider
login_path: /auth/login
check_path: /auth/login_check
always_use_default_target_path: true
default_target_path: /?r=db
logout:
path: /auth/logout
target: /
invalidate_session: false
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
#csrf_provider: form.csrf_provider
oauth:
resource_owners:
facebook: "/login/check-facebook"
vkontakte: "/login/check-vkontakte"
login_path: /login
failure_path: /login
oauth_user_provider:
#this is my custom user provider, created from FOSUBUserProvider - will manage the
#automatic user registration on your site, with data from the provider (facebook. google, etc.)
service: app.provider.user_provider
logout: true
anonymous: true
login:
pattern: ^/login$
security: false
remember_me:
key: "%secret%"
lifetime: 60 # 365 days in seconds
path: /
domain: ~ # Defaults to the current domain from $_SERVER
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
and my SecurityController Controller
/**
* #Route("/auth")
*/
class SecurityController extends Controller
{
/**
* #Route("/login", name="login_route")
* #Template()
*/
public function loginAction()
{
$request = $this->getRequest();
$session = $request->getSession();
$securityContext = $this->container->get('security.context');
if ( $securityContext->isGranted('IS_AUTHENTICATED_FULLY') ) {
return $this->redirect($this->generateUrl('get_all_posts'));
}
if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
$error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR);
} else {
$error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
$session->remove(SecurityContext::AUTHENTICATION_ERROR);
}
return array(
'_last' => $session->get(SecurityContext::LAST_USERNAME),
'error' => $error,
);
}
If you have override the registration controller then Just enable the user in FOSUserBundle > RegistrationController class
If not then have a look in to this doc.
http://symfony.com/doc/current/bundles/FOSUserBundle/overriding_controllers.html
RegistrationController extends BaseController
{
public function registerAction(Request $request)
{
/** #var $formFactory \FOS\UserBundle\Form\Factory\FactoryInterface */
$formFactory = $this->get('fos_user.registration.form.factory');
/** #var $userManager \FOS\UserBundle\Model\UserManagerInterface */
$userManager = $this->get('fos_user.user_manager');
/** #var $dispatcher \Symfony\Component\EventDispatcher\EventDispatcherInterface */
$dispatcher = $this->get('event_dispatcher');
$user = $userManager->createUser();
$user->setEnabled(true);
}
I'm following few tutorials along with the documentation, but I can't make my provided user in security.yml to log in. Here is my YML file that provides a username called user and a password userpass, as a simply user.
security:
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
encoders:
Symfony\Component\Security\Core\User\User: sha512
providers:
in_memory:
memory:
users:
user: { password: userpass, roles: ROLE_ADMIN }
firewalls:
secured_area:
anonymous: ~
pattern: ^/
form_login:
check_path: /login_check
login_path: /login
logout:
path: /logout
target: /
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
access_control:
- { path: ^/new, roles: ROLE_ADMIN }
- { path: ^/create, roles: ROLE_ADMIN }
- { path: ^/edit, roles: ROLE_ADMIN }
- { path: ^/delete, roles: ROLE_ADMIN }
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
The loginAction is the same from the official documentation:
public function loginAction()
{
$authUtils = $this->get('security.authentication_utils');
$error = $authUtils->getLastAuthenticationError();
$lastUsernme = $authUtils->getLastUsername();
return $this->render('UserBundle:Login:login.html.twig', array(
'last_username' => $lastUsernme,
'error' => $error
));
}
I don't know what else I should paste here because every view, controller and route works perfectly. The only issue is that whenever I try to log in with that user and password the "BAD CREDENTIALS" message is shown.
Just use plaintext encoder in order to be able to login with "userpass" (look at the example below)
or you can encode "userpass" to sha512 and replace "userpass" by the result
encoders:
Symfony\Component\Security\Core\User\User: plaintext
This shows you the full example.
You can just pay attention to SecurityController and the security.yml file in the example then work out what else you're missing in your application.
example security.yml
security:
encoders:
Symfony\Component\Security\Core\User\User:
algorithm: bcrypt
cost: 12
providers:
in_memory:
memory:
users:
basic:
password: $2a$12$Mnp6eUx1AJ5YABwmprcu/OHo21klIpQ/PA7D7PdKx5SA4urdav6/e #basic
roles: ROLE_USER
admin:
password: $2a$12$aRC0GRcjZS9bXfQYlpT8f.JkkrwuK0xZwKuoQ78i1CsErbHtriWLm #admin
roles: ROLE_ADMIN
super:
password: $2a$12$7SeyjOot3/3Ez1c0Dm8W0u/EenNEs8ykOl16D5aKkJkzLEq4lvXP2 #super
roles: ROLE_SUPER_ADMIN
firewalls:
dev:
pattern: ^/(_(profiler|wdt|error)|css|images|js)/
security: false
default:
anonymous: ~
http_basic: ~
form_login:
login_path: /login
check_path: /login
logout:
invalidate_session: true
path: /logout
target: /
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
access_control:
- { path: ^/backend/superadmin, role: ROLE_SUPER_ADMIN }
- { path: ^/backend/secret, role: ROLE_SUPER_ADMIN }
- { path: ^/backend, role: ROLE_ADMIN }
- { path: ^/country, role: ROLE_USER }
- { path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }
I'm trying to configure authentication on symfony2 with this configuration:
Security.yml
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
memory:
users:
user: { password: userpass, roles: [ 'ROLE_USER' ] }
admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
firewalls:
admin_area:
pattern: ^/admin
provider: in_memory
anonymous: ~
form_login:
login_path: login
check_path: login_check
logout:
path: /logout
target: /
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_ADMIN }
/src/MyBundle/Resources/Routing.yml
ies_cierva_encuesta_backend_admin:
pattern: /admin
defaults: { _controller: Bundle:Default:admin }
login:
pattern: /login
defaults: { _controller: Bundle:Login:login }
login_check:
pattern: /login_check
logout:
pattern: /logout
src/Bundle/Controller/LoginController.php
<?php
namespace ...
use ...
class LoginController extends Controller {
public function loginAction(Request $request) {
$session = $request->getSession();
if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
$error = $request->attributes->get(
SecurityContext::AUTHENTICATION_ERROR
);
} else {
$error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
$session->remove(SecurityContext::AUTHENTICATION_ERROR);
}
return $this->render(
'Bundle:Security:login.html.twig',
array(
// last username entered by the user
'last_username' => $session->get(SecurityContext::LAST_USERNAME),
'error' => $error,
)
);
}
}
I'm getting this error:
"Unable to find the controller for path "/login_check". Maybe you forgot to add the matching route in your routing configuration?"
If I'm not wrong, this route doesn't need a Controller...
In http://symfony.com/doc/current/book/security.html, it is mentioned that
"Make sure that your check_path URL (e.g. /login_check) is behind the firewall you're using for your form login".
But the /login_check isn't behind the same firewall which you are using for form login.
firewalls:
admin_area:
pattern: ^/admin
provider: in_memory
anonymous: ~
form_login:
login_path: login
check_path: login_check
logout:
path: /logout
target: /
In the above configuration, pattern path "login_check" doesn't match "^/admin" pattern. Change the pattern accordingly to make it work.
I have a custom user provider, following the guide in:
http://symfony.com/doc/current/cookbook/security/custom_provider.html
All is working without errors, but I don't manage to access the restricted zone.
In my UserProvider class, I set $roles var to have array("ROLE_USER") and that's the permission I need to access route app/list, but when I go to app/list, Symfony redirects me to login again and again.
I've seen the debug toolbar and it results:
Username anon.
Authenticated? yes
Roles { }
Token class Symfony\Component\Security\Core\Authentication\Token\AnonymousToken
My security.yml file is:
security:
firewalls:
secured_area:
pattern: ^/
anonymous: ~
form_login: ~
http_basic:
realm: "Secured Demo Area"
form_login:
provider: webservice
login_path: login
check_path: login_check
always_use_default_target_path: true
default_target_path: listado_actas
logout:
path: logout
target: login
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
providers:
webservice:
id: webservice_user_provider
encoders:
Symfony\Component\Security\Core\User\User: plaintext
Actas\Gestion\UserBundle\Security\User\WebServiceUser:
id: my.encoder.service
My UserProvider class looks like the following. I just call an XML service that gives me a TOKEN that I will store in my UserClass:
public function loadUserByUsername($username)
{
$salt = "";
$roles = "";
// make a call to your webservice here
$password = $this->request->get('_password');
$xml_interface = new XMLInterfaceBundle();
$token = $xml_interface->requestLogin($username, $password);
if (strlen($token) > 10) {
$roles = array("ROLE_USER");
$salt = "";
return new WebserviceUser($username, $password, $salt, $roles, $token);
}
throw new UsernameNotFoundException(sprintf('Username "%s" does not exist.', $username));
}
This is my UserObject in DaoAuthenticationProvider::checkAuthentication()
Actas\Gestion\UserBundle\Security\User\WebserviceUser Object
(
[username:Actas\Gestion\UserBundle\Security\User\WebserviceUser:private] => 44886706X
[password:Actas\Gestion\UserBundle\Security\User\WebserviceUser:private] => 44886706XkCrDP
[salt:Actas\Gestion\UserBundle\Security\User\WebserviceUser:private] =>
[roles:Actas\Gestion\UserBundle\Security\User\WebserviceUser:private] => Array
(
[0] => ROLE_ADMIN
)
[my_token:Actas\Gestion\UserBundle\Security\User\WebserviceUser:private] =>
)
This is my routing.yml:
xml_interface:
resource: "#XMLInterfaceBundle/Resources/config/routing.yml"
prefix: /
actas:
resource: "#ActasBundle/Resources/config/routing.yml"
prefix: /
login:
pattern: /login
defaults: { _controller: UserBundle:Default:login }
login_check:
pattern: /login_check
logout:
pattern: /logout
Just try to set the Role_hierarchy as following:
security:
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
Don't forget to set the role of your User object as ROLE_ADMIN, for example, in order to match the role_hierarchy.