I'm trying to implement a simple login and logout in my symfony app and in the documentation it says I need to create a route to the logout page. And there is a code like this:
# app/config/routing.yml
logout:
path: /logout
I'm trying to paste it into my app/config/routing.yml, so it looks like this:
# app/config/routing.yml
app:
resource: '#AppBundle/Controller/'
type: annotation
logout:
path: /logout
But I get an error
The file "(...)\app/config\routing.yml" does not contain valid YAML
I was searching through the documentation and couldn't find anythig that would help me solve it. I can't really understand how this routing configuration file works and why I get this error.
Suggest when making changes to any yaml file in a development environment, save the yaml first, make the change, then check for error messages. If you get error messages back them out.
Also set up your editor so that it points out things like tabs, spaces, etc... So it's easier to see right away.
Related
I am trying to create application in Symfony 2, to learn as much as I can, as beginner. First AppBundle which was created by default was easy. Second I created using create:bundle "ResultBundle", was a bit rough and I got "ClassNotFoundException" at first, but after some settings it worked again as expected.
Armed with not so deserved confidence, I tried to create third bundle "ClinicBundle" and then everything fell apart. Although I created routing.yml for new bundle, and set it correctly in AppKernel.php (link goes right to new class ClinicBundle.php), and set app/config/routing.yml correctly (same as for previous ResultBundle) and added the bundle to composer.json autoload, same as in previous bundle, I kept getting "ClassNotFoundException" for this ClinicBundle, like it can't be loaded in AppKernel.php though when I point to link in that row:
new ClinicBundle\ClinicBundle()
It goes smoothly to the right file. Every advice I have found online was already done and set correctly. Everything was in place but "ClassNotFoundException" kept on and it just wasn't working. I tried clear:cache also but same error popped up even then. I checked everything and it was all in place. routing files, paths, composer autoload. AppKernel...
Finally, I followed some ill advice from a forum and run some dump-autoload command which "generated autoload files" and everything after is much much worse. Now, I am getting long long FileLoaderLoadException error with many lines and main is this one:
Cannot load resource "#ClinicBundle/Resources/config/routing.yml". Make sure the "ClinicBundle/Resources/config/routing.yml" bundle is correctly registered and loaded in the application kernel class. If the bundle is registered, make sure the bundle path "#ClinicBundle/Resources/config/routing.yml" is not empty.
I have no idea what is wrong since bundle is registered in AppKernel and this routing file is not empty, it's like this:
clinic_homepage:
path: /clinic
defaults: { _controller: ClinicBundle:Default:index }
app:
resource: '#ClinicBundle/Controller/'
type: annotation
The same structure as previous ResultBundle which worked before all this happened. Also, the ResultBundle does not work anymore too, if I put it on top of routing.yml file in app/config same error happens but for ResultBundle. This is how app/config/rounting.yml file looks like:
clinic:
resource: "#ClinicBundle/Resources/config/routing.yml"
type: annotation
result:
resource: "#ResultBundle/Resources/config/routing.yml"
type: annotation
app:
resource: '#AppBundle/Controller/'
type: annotation
What happened? Does anyone know what is missing here? How do you add new bundle so that it does not report "ClassNotFound"? Thanks!
Just without type: annotation
clinic:
prefix: /some-prefix
resource: '#ClinicBundle/Resources/config/routing.yml'
I'm updating a project built with Symfony2.7 to Symfony4, everything is working fine and have good compatibility, but one thing that should be fine, a built-in resource, the security layer, doesn't work as expected.
The problem I'm facing is that I can't logout users anymore. I followed the steps on the guide but nothing changed.
Below is the security config:
#config/packages/security.yaml
security:
encoders:
App\Entity\Clients:
algorithm: bcrypt
providers:
app_user_provider:
entity:
class: App\Entity\Clients
firewalls:
app:
pattern: ^/
anonymous: ~
provider: app_user_provider
remember_me:
secret: "%kernel.secret%"
form_login:
use_referer: true
login_path: login
check_path: login_check
always_use_default_target_path: false
default_target_path: dashboard
csrf_token_generator: security.csrf.token_manager
logout:
path: logout
target: home
invalidate_session: false
The paths I'm using are route names, but also tried the path itself.
I can normally login any user, but when I hit the logout route, I'm just redirected to home route, but the user is still authenticated.
Tried to set a custom handler logout like:
logout:
handlers: [logout_handler]
It references to a service implementing Symfony\Component\Security\Http\Logout\LogoutHandlerInterface, but it didn't even call the handler.
It would be great if I could only use the default handler, and it's necessary to maintain the "remember_me" behavior, which was also working fine in 2.7.
Could anyone help me with that?
EDIT: My config routes.yaml is empty, 'cause I'm using annotation routes, the config/packages/routing.yaml is as follows:
framework:
router:
strict_requirements: ~
Just like when initialized with the composer create-project command.
And for the annotations config I have the file config/routes/annotations.yaml:
controllers:
resource: ../../src/Controller/
type: annotation
Again, it's the config the recipe created by itself.
You need remove logout action in your controller,
next add route to config/routes.yaml.
More info here.
https://symfony.com/doc/current/security.html#logging-out
I achieved the result of logging out by removing the REMEMBERME cookie with a **LogoutSuccessHandler* (reference).
I think of this as being an ugly workaround, but the result was satisfactory, as everything worked fine. But still don't know why it didn't worked automatically with the configs, also why I couldn't use a custom logout handler. If anyone comes up with better answer, I can mark it as the accepted answer.
If you follow the instructions at Symfony Security Logging Out, make sure you use the proper route name to get to /logout. I had to use 'app_logout' to actually get it to logout and I was not able to change that path name in the Security.yaml file without also modifying the controller annotations (see below). No controller needed. No custom handler needed (thank god).
After you configure logout, try running php bin/console debug:router to check the actual route to /logout.
The logout part of my Security.yaml looked like this:
logout:
path: app_logout
# where to redirect after logout
target: front
Based on instructions, I added an empty controller (if you want custom path names, you'll have to change the path names here plus add the change to Security.yaml):
<?php
//App/Controller/SecurityController.php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
class SecurityController extends AbstractController
{
/**
* #Route("/logout", name="app_logout")
*/
public function logout()
{
throw new \Exception('This method can be blank - it will be intercepted by the logout key on your firewall');
}
}
My call looked like this:
<a class="nav-link" href="{{ path('app_logout') }}">Logout</a>
I purchased an SSL certificate at OVH in order to have a URL https. They set me the certificate on my website but now, when I access using the https://www.shootandgo.fr , I get errors like
:net::ERR_SSL_UNRECOGNIZED_NAME_ALERT
and the images, the CSS files, and everything else are not found...
I use Symfony 2 and all my resources are on local, in the web directory of Symfony.
OVH has said "we need to tell Symfony2 to use HTTPS" but I do not see how... does anyone have a solution? Thank you in advance!
PS: Sorry for my English... I'm French ^^'
To make symfony2 work with HTTPS, you need to reference these sections in their manual:
http://symfony.com/doc/current/cookbook/routing/scheme.html
http://symfony.com/doc/current/cookbook/security/force_https.html
More information could be found by the links above, but generally speaking everything is defined in app configs:
secure:
path: /secure
defaults: { _controller: AppBundle:Main:secure }
schemes: [https]
and this:
# app/config/security.yml
security:
# ...
access_control:
- { path: ^/secure, roles: ROLE_ADMIN, requires_channel: https }
The said above was related to Symfony2 thing, which you was asking about.
But my guess is, that this error ERR_SSL_UNRECOGNIZED_NAME_ALERT belongs to the wrong server/certificate setup, not to specific framework you are using. You'd need to elaborate more, and to provide additional information to figure this out.
Well i have upload again my website on the server, and everything is normal now...I don't know why there was a problem on it las tt
I am developping a SF2 web-app which is fully behind a firewall: nobody shouldn't be able to see or modify anything before behing logged (except login form, of course).
So here is the firewall part of my security.yml file:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main_login:
pattern: ^/login$
anonymous: true
main:
pattern: ^/
anonymous: false
form_login:
login_path: fos_user_security_login
check_path: fos_user_security_check
logout:
path: fos_user_security_logout
target: /
This works fine: if I type the url http://mywebsite.com/app.php/article/show/1 while unlogged, I am forwarded to the login page.
My problem is that I have some documents and media files located in Symfony's web directory (e.g. myapp/web/document/myTextFile.txt). They are accessible via my app for logged users, but also for non-logged users!
Anybody who types http://mywebsite.com/app.php/document/myTextFile.txt can download the file...
Why doesn't the pattern: ^/ line prevent this? Is the web folder excluded by default because it contains app.php and js/and css/ folder?
How do I protect my documents?
Update: Display protected images
I tried the solution suggested by Gerry, it works fine to protect the download of my documents.
However, I also have pictures in my document folder and I would like to display these pictures, directly included in the relevant pages.
For example, in http://mywebsite.com/app.php/article/show/1 there will be some text and the picture myapp/app/Resources/document/AAA.jpg, and in http://mywebsite.com/app.php/article/show/2 there will be some text and the picture myapp/app/Resources/document/BBB.jpg, etc.
I tried to do it with Assetic but it seems that it is done for "static" images (like top logo, or images which are not object-dependent).
A solution I see is to convert the image in Base64 and include it like this : <img alt="" src="data:image/png;base64(...)" />, but it seems really ugly...
The web directory is your public root directory, being served by the webserver (Apache/Nginx/...).
By default any request to an existing file does not pass Symfony at all, so no firewall setting is going to prevent access to files residing in the web root.
The clean solution is to move these files to another directory, outside the webroot, for example app/Resources/uploads. Then you could write a Symfony controller for downloading these files.
I don't have a working installation of Symfony right now, but try to move your documents from web, if will firewall proceed.
Let me know the answer please, will try to find out a solution if it will not work, or if you will not be able to move those files in production.
I have a problem when I create a new view.
I've created a html.twig (validate.html.twig)
my routing.yml:
ads_fi_auth_validate:
pattern: /validate
defaults: { _controller: AdsFiAuthBundle:Auth:validate }
methods: [POST, GET]
and I created a validateAction
after all this I get a 404 for validate/ GET.
I think I need a command or something like that to tell symfony that I just create a new route to a new view
Thanks a lot guys
At least in Symfony 2.5 you specify the pattern, with the keyword path, not pattern so if you change your code to the following:
ads_fi_auth_validate:
path: /validate
defaults: { _controller: AdsFiAuthBundle:Auth:validate }
methods: [POST, GET]
You should be able to hit your route. That assuming that the bundle and the method exist.
A good way to find out if Symfony is recognizing your route, is by running the console command:
php app/console router:debug will list all available routes. There's no need (nor way) to let Symfony know that you just created a new route. Symfony automatically picks them up.
I just find that I need clear cache, and this solved my problem
php app/console cache:clear -e prod