I want to include the logged in user's id to my logger.
So I have added a monolog.processor that adds the user id to the 'extra'-portion of the record, and added a custom format string that displays the id.
On my dev environment this works (mostly) as expected, but on the test environment it does not work at all, the TokenStorage always returns null on getToken().
There are no specific security configs for dev or test. The biggest differences between the configs is this part:
framework:
test: ~
session:
storage_id: session.storage.mock_file
profiler:
collect: false
I have add this to my dev config but could not reproduce the symptoms. I can only reproduce by making symfony think it really is in test.
To be honest, I don't even know where to begin to debug this.
Any ideas what might be causing this behaviour?
Any ideas how I could debug this so I can get to an answer?
In order to have a token you should be inside on of the symfony firewalls.
If any of the firewalls aren't matched by the URI, symfony security is not triggered and you will not have a token.
If it is a public area allow anonymous users from root '/*' and use ACL for the rest of the URI (or actions). Anonymous users will have the role IS_AUTHENTICATED_ANONYMOUSLY
# app/config/security.yml
security:
firewalls:
main:
pattern: ^/
anonymous: ~
Documentation:
http://symfony.com/doc/current/security.html
I'm developing authentication system with Guard+JWT, and I used this as a reference. Everything seems to be working. But now I'm facing one problem. When I fist try to access secure resource with generated token, I can able to access it but if I again try to access it gives me an error says
here is no user provider for user "AppBundle\Document\User
It's like odd even, First request works second not third works and so on.
Do you have something like this in your security.yml file?
providers:
user_db:
mongodb: {class: AppBundle\Document\User, property: username}
Also, you need to put your provider in the firewall section:
firewalls:
main:
provider: user_db
I followed the documentation, and this is how my code is organized:
src/Company/AuthBundle/Security/ApiKeyAuthenticator.php
src/Company/AuthBundle/Security/ApiKeyUserProvider.php
(they are the same as sample classes in doc)
# File: services.yml
apikey_authenticator:
class: Company\AuthBundle\Security\ApiKeyAuthenticator
public: false
# File: security.yml
firewalls:
api:
pattern: ^/api
stateless: false
simple_preauth:
authenticator: apikey_authenticator
provider: fos_userbundle
security: false
anonymous: true
And now, If I try to access e.g. http://symfony-project.dev/api?apikey=somekey, I got the following error:
No route found for "GET /api"
Any idea what's wrong?
The error message is fairly clear really - you haven't defined a route for a GET request for '/api'.
The security component you've configured takes care of authentication and granting access, but it does not control any logic specific to your application. You must create a controller and a route for requests like this.
You can see your currently defined routes with $ php app/console debug:router - if you've tried to define a route, that will help you debug it. If not, you must create one.
I'm using Symfony for a project and I have been trying to get the login to work on production server with no success for the past 2 days. I keep getting the error
Authentication request could not be processed due to a system problem.
I have followed the guide here (http://symfony.com/doc/current/cookbook/security/entity_provider.html) to setup loading users from database.
My security.yml file:
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
Acceptme\UserBundle\Entity\User: plaintext
role_hierarchy:
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
memory:
users:
patricia:
password: patricia
roles: 'ROLE_ADMIN'
users:
name: user_provider
entity: { class: AcceptmeUserBundle:User, property: username }
firewalls:
user_area:
pattern: ^/
anonymous: ~
provider: user_provider
form_login:
login_path: login_route
check_path: _login_check
default_target_path: homepage
dev:
pattern: ^/(_(profiler|wdt|error)|css|images|js)/
security: false
default:
anonymous: ~
http_basic: ~
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
My SecurityController.php:
namespace AppBundle\Controller;
use Symfony\Component\HttpFoundation\Request;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
use Symfony\Component\Security\Core\SecurityContext;
class SecurityController extends Controller
{
/**
* #Route("/login", name="login_route")
* #Template("security/login.html.twig")
*/
public function loginAction(Request $request)
{
if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
$error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR);
} else {
$error = $request->getSession()->get(SecurityContext::AUTHENTICATION_ERROR);
}
return array(
'last_username' => $request->getSession()->get(SecurityContext::LAST_USERNAME),
'error' => $error,
);
}
/**
* #Route("/login_check", name="_login_check")
*/
public function securityCheckAction()
{
// this controller will not be executed,
// as the route is handled by the Security system
}
}
I have tried uploading the project on 2 different web hosts (FatCow & GoDaddy) and the problem remains. Locally i am using PHP 5.4.19 (FatCow uses 5.3.2 and GoDaddy uses 5.4.37). Keep in mind that when working on localhost with XAMPP everything works fine!
I've confirmed that PDO is enabled in both cases. I've confirmed that the database username, password and host are correct in the parameters.yml file. Error logs on both local and remote servers show nothing.
I have followed all directions from this previous post Deploying Symfony2 app getting fosuserbundle errors and still no success.
It looks like that the error:
Authentication request could not be processed due to a system problem.
is too generic and does not tell anything about where the problem is (there is an issue opened about this matter here).
I solved my issue by checking the logs and see what happened (in var/logs/dev.log), hoping this helps someone.
In my specific case, there was a wrong parameter in parameters.yml about database connection. But, again, the error is too generic and does not necessarily imply that the problem is related with database connection.
This problem can be fixed running command: php bin/console cache:clear --env=prod --no-debug
UPDATE: Issue solved. The issue was that a table in the entity php file was named with upper case letters while the database table was named with lower case. +1 to ClémentBERTILLON for pointing in the right direction, namely prod.log
AS #ShinDarth mention it. It is too generic and log inspection will help people in our case to get throught this.
If it can help in my situation it was :
After an SonataUserBundle installation in SF3, I had to
bin/console doctrine:schema:update --force
My context is particular, I have had already installed and used FOSUserBundle before to install SonataUserBundle. (Because of SF3 compatibility with FOSUser/SonataUSer...
Database have been taken 16 queries after that. Working great.
You probably used the template given by Symfony docs here :
{% if error %}
<div class="alert alert-danger">{{ error.messageKey|trans(error.messageData, 'security') }}</div>
{% endif %}
Which actually gives you this error message. The most simple and reliable way to fix this issue is to replace this line by the following :
<div class="alert alert-danger">{{ error }}</div>
Which will give you the full stack-trace for your error and (hopefully) help you debug your application. Don't forget to revert this before going to production!
In my case, I changed user entity and then I forgot to update table.
for table update:
php bin/console doctrine:schema:update --force
Currently there is a bug in Symfony and on production IF during authentication system error occurs (missing table, missing column or any other exception) - it's logged as INFO instead of ERROR and with default error logging options it's not logged at all.
https://github.com/symfony/symfony/pull/28462
I think there are two options right now - temporary log everything (including INFO) on production until you find the real error.
Second option: use this patch or debug directly on production.
I'm sure that this error is too generic. In my case, The follow is incorrect:
class: App/Entity/User;
Correction:
class: App\Entity\User;
This solution is correct for me: https://stackoverflow.com/a/39782535/2400373
But If you do not have access to the terminal, you can enter the server and delete the folders that are inside var/cache.
Another solution if you have access to the console is to type
#rm -rf var/cache/*
or
$sudo rm -rf var/cache/*
this solution works on symfony 3
In my case the issue was fixed by correcting a typo in connection details in the .env file.
Another possible cause could be MySQL Server. In my case I forgot to start MAMP / MySQL Server and Symfony resulted with this message.
It's a bug on Symfony 5.3 that happens only on the Internet server. On my local server, no problem. Try to downgrade to 4.5 or 5.0. Then try the authentication again. In my case, the token to authenticate the user can't create and is unable to make a query to the database to validate that the user password is correct.
To extend on answer given by gogaz, Symfony's security bundle doesn't seem to be logging these errors by default as (I guess) it's assumed they will be authentication issues.
It might be worth it to inject a logger into your action and (conditionally) log the errors.
public function loginAction(AuthenticationUtils $authenticationUtils, LoggerInterface $logger): Response
{
if (($error = $authenticationUtils->getLastAuthenticationError()) && ($error instanceof AuthenticationServiceException)) {
$logger->critical($error->getMessage(), $error->getTrace());
}
...
}
Do note that you might have to extend the logging if your security implementation can throw other error types you may want to log.
After struggling all day with a simple taks for Symfony 2 with no luck, I decided to ask you guys for a solution.
Here is the problem: I would like to make a http_basic authentication using doctrine, so users would be prompted to enter username/password which are kept in a database.
So, I followed these steps:
1) Created a new entity called User with the interactive console generator.
This is how it looks like:
http://pastebin.com/3RzrwFzL
2) As stated in the documentation I have implemented UserInterface and added the 4 missing methods. Now the entity looks like this:
http://pastebin.com/Epw3YrwR
3) I have modified the security.yml as little as possible to make it work, and it looks like this:
http://pastebin.com/tp6Gd7t7
I cleared the cache and tried to access app_dev.php/admin and of course I get the same error all day:
There is no user provider for user "Symfony\Component\Security\Core\User\User".
500 Internal Server Error - RuntimeException
Can anyone tell me where is the problem?
I have tried this thousand different ways and weirdly it worked for a moment, but when I tried to add sha1 as encoder algorithm instead of plaintext, and cleared the cache, I came back to the same error.. since then I get nothing else but it. It is like if there is a hidden cache that is being erased whenever symfony decides :D
I think the error might also be in the 4 methods of the entity, but I cannot fix them since there is no documentation about what should they do.
I am currently using RC4.
Thanks in advance, hope someone will help.
I had this problem once.
It was because I was logged with a user from the previous provider (in_memory). Had to restore the in_memory part, logout and then put the new provider.
My guess:
The info of the user was in the session and it couldn't acces it since we took it off the security.yml
Had the same problem. It seems that this works. I will only use it in the development process later on i will find a solution.!
security:
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
chain_provider:
providers: [in_memory, user_db]
in_memory:
users:
cheese: { password: olo, roles: ROLE_ADMIN }
user_db:
entity: { class: Abc\BaseBundle\Entity\User, property: username }
encoders:
Symfony\Component\Security\Core\User\User: plaintext
Abc\BaseBundle\Entity\User: plaintext
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
panel:
pattern: ^/(panel|login_check)
anonymous: ~
form_login:
login_path: /login
check_path: /login_check
default_target_path: /panel/
logout:
path: /logout
target: /
for me problem occured in dev environment. It happened because I has active session from other project.
Cleaning browser cookies helped.
You could save yourself the headache and try the friends of symfony UserBundle.
At the very least looking at that bundle will help you learn and fix your own code. It has plenty of well written code/examples.