I switched to my prod environemnt today and started testing. Everything is working great with my admin user. The problem is when I switch to another user, that has a role PROVIDER. This user is only able to add products or import them in admin panel. However, when I go to admin dashboard I get these errors:
Warning: Missing argument 1 for Sonata\AdminBundle\Admin\Admin::__construct(), called in C:\wamp\www\karpedeal_b2c\vendor\ed\blog-bundle\Security\Authorization\Voter\ArticleVoter.php on line 37 and defined in C:\wamp\www\karpedeal_b2c\app\cache\prod\classes.php on line 5473
No idea whats going on since in DEV environment everything works. I can login with provider user, import products etc... in prod, i cant.
For some reason it is trying to access somethin in the blog bundle, however this user does not have any rights to blogs... What is the problem then?
role_hierarchy:
ROLE_PROVIDER: [ROLE_USER, ROLE_SONATA_PROVIDER]
ROLE_ADMIN: [ROLE_USER, ROLE_SONATA_PROVIDER, ROLE_SONATA_ADMIN, ROLE_BLOG_USER, ROLE_BLOG_ADMIN]
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
ROLE_SONATA_PROVIDER:
- ROLE_MP_SHOP_ADMIN_PRODUCT_LIST
- ROLE_MP_SHOP_ADMIN_PRODUCT_VIEW
- ROLE_MP_SHOP_ADMIN_IMPORTER_LIST
- ROLE_MP_SHOP_ADMIN_IMPORT_SCHEMA_CREATE
- ROLE_MP_SHOP_ADMIN_IMPORT_SCHEMA_LIST
SONATA:
- ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT # if you are using acl then this line must be commented
ROLE_SONATA_EMPLOYEE:
- ROLE_MP_SHOP_ADMIN_PRODUCT_LIST
- ROLE_MP_SHOP_ADMIN_PRODUCT_VIEW
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
admin:
pattern: /admin(.*)
context: user
form_login:
provider: fos_userbundle
login_path: /admin/login
use_forward: false
check_path: /admin/login_check
failure_path: null
logout:
path: /admin/logout
anonymous: true
main:
pattern: ^/
context: user
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /login
#use_forward: false
check_path: fos_user_security_check
#failure_path: null
always_use_default_target_path: false
default_target_path: profile
logout:
path: fos_user_security_logout
oauth:
resource_owners:
facebook: "/login/check-facebook"
login_path: /login
failure_path: /login
oauth_user_provider:
service: my_user_provider
anonymous: true
default:
anonymous: ~
# activate different ways to authenticate
access_control:
# URL of FOSUserBundle which need to be available to anonymous users
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Admin login page needs to be access without credential
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Secured part of the site
# This config requires being logged for the whole site and having the admin role for the admin part.
# Change these rules to adapt them to your needs
- { path: ^/admin/, role: [ROLE_PROVIDER, ROLE_ADMIN, ROLE_SONATA_ADMIN, ROLE_SONATA_PROVIDER] }
- { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
acl:
connection: default
UPDATE:
When changing AppKernel $kernel = new AppKernel('prod', true);everything works, so the debugger is causing the problems? How can that be?
Related
i created this website and used FOS_user bundle as user Manager, while developing the application everything worked fine, i can log in and register and everything on local machine using wampserver, but when i uploaded it to a hosting server the problem started, i can login on admin.domain on both dev and prod environments but not on www.domain, i get www.domain/login_check and "this page isn't working" any help will be appreciated
security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
# https://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
user_checker: security.user_checker
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
check_path: fos_user_security_check
csrf_token_generator: security.csrf.token_manager
# default_target_path: homepage
# always_use_default_target_path: true
logout:
path: fos_user_security_logout
target: homepage
anonymous: true
http_basic: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/ar/admin/, role: ROLE_ADMIN }
- { path: ^/en/admin/, role: ROLE_ADMIN }
- { path: ^/fr/admin/, role: ROLE_ADMIN }
after 3 days of trying to figure this out and after trying every possible solution turns out it's a server problem, they needed to add permission to access user table from www.domain
I'm creating a website with Symfony 2.8 and FOSUserBundle for authentication.
I want the website to be public to anyone, and the back-office (with the prefix /admin) to be accessed after login authentication.
I just keep getting the error:
The check_path "/login_check" for login method "form_login" is not
matched by the firewall pattern "^/admin/(.*)".
My app/config/security.yml looks like:
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
admin:
pattern: ^/admin/(.*)
form_login:
provider: fos_userbundle
login_path: /login
check_path: /login_check
always_use_default_target_path: false
default_target_path: /admin
logout:
path: /logout
target: /login
anonymous: true
main:
anonymous: ~
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
#- { path: ^/login_check, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
I know there's something wrong in the form_login, but I just can't really grasp it...
PS: Similar questions have been asked, but without great answers (or answers that work for me, for that matter).
I think your pattern need to be like that :
admin:
pattern: ^/admin/
I use SonataAdminBundle, but I have a some trouble. When I log as admin and then loging put, I still can acces to dashboard panel, and in profile displays like I am authenticated as admin. What I am doing wrong and how I can solve this issue ? Thanks!
Configure security.yml:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: [ROLE_USER, ROLE_SONATA_ADMIN]
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
SONATA:
- ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT # if you are using acl then this line must be commented
providers:
fos_userbundle:
id: fos_user.user_manager
firewalls:
# Disabling the security for the web debug toolbar, the profiler and Assetic.
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# -> custom firewall for the admin area of the URL
admin:
pattern: /admin(.*)
context: user
form_login:
provider: fos_userbundle
login_path: /admin/login
use_forward: false
check_path: /admin/login_check
failure_path: null
default_target_path: /admin/dashboard
logout:
path: /admin/logout
target: /admin/login
anonymous: true
# -> end custom configuration
# default login area for standard users
# This firewall is used to handle the public login area
# This part is handled by the FOS User Bundle
main:
pattern: .*
context: user
form_login:
provider: fos_userbundle
login_path: /login
use_forward: false
check_path: /login_check
failure_path: null
logout: true
anonymous: true
access_control:
# URL of FOSUserBundle which need to be available to anonymous users
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Admin login page needs to be access without credential
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Secured part of the site
# This config requires being logged for the whole site and having the admin role for the admin part.
# Change these rules to adapt them to your needs
- { path: ^/admin/, role: [ROLE_ADMIN, ROLE_SONATA_ADMIN] }
- { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
Regards.
I developped my first site with symfony, so maybe I'm having a really obvious problem.
I had no problem on my local dev server, but since I send it to my live server and using app.php instead of app_dev.php, I am stuck in a redirect loop...
I looked over the internet and it seems that redirect loop are often caused by security.yml.
I'm using FOSUserBundle, maybe this is related ?!
Edit : Since everyone is pointing out the fact I'm using /admin as route for login may be one of the cause of my problem, I changed it to /admin/login but I still have the problem.
Maybe I should clarify some point. The website is in two part :
- a frontend, which can be accessible for everyone
- a backoffice in which you can find some CMS like page and some other stuff..., only accessible by login.
On every page, even when I'm trying to access the homepage, I'm stuck in that loop. I end up with the requested url followed by a bunch of ///////////////////// at the end.
Anyway, here is my new security.yml :
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
#in_memory:
# memory:
# users:
# user: { password: userpass, roles: [ 'ROLE_USER' ] }
# admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
fos_userbundle:
id: fos_user.user_manager
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/admin/login$
anonymous: true
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /admin/login
always_use_default_target_path: true
default_target_path: /admin/menu
logout: ~
anonymous: true
access_control:
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }
routing.yml :
mcr:
resource: "#McrBundle/Controller/"
type: annotation
prefix: /
fos_user_security:
resource: "#FOSUserBundle/Resources/config/routing/security.xml"
fos_user_security_login:
pattern: /admin/login
defaults: { _controller: FOSUserBundle:Security:login }
fos_user_security_check:
pattern: /admin/login_check
defaults: { _controller: FOSUserBundle:Security:check }
Any help will be greatly apreciated :)
Thanks a lot.
It likely has to do with how you have your routes setup;
access_control:
- { path: ^/admin$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
When you try and access /admin internally symfony redirects this to /admin/ and because your AC requires the role admin im guessing you are not logged in and want to be taken to your login page which im also guessing you have on /admin. Thus creating your non ending redirect loop.
I would recommend using /admin/login for your login route. You will need to update you routing.yml and security.yml
I think I found the issue. You need to define a separate firewall for the login path with anonymous access which is not shared with other firewalls:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
website:
pattern: ^/
security: false
anonymous: true
login:
pattern: ^/admin/login$
anonymous: true
main:
pattern: ^/admin
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /admin/login
always_use_default_target_path: true
default_target_path: /admin/menu
logout: ~
anonymous: true
access_control:
- { path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
I'm working on a project with Symfony2 where you must be logged to be able to see the website. I am using FOSUserBundle to create the member area. Here is the idea : if an anonymous comes to the website, I systematically redirect to the login page.
Here is my security.yml :
providers:
fos_userbundle:
id: fos_user.user_manager
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
realm: "Acces reserve"
login:
pattern: ^/(login$|register|resetting)
anonymous: true
main:
pattern: ^/
form_login:
provider: fos_userbundle
remember_me: true
remember_me:
key: %secret%
anonymous: true
logout: true
access_control:
- { path: ^/backoffice, roles: ROLE_ADMIN }
- { path: ^/, roles: ROLE_USER }
I think there is no reason for it not to work ; here is the problem now. I observed that I'm not logged the same in /login and in others areas. For example, if I log myself then I'm the user named "admin" with role "ROLE_USER" on the website BUT if I go then to /login, I'm logged as "anon" with no role at all.
Same problem but more boring: when a new user register, he's log on the /login page but not on the other pages... So he's always redirect to /login and the logout doesn't change anything. :/
Do you have an idea ?
Thanks !
P.S. : Is it possible to manually clean all sessions in Symfony2 ? 'cause I would like to be able to try other things but in Chrome I just can't do anything for now... I tryed clear the browser cache and cookies, clear Symfony cache, etc... Nothing changes, I'm still logged as "admin" on the /login page -_-
The thing is you specified the fos_userbundle provider only for main firewall, not for login and dev firewalls. So fos_userbundle isn't used for /login page at all.
The documentation says you should use this config:
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
remember_me: true
remember_me:
key: %secret%
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/backoffice, roles: ROLE_ADMIN }
- { path: ^/, roles: ROLE_USER }