I configured the FOSUserBundle for my symfony bundle (following the cookbook http://symfony.com/doc/1.3.x/bundles/FOSUserBundle/index.html).
When I try to access the login page I get this error:
You are not allowed to define new elements for path "security.firewalls". Please define all elements for this path in one config file.
my seurity.yml file is:
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: security.csrf.token_manager # Use form.csrf_provider instead for Symfony <2.4
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
I can't understand what's the problem, any suggestion?
Thanks in advance
the first problem I see is an indentation problem in your yaml security file :
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: security.csrf.token_manager # Use form.csrf_provider instead for Symfony <2.4
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
Check carefully documentation available at https://symfony.com/doc/master/bundles/FOSUserBundle/index.html, check routes, clear cache and you're normally done ;)
Feel free to come back here if any other problems is encountered.
Best Regards.
Related
This is my file security.yml:
security:
encoders:
H360\generalBundle\Entity\UsrUsuarios:
id: usuarios.password_encoder
providers:
usuarios:
entity: { class: H360\generalBundle\Entity\UsrUsuarios}
firewalls:
angular_area:
pattern: ^/[a-zA-Z]{2}/.*/.*/rest/
#provider: entity_admin
anonymous: ~
logout_on_user_change: true
secured_area:
pattern: ^/[a-zA-Z]{2}/
user_checker: app.users.checker
anonymous: ~
logout_on_user_change: true
guard:
authenticators:
- app.login.authenticator
- app.card.authenticator
- app.google.authenticator
entry_point: app.login.authenticator
logout:
path: usuarios_logout
target: /
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/([a-zA-Z]\d*.\d*)/extrest/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/([a-zA-Z]\d*.\d*)/restablelink/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/([a-zA-Z]\d*.\d*)/resturnocomedor/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/([a-zA-Z]\d*.\d*), roles: ROLE_USER}
So, when i upgrade to symfony 3.4, i can't do login.
I have been reading about this, but i don't know the solution ;(
When i try to log in, the page reloads itself and no error appears.
Help pls !
Solvented !!! Finally, it was a problem with the function "supports()" in my LoginAuthenticator.php. This function has to return false.
I think I could be wrong about my security.yaml code.
I get an error:
> No encoder has been configured for account "ProjectBundle\Base\Entity\User".
Can someone please tell me if there is a mistake. I could not find any..
security:
encoders:
ProjectBundle\Base\Entity\User\User: bcrypt
role_hierarchy:
ROLE_ADMIN: [ROLE_USER, ROLE_SHOP_ADMIN]
ROLE_SUPER_ADMIN: ROLE_ADMIN
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
users:
entity:
class: ProjectBundle/Base/Entity/User/User
property: username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
api:
pattern: ^/api
stateless: true
guard:
authenticators:
- ProjectBundle\Base\Security\ApiAuthenticator
anonymous: true
admin_api:
pattern: ^/admin/api
stateless: true
guard:
authenticators:
- ProjectBundle\Base\Security\ApiAuthenticator
anonymous: true
main:
anonymous: true
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/member/password_reset, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/member/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/user/wallet, role: ROLE_USER }
- { path: ^/member, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
If you follow Symfony documentation : https://symfony.com/doc/current/security/named_encoders.html
You have a mistake after security: you need add an indentation for encoders:
Example
security:
encoders:
ProjectBundle\Base\Entity\User\User: bcrypt
I have got a v weird issue with one of my symfony ( 2.8) apps, out of nowhere the login just stopped working, submitting the login form just brought me back to login page again, no bad credentials error and no system issue warning.
I looked at my cookies in the browser , as this worked in incognito mode, and i had 2 PHPSESSID, is this normal? removing the cookies allowed me to log in again with no issue. am trying to get to the bottom of how to reproduce this as its not something i want to go into my production env
here is the current security yml:
security:
acl:
connection: default
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_USER: ROLE_USER
ROLE_CLIENT_PROGRAMME_ADMIN: ROLE_CLIENT_PROGRAMME_ADMIN
ROLE_ADMIN: ROLE_PROGAMME_ADMIN
ROLE_SUPER_ADMIN: ROLE_SUPER_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
oauth_token:
pattern: ^/oauth/v2/token
anonymous: true
api:
pattern: ^/api
fos_oauth: true
stateless: true
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: security.csrf.token_manager # Use form.csrf_provider instead for Symfony <2.4
success_handler: auth.service.redirect.after.login
logout: true
anonymous: true
access_control:
- { path: ^/oauth/v2/token, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/user/password/reset$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/docs$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/$, roles: [ROLE_USER] }
- { path: ^/client, roles: [ROLE_CLIENT_PROGRAMME_ADMIN, ROLE_ADMIN, ROLE_SUPER_ADMIN] }
- { path: ^/portal, roles: [ROLE_ADMIN, ROLE_SUPER_ADMIN] }
- { path: ^/admin, roles: [ROLE_ADMIN, ROLE_SUPER_ADMIN] }
- { path: ^/, roles: [SECTION_CHECK, ROLE_PROGAMME_ADMIN, ROLE_SUPER_ADMIN] }
My access control doesn't work. When I'm anonymous, I can access to the url /admin, or normally it's must be impossible.
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
default_target_path: liste_projet
always_use_default_target_path: true
login_path: /
# if you are using Symfony < 2.8, use the following config instead:
# csrf_provider: form.csrf_provider
logout: true
anonymous: ~
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/inscription, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
Do you have an idea? A bad configuration of me? I'm using symfony3
Change
- { path: ^/admin/, role: ROLE_ADMIN }
to
- { path: ^/admin, role: ROLE_ADMIN }
Otherwise when you request the /admin page, the path won't match with the first one.
I'm using SF2 together with FOS user bundle.
security:
providers:
fos_userbundle:
id: fos_user.user_provider.username
encoders:
FOS\UserBundle\Model\UserInterface: sha512
firewalls:
dev:
pattern: ^/(_(profiler|wdt|error)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: false
access_control:
- { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
If I set my main: anonymous: false to true, I no longer get a redirect loop, but then people don't need to be logged in to access everything (which they should be!)
I think the access_control has an entry for the ^/login route so that people don't need to be authenticated, but I suspect it doesn't work.
With this statement:
anonymous: false
this is no longer valid:
- { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
Therefore the framework can't redirect to the login which causes the redirect loop (FOS needs anonymous to be true in order to work properly)... I don't know if it works but you could try to set
{ path: ^/*, role: ROLE_USER }
as the first or last line of the assetic control,... no guarantee it works, this is would I would try in order to create the result you are looking for