I'm following few tutorials along with the documentation, but I can't make my provided user in security.yml to log in. Here is my YML file that provides a username called user and a password userpass, as a simply user.
security:
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
encoders:
Symfony\Component\Security\Core\User\User: sha512
providers:
in_memory:
memory:
users:
user: { password: userpass, roles: ROLE_ADMIN }
firewalls:
secured_area:
anonymous: ~
pattern: ^/
form_login:
check_path: /login_check
login_path: /login
logout:
path: /logout
target: /
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
access_control:
- { path: ^/new, roles: ROLE_ADMIN }
- { path: ^/create, roles: ROLE_ADMIN }
- { path: ^/edit, roles: ROLE_ADMIN }
- { path: ^/delete, roles: ROLE_ADMIN }
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
The loginAction is the same from the official documentation:
public function loginAction()
{
$authUtils = $this->get('security.authentication_utils');
$error = $authUtils->getLastAuthenticationError();
$lastUsernme = $authUtils->getLastUsername();
return $this->render('UserBundle:Login:login.html.twig', array(
'last_username' => $lastUsernme,
'error' => $error
));
}
I don't know what else I should paste here because every view, controller and route works perfectly. The only issue is that whenever I try to log in with that user and password the "BAD CREDENTIALS" message is shown.
Just use plaintext encoder in order to be able to login with "userpass" (look at the example below)
or you can encode "userpass" to sha512 and replace "userpass" by the result
encoders:
Symfony\Component\Security\Core\User\User: plaintext
This shows you the full example.
You can just pay attention to SecurityController and the security.yml file in the example then work out what else you're missing in your application.
example security.yml
security:
encoders:
Symfony\Component\Security\Core\User\User:
algorithm: bcrypt
cost: 12
providers:
in_memory:
memory:
users:
basic:
password: $2a$12$Mnp6eUx1AJ5YABwmprcu/OHo21klIpQ/PA7D7PdKx5SA4urdav6/e #basic
roles: ROLE_USER
admin:
password: $2a$12$aRC0GRcjZS9bXfQYlpT8f.JkkrwuK0xZwKuoQ78i1CsErbHtriWLm #admin
roles: ROLE_ADMIN
super:
password: $2a$12$7SeyjOot3/3Ez1c0Dm8W0u/EenNEs8ykOl16D5aKkJkzLEq4lvXP2 #super
roles: ROLE_SUPER_ADMIN
firewalls:
dev:
pattern: ^/(_(profiler|wdt|error)|css|images|js)/
security: false
default:
anonymous: ~
http_basic: ~
form_login:
login_path: /login
check_path: /login
logout:
invalidate_session: true
path: /logout
target: /
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
access_control:
- { path: ^/backend/superadmin, role: ROLE_SUPER_ADMIN }
- { path: ^/backend/secret, role: ROLE_SUPER_ADMIN }
- { path: ^/backend, role: ROLE_ADMIN }
- { path: ^/country, role: ROLE_USER }
- { path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }
Related
I was trying to restrict access to the / path for the ROLE_USER, but when it redirects once to the login page, it keeps doing it and I get this :
ERR_TOO_MANY_REDIRECTS
Here's my security.yaml :
security:
encoders:
App\Entity\User:
algorithm: bcrypt
providers:
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: true
guard:
authenticators:
- App\Security\UserAuthenticator
form_login: true
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/, roles: ROLE_USER }
# - { path: ^/profile, roles: ROLE_USER }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
Here's my SecurityController :
/**
* #Route("/login", name="app_login")
*/
public function login(AuthenticationUtils $authenticationUtils): Response
{
// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('security/login.html.twig', ['last_username' => $lastUsername, 'error' => $error]);
}
I had to add this to security.yml :
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
I'm starting with journey with Symfony.
At this I trying to secure my auth routes (I'm using FOSUserBundle) so I do:
access_control:
- { path: ^/logowanie$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/rejestracja, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetowanie-hasla, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/backstage/, role: ROLE_ADMIN }
- { path: ^/profile/, role: ROLE_USER }
However, I can always go to these routes whether I'm logged in or not.
Where is my bad?
# To get started with security, check out the documentation:
# https://symfony.com/doc/current/security.html
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
check_path: fos_user_security_check
login_path: fos_user_security_login
logout:
path: fos_user_security_logout
target: website.home
logout: true
anonymous: true
access_control:
- { path: ^/logowanie$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/rejestracja, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetowanie-hasla, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/backstage/, role: ROLE_ADMIN }
- { path: ^/profile/, role: ROLE_USER }
You should restrict access to logged-in users, now if a user is logged in, also has the role IS_AUTHENTICATED_ANONYMOUSLY, this is role hierarchy.
- { path: ^/logowanie$, role: IS_AUTHENTICATED_ANONYMOUSLY && !IS_AUTHENTICATED_FULLY }
You can use PUBLIC_ACCESS instead off IS_AUTHENTICATED_ANONYMOUSLY
access_control:
- { path: ^/logowanie$, roles: PUBLIC_ACCESS }
best regards ;)
I am new to symfony, and now I get an exception:
The routing file "/Users/alex/myProjectName/src/Custom/CMSBundle/Resources/config/routing.yml" contains unsupported keys for "logout": "pattern". Expected one of: "resource", "type", "prefix", "path", "host", "schemes", "methods", "defaults", "requirements", "options", "condition" in /Users/alex/myProjectName/src/Custom/CMSBundle/Resources/config/routing.yml (which is being imported from "/Users/alex/myProjectName/app/config/routing.yml").
The online linter says this line isn't correct:
found unexpected ':' while scanning a plain scalar at line 18 column 24):
user_db:
entity: { class: CustomCMSBundle:User, property: username }
security:
encoders:
Symfony\Component\Security\Core\User: plaintext
Custom\CMSBundle\Entity\User: bcrypt
role_hierarchy:
ROLE_ADMIN: [ROLE_USER]
providers:
chain_provider:
chain:
providers: [in_memory, user_db]
in_memory:
memory:
users:
admin: { password: adminpass, roles: ROLE_ADMIN }
user_db:
entity: { class: CustomCMSBundle:User, property: username }
firewalls:
main:
pattern: /.*
form_login:
login_path: /login
check_path: /login_check
default_target_path: /
logout:
path: /logout
target: /
security: true
anonymous: true
access_control:
- { path: /login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /cms/user, roles: ROLE_ADMIN }
- { path: /.*, roles: IS_AUTHENTICATED_ANONYMOUSLY }
maybe try
user_db:
entity: { class: Custom\CMSBundle\Entity\User, property: username }
instead of
user_db:
entity: { class: CustomCMSBundle:User, property: username }
I know that it is a common thing but I can't find what mistake I'm doing and I'm getting crazy.
I can't login by a login form, when I submit the form, it returns to itself without error and not authenticated.
Thanks in advance!
Here is my security.yml
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
#Cityincheck\AppBundle\Entity\User:
#algorithm: bcrypt
#cost: 12
role_hierarchy:
ROLE_ADMIN: ROLE_USER
providers:
in_memory:
memory:
users:
ryan:
password: ryanpass
roles: 'ROLE_USER'
admin:
password: kitten
roles: 'ROLE_ADMIN'
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login_firewall:
pattern: ^/login$
anonymous: ~
admin_area:
pattern: ^/*
form_login:
check_path: /login_check
login_path: /login
provider: in_memory
default_target_path: /admin
logout:
path: admin_logout
target: admin_login
#anonymous: ~
#http_basic:
# realm: "Secured Demo Area"
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_ADMIN }
My routing.yml
admin_login:
path: /login
defaults: { _controller: AppBundle:AccessControl:login }
admin_login_check:
path: /login_check
And my controller:
class AccessControlController extends Controller
{
public function loginAction(Request $request)
{
$session = $request->getSession();
// get the login error if there is one
if ($request->attributes->has(SecurityContextInterface::AUTHENTICATION_ERROR)) {
$error = $request->attributes->get(
SecurityContextInterface::AUTHENTICATION_ERROR
);
} elseif (null !== $session && $session->has(SecurityContextInterface::AUTHENTICATION_ERROR)) {
$error = $session->get(SecurityContextInterface::AUTHENTICATION_ERROR);
$session->remove(SecurityContextInterface::AUTHENTICATION_ERROR);
} else {
$error = null;
}
// last username entered by the user
$lastUsername = (null === $session) ? '' : $session->get(SecurityContextInterface::LAST_USERNAME);
return $this->render(
'AppBundle::login.html.twig',
array(
// last username entered by the user
'last_username' => $lastUsername,
'error' => $error,
)
);
}
}
The problem is in your security.yml. When somebody send form, browser sent HTTP request to /login_check to check login and password. But app don't allow to do it as user are not authenticated.
You must add '/login_check' to access_control
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login_check, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_ADMIN }
Or that
access_control:
- { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_ADMIN }
I have a custom user provider, following the guide in:
http://symfony.com/doc/current/cookbook/security/custom_provider.html
All is working without errors, but I don't manage to access the restricted zone.
In my UserProvider class, I set $roles var to have array("ROLE_USER") and that's the permission I need to access route app/list, but when I go to app/list, Symfony redirects me to login again and again.
I've seen the debug toolbar and it results:
Username anon.
Authenticated? yes
Roles { }
Token class Symfony\Component\Security\Core\Authentication\Token\AnonymousToken
My security.yml file is:
security:
firewalls:
secured_area:
pattern: ^/
anonymous: ~
form_login: ~
http_basic:
realm: "Secured Demo Area"
form_login:
provider: webservice
login_path: login
check_path: login_check
always_use_default_target_path: true
default_target_path: listado_actas
logout:
path: logout
target: login
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
providers:
webservice:
id: webservice_user_provider
encoders:
Symfony\Component\Security\Core\User\User: plaintext
Actas\Gestion\UserBundle\Security\User\WebServiceUser:
id: my.encoder.service
My UserProvider class looks like the following. I just call an XML service that gives me a TOKEN that I will store in my UserClass:
public function loadUserByUsername($username)
{
$salt = "";
$roles = "";
// make a call to your webservice here
$password = $this->request->get('_password');
$xml_interface = new XMLInterfaceBundle();
$token = $xml_interface->requestLogin($username, $password);
if (strlen($token) > 10) {
$roles = array("ROLE_USER");
$salt = "";
return new WebserviceUser($username, $password, $salt, $roles, $token);
}
throw new UsernameNotFoundException(sprintf('Username "%s" does not exist.', $username));
}
This is my UserObject in DaoAuthenticationProvider::checkAuthentication()
Actas\Gestion\UserBundle\Security\User\WebserviceUser Object
(
[username:Actas\Gestion\UserBundle\Security\User\WebserviceUser:private] => 44886706X
[password:Actas\Gestion\UserBundle\Security\User\WebserviceUser:private] => 44886706XkCrDP
[salt:Actas\Gestion\UserBundle\Security\User\WebserviceUser:private] =>
[roles:Actas\Gestion\UserBundle\Security\User\WebserviceUser:private] => Array
(
[0] => ROLE_ADMIN
)
[my_token:Actas\Gestion\UserBundle\Security\User\WebserviceUser:private] =>
)
This is my routing.yml:
xml_interface:
resource: "#XMLInterfaceBundle/Resources/config/routing.yml"
prefix: /
actas:
resource: "#ActasBundle/Resources/config/routing.yml"
prefix: /
login:
pattern: /login
defaults: { _controller: UserBundle:Default:login }
login_check:
pattern: /login_check
logout:
pattern: /logout
Just try to set the Role_hierarchy as following:
security:
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
Don't forget to set the role of your User object as ROLE_ADMIN, for example, in order to match the role_hierarchy.