I'm trying to get FOSUserBundle and HWIOAuth working together for handle the authentication of two types of users: representatives and interns. The representatives ones would begin using HWIOAuth and would use Salesforce and internal FOSUserBundle.
I'm trying to set everything but I have problems because Symfony throws this error when I try to access the /login-salesforce or /admin routes.
InvalidConfigurationException in BaseNode.php line 313: Invalid
configuration for path "security.firewalls.admin_area": The check_path
"/login_check" for login method "form_login" is not matched by the
firewall pattern "^/admin".
This is the content of security.yml file:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_REPRESENTATIVE: [ROLE_USER]
ROLE_ADMIN: [ROLE_REPRESENTATIVE, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
#this is the secured area accessed through web browser and only internals are allowed to login
admin_area:
pattern: ^/admin
anonymous: ~
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /login
check_path: /login_check
post_only: true
always_use_default_target_path: true
target_path_parameter: _target_path
use_referer: false
failure_path: null
failure_forward: false
logout:
path: fos_user_security_logout
target: /
#this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
rep_area:
methods: [GET, POST]
pattern: ^/
anonymous: true
logout: true
logout:
path: /logout
target: /
oauth:
resource_owners:
salesforce: "/login/check-salesforce"
login_path: /login
failure_path: /login
oauth_user_provider:
service: pdi_salesforce.oauth_user_provider
access_control:
- { path: ^/reptool, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_SUPER_ADMIN }
From HWIOAuth side I got everything setup, I think (can share if needed by someone). This is the content of routing.yml file:
#HWIOAuthBundle
hwi_oauth_redirect:
resource: "#HWIOAuthBundle/Resources/config/routing/redirect.xml"
prefix: /connect
hwi_oauth_login:
resource: "#HWIOAuthBundle/Resources/config/routing/login.xml"
prefix: /login
salesforce_login:
pattern: /login/check-salesforce
#PDOne
pd_one:
resource: "#PDOneBundle/Controller/"
type: annotation
prefix: /
template:
resource: "#TemplateBundle/Controller/"
type: annotation
prefix: /
#FOSUserBundle
fos_user:
resource: "#FOSUserBundle/Resources/config/routing/all.xml"
#SonataAdmin
admin:
resource: '#SonataAdminBundle/Resources/config/routing/sonata_admin.xml'
prefix: /admin
_sonata_admin:
resource: .
type: sonata_admin
prefix: /admin
What else I am missing? Does any here get those two working together and can share their work to get it done?
Hohoho the problem is here
admin_area:
pattern: ^/admin
anonymous: ~
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /admin/login
check_path: /admin/login_check
post_only: true
always_use_default_target_path: true
target_path_parameter: _target_path
use_referer: false
failure_path: null
failure_forward: false
logout:
path: fos_user_security_logout
target: /
The login_path and check_path need to have /admin at the front.
Related
I'm trying to install an old legacy system from a company I'm freelancing for, but I keep getting
InvalidConfigurationException in ArrayNode.php line 309: Unrecognized
option "oauth" under "security.firewalls.primary"
This code supposedly runs without errors elsewhere is there anything I'm missing? Here's my security.yml where there error is probably in:
imports:
- { resource: ../../../_common/config/security.yml }
security:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|bundles|assets)/
security: false
login:
context: primary
pattern: ^/account/login/$
anonymous: true
anonymous:
context: primary
pattern: ^/account/(register|login/reset-password).*
anonymous: true
primary:
pattern: ^/
form_login:
check_path: UserBundle:Front:loginCheck
login_path: UserBundle:Front:login
remember_me: true
csrf_provider: form.csrf_provider
remember_me:
key: '%secret%'
lifetime: 31536000 # 365 days in seconds
path: /
domain: ~
logout:
path: UserBundle:Front:logout
target: UserBundle:Front:login
oauth:
resource_owners:
facebook: /account/connect/check-facebook/
twitter: /account/connect/check-twitter/
login_path: UserBundle:Front:login
failure_path: UserBundle:Front:logout
oauth_user_provider:
service: user.oauth.manager
access_control:
- { path: ^/account/(login|register|connect), roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_ADMIN }
I have successfully installed HWIOAuthBundle. I login to Facebook with this bundle. After a successful login, I get no response. I see a blank screen.
My config file is:
hwi_oauth:
firewall_name: secured_area
resource_owners:
facebook:
type: facebook
client_id: xxxxxxx
client_secret: xxxxxxx
scope: "email"
infos_url: "https://graph.facebook.com/me?fields=id,name,email,picture.type(square)"
paths:
email: email
profilepicture: picture.data.url
My Security File is:
security:
providers:
hwi:
id: hwi_oauth.user.provider
firewalls:
secured_area:
anonymous: ~
oauth:
resource_owners:
facebook: "/login/check-facebook"
login_path: /login
use_forward: false
failure_path: /login
oauth_user_provider:
service: hwi_oauth.user.provider
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
My Routing file is:
hwi_oauth_redirect:
resource: "#HWIOAuthBundle/Resources/config/routing/redirect.xml"
prefix: /connect
hwi_oauth_login:
resource: "#HWIOAuthBundle/Resources/config/routing/login.xml"
prefix: /login
facebook_login:
path: /login/check-facebook
google_login:
path: /login/check-google
custom_login:
path: /login/check-custom
Try this in your config:
security:
providers:
hwi:
id: hwi_oauth.user.provider
firewalls:
secured_area:
anonymous: ~
oauth:
resource_owners:
facebook: "/login/check-facebook"
login_path: /login
use_forward: false
failure_path: /login
#new line here
default_target_path: / #or something else /profile etc.
oauth_user_provider:
service: hwi_oauth.user.provider
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
I'm getting an error when using 2 firewalls for my Symfony app. I have a firewall for regular members and another for vendors.
The error is "Unable to find the controller for path "/vendor/login-check". Maybe you forgot to add the matching route in your routing configuration?"
The member_secured_area works perfectly fine when I hit any of the login and logout routes, but it does not work for the vendor_secured_area routes.
When I go to the /vendor/dashboard route it redirects me to /vendor/login but posting to the /vendor/login-check fails with the above error.
Thanks
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
vendor_secured_area:
pattern: ^/vendor/dashboard
provider: member
anonymous: false
form_login:
login_path: vendor-login
check_path: vendor-login-check
logout:
path: vendor-logout
target: /
member_secured_area:
pattern: ^/
provider: member
anonymous: ~
form_login:
login_path: member-login
check_path: member-login-check
default_target_path: home
success_handler: security.authentication_handler
failure_handler: security.authentication_handler
logout:
path: member-logout
target: /
remember_me:
key: "%secret_key%"
lifetime: 2592000
path: /
domain: ~
access_control:
member_access:
path: ^/member/dashboard
roles: IS_AUTHENTICATED_REMEMBERED
# vendor_access:
# path: ^/vendor/dashboard
# roles: IS_AUTHENTICATED_REMEMBERED
I've found the issue. My login, logout and check paths were not behind the firewall.
I had to allow anonymous to my vendor secure area to allow the login page to be accessed, then using the access control to require a role.
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
vendor_secured_area:
pattern: ^/vendor/dashboard
provider: member
anonymous: ~
form_login:
login_path: vendor-login
check_path: vendor-login-check
default_target_path: vendor-dashboard-index
always_use_default_target_path: true
logout:
path: vendor-logout
target: /
member_secured_area:
pattern: ^/
provider: member
anonymous: ~
form_login:
login_path: member-login
check_path: member-login-check
default_target_path: home
success_handler: security.authentication_handler
failure_handler: security.authentication_handler
logout:
path: member-logout
target: /
remember_me:
key: "%secret_key%"
lifetime: 2592000
path: /
domain: ~
access_control:
- { path: ^/member/dashboard, roles: IS_AUTHENTICATED_REMEMBERED }
- { path: ^/vendor/dashboard/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/vendor/dashboard, roles: IS_AUTHENTICATED_REMEMBERED }
I've tried to resolve that looking for all the answers but I can't resolve it. I receive the error "Unable to find the controller for path /login_check" when I try to log in. In theory the check_path is behind the firewall...
Here is my security.yml
security:
role_hierarchy:
ROLE_ADMIN: ROLE_USER
firewalls:
public:
pattern: ^/
anonymous: ~
form_login:
login_path: frontend_login
check_path: frontend_login_check
remember_me: true
always_use_default_target_path: true
default_target_path: perfil
logout:
path: frontend_logout
target: frontend_login
access_control:
- { path: ^/perfil/*, roles: ROLE_USER }
providers:
usuarios:
entity: { class: TicketRunner\TicketRunnerBundle\Entity\User, property: email }
encoders:
TicketRunner\TicketRunnerBundle\Entity\User: plaintext
And here is my routing.yml
frontend_login:
pattern: /login
defaults: { _controller: TicketRunnerTicketRunnerBundle:User:login }
frontend_login_check:
pattern: /login_check
Thanks in advance!
I have an application that has two login pages - one for frontend users and one for administrators.
I have a custom auth provider that I would like to use for both. Here is my code:
firewalls:
admin_area:
pattern: ^/admin
anonymous: ~
form_login:
check_path: /admin/admin_login_check
login_path: knetik_admin_user_login
logout:
path: knetik_user_logout
target: _welcome
invalidate_session: true
handlers: [ knetik.authentication.logout.listener ]
context: my_context
secured_area:
pattern: ^/
anonymous: ~
form_login:
check_path: /admin/login_check
login_path: knetik_user_login
remember_me: true
logout:
path: knetik_user_logout
target: _welcome
invalidate_session: true
handlers: [ knetik.authentication.logout.listener ]
knetik_auth:
remember_me: true
remember_me:
key: "%secret%"
lifetime: 2232000
path: /
domain: ~
context: my_context
access_control:
# - { path: ^/, roles: ROLE_USER, requires_channel: http }
- { path: ^/admin, roles: ROLE_ADMIN }
This gives me an error message of:
2InvalidConfigurationException: Invalid configuration for path "security.firewalls.admin_area": The check_path "/login_check" for login method "knetik_auth" is not matched by the firewall pattern "^/admin/".
Looking to see if anyone has run into a similar issue?
this is my project security.yml file maybe will give you some references:
security:
encoders:
myBundle\Service\WebserviceUser: plaintext
entity_admin:
class: My\Entity\Administrator
algorithm: sha1
iterations: 1
encode_as_base64: false
providers:
entity_admin:
entity:
class: myBundle\Entity\Administrator
property: username
provider_members:
id: my_custom.service.user_provider//this is my customized user provider
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
admin_secured_area:
pattern: ^/admin
provider: entity_admin
anonymous: ~
form_login:
login_path: /admin/login
check_path: /admin/login_check
logout:
path: /admin/logout
target: /admin
members_secured_area:
pattern: ^/
provider: provider_members
anonymous: ~
form_login:
check_path: /login_check
login_path: /login
remember_me: true
remember_me:
key: "%secret%"
lifetime: 31536000 # 365 days in seconds
path: /
domain: ~ # Defaults to the current domain from $_SERVER
logout:
path: /logout
target: /
access_control:
admin_login:
path: /admin/login
roles: IS_AUTHENTICATED_ANONYMOUSLY
admin_area:
path: ^/admin
roles: ROLE_ADMIN
members_login:
path: /login
roles: IS_AUTHENTICATED_ANONYMOUSLY
members_area:
path: ^/
roles: ROLE_USER
For implementing multiple login in symfony 2XX, try the following code
Security.yml
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
Company\AngularBundle\Entity\User: plaintext
Company\AngularBundle\Entity\Admin: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
users:
entity: { class: CompanyAngularBundle:User, property: username }
admin:
entity: { class: CompanyAngularBundle:Admin, property: username }
firewalls:
admin_secured_area:
pattern: ^/admin
anonymous: ~
provider: admin
form_login:
login_path: /admin/login
check_path: /admin/login_check
default_target_path: /admin
user_secured_area:
pattern: ^/
anonymous: ~
provider: users
form_login:
login_path: login
check_path: login_check
default_target_path: /home
routing.yml
login_check:
path: /login_check
admin_login_check:
path: /admin/login_check
Twig file
Action of login form should be like this
<form action="{{ path('login_check') }}" method="post">
Action of admin/login form should be like this
<form action="{{ path('admin_login_check') }}" method="post">