I'm using Symfony 2.3 and I've created a custom user provider and everything works fine so far except for that following message shows:
Weird thing is that for example in Twig I can do:
{{ app.user.username }}
And it prints fine the username of the logged user.
I've tracked the printing of that message in this view and this is the corresponding controller.
Seems that the class SecurityDataCollector is initialized with a parameter of type SecurityContextInterface with a value of $this->get('security.context', ContainerInterface::NULL_ON_INVALID_REFERENCE)
The problem seems to be that security.context does not exists and I don't know how to set that security context and in the example they don't set them. How can I fix this?
---- app/config/security.yml ----
security:
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
encoders:
Company\Shared\CompanyldapBundle\Security\User\ldapUser: plaintext
providers:
ldap_user_provider:
id: ldap_user_provider
firewalls:
main:
provider: ldap_user_provider
pattern: ^/
form_login:
login_path: login
check_path: login_check
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/(_(profiler|wdt)|css|images|js)/, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_USER }
Related
I've been having an issue with Symfony 3.3.9. Sometimes, not always, when a user logs in with the correct username and password, it redirects to the main page like it should, but then back to the login page.
I know the user is logged in because I can grab the user's information with twig from the login page.
It is really strange, because this doesn't happen all the time. It seems random and difficult to reproduce.
I've been looking into this issue for days and can't figure out why this is happening. Looking for some suggestions.
Thanks.
Edit-1 added code
Edit-2
When I get redirected to the login, I've tried typing the main page url to manually go there. This doesn't work, even though I am logged in. If I wait a minute or so however, this does work.
I'm using the FOS user bundle
here's my config.yml
# fos bundle
fos_user:
db_driver: orm
firewall_name: main
user_class: Acme\Entity\User
here's my security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_EMPLOYEE: [ROLE_USER]
ROLE_MANAGER: [ROLE_EMPLOYEE]
ROLE_ADMIN: [ROLE_MANAGER]
ROLE_SUPER_ADMIN: [ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH]
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
always_use_default_target_path: true
default_target_path: after_login
# if you are using Symfony < 2.8, use the following config instead:
# csrf_provider: form.csrf_provider
logout: true
anonymous: true
switch_user: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/administration/roe, role: ROLE_ADMIN }
- { path: ^/administration/generateaccessemployees, role: ROLE_ADMIN }
- { path: ^/administration/location, role: ROLE_ADMIN }
- { path: ^/administration/payroll/closepp, role: ROLE_ADMIN }
- { path: ^/administration/t4, role: ROLE_ADMIN }
- { path: ^/administration/eft, role: ROLE_ADMIN }
- { path: ^/administration/stubmessage, role: ROLE_ADMIN }
- { path: ^/administration/payroll_reminder, role: ROLE_ADMIN }
- { path: ^/administration, role: ROLE_MANAGER }
- { path: ^/admin/exit_impersonation, role: ROLE_PREVIOUS_ADMIN }
- { path: ^/admin, role: ROLE_SUPER_ADMIN }
In my login_content.html.twig, I'm able to see:
{{ app.user.username }}
Definitely would need to see some code, more specifically to help get to the root of the problem whatever function is run on login.
EDIT:
In the security.yml you can specify a login_path, in example:
my_firewall:
pattern: ^/(secured_area)/
provider: my_provider
anonymous: ~
form_login:
login_path: my_login_path
default_target_path: /dashboard
And in the routing.yml you can map the route as:
my_login_path:
pattern: /my/relative/url/for/login
defaults: { _controller: MySecurityBundle:Security:login }
then you can use an a normal route, in you specific case:
return $this->forward($this->generateUrl('my_login_path'));
The only reason I suggest this is because default routing after login is causing issues for you.
I'm using Symfony 3.1 with FOSUserBundle.
I read the docs and integrated FOS in Symfony, here all right, the registration seems to work well and persists the data to the DB, BUT, if I try to login I get redirected again to the login page as an anonymous user.
I checked the Symfony Profiler, and I can see that when it's called the path /login_check (in the profiler) the user result as authenticated, but then after the /login_check phase, when I get redirected, the user is as anonymous...
--
/login_check from profiler:
Property Value
Roles [ROLE_USER]
Inherited Roles none
Token class Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken
--
The sessions seems to exist (dump(app.session)) is not empty, but no stores data of user.
That's my security.yml:
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
login_path: /login
check_path: /login_check
default_target_path: /redirLogIn
# csrf_token_generator: security.csrf.token_manager
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: ^/admin.*, role: ROLE_ADMIN}
# - { path: ^/, role: ROLE_USER}
(I disabled the csrf token due to problems on registration)
(This is an intranet, there is no "homepage", as you open the site you are requested to login)
Why this?
Thanks
I'm not sure I understand the question you are asking, but maybe it's why you are being directed to login when you open the site?
If so, this is why:
default_target_path: /redirLogIn
Change the above to the path (route) you need.
You need to improve the indentation in the file
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
in_memory:
memory: ~
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
# activate different ways to authenticate
# http_basic: ~
# http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate
# form_login: ~
# http://symfony.com/doc/current/cookbook/security/form_login_setup.html
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
# if you are using Symfony < 2.8, use the following config instead:
# csrf_provider: form.csrf_provider
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
I'm currently trying to implement the remember me functionality in a Symfony2 project following this guide http://symfony.com/doc/master/cookbook/security/remember_me.html.
(I'm currently developing in locale)
So my currently configuration in the security.yml is:
form_login:
[...]
remember_me: true
remember_me:
key: secretKey
lifetime: 31536000 # 365 days in seconds
path: /
domain: localhost # Defaults to the current domain from $_SERVER
access_control:
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login-check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, role: [IS_AUTHENTICATED_REMEMBERED, ROLE_ADMIN] }
The "REMEMBERME" cookie is created at login and it's still present after I close the browser window. When I open the browser again the cookie is still there, but it gets deleted when I try to access the /admin path and then I get redirected to the login page.
Can't really get my head around is...has anybody encountered problems like this?
Thanks
Maybe there is another rule matched in your access_control
from here: http://symfony.com/doc/current/book/security.html#securing-url-patterns-access-control
You can define as many URL patterns as you need - each is a regular expression. BUT, only one will be matched...
Also read this: http://symfony.com/doc/current/cookbook/security/access_control.html
Basic solution
"Remember me" function in FosUserBundle 1.3.5 (with Symfony 2.6) works for me. I just want to be logged in on my page (see user name, picture ...), after browser was closed.
There is a difference between 'IS_AUTHENTICATED_FULLY' and 'IS_AUTHENTICATED_REMEMBERED'.
In my twig:
{% if is_granted('IS_AUTHENTICATED_REMEMBERED') %}
...
{% endif %}
In my security.yml I used default configuration from Symfony Cookbook (How to Add "Remember Me" Login Functionality). Otherwise it is plain security.yml form FossUserBundle Github documentation.
# app/config/security.yml
security:
providers:
fos_userbundle:
id: fos_user.user_provider.username
encoders:
FOS\UserBundle\Model\UserInterface: sha512
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
remember_me:
key: "%secret%"
lifetime: 31536000 # 365 days in seconds
path: /
domain: ~ # Defaults to the current domain from $_SERVER
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
P.S I have to clear:cache to have it work in IE11
I can't understand why anonimous user can access to routes I want to protect "^/nodes$" and "^/destinations$".
Where I'm wrong? I've read with attention this resource http://symfony.com/doc/current/book/security.html but anyway those url can viewed by anonimous!
This is my security.yml:
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
memory:
users:
user: { password: athena_user_2014, roles: [ 'ROLE_USER' ] }
admin: { password: athenaspa2014, roles: [ 'ROLE_ADMIN' ] }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/backend
form_login:
check_path: /backend/login_check
login_path: /backend/login
csrf_provider: form.csrf_provider
logout:
path: /backend/logout
target: /
#http_basic:
# realm: "Secured Demo Area"
access_control:
- { path: ^/nodes, roles: ROLE_ADMIN }
- { path: ^/destinations, roles: ROLE_ADMIN }
Your paths are not part of any of your firewall-patterns. You could make the following changes for it to work:
firewalls:
secured_area:
pattern: ^/
...
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/backend, role: ROLE_ADMIN }
- { path: ^/node, role: ROLE_ADMIN }
...
- { path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }
The last path is pretty much, what anonymous: true does. When no other access-control matched, the user is not required to be logged in. If you want to be more restrictive, you could do it like the first path ^/login$ which specifies which routes require authentication. Be aware, that the first matching route is used, so be careful of how you order them.
Alternatively you could add another firewall. But keep in mind, that each firewall provides a separate login.
You can also test your routes from the console using the php app/console router-commands. If you are not sure how to use them just type php app/console help router:match for instance
So I've mangaged to get the FOSFacebook bundle integrated into my app alongside the FOSUser bundle. Now it's working properly on my dev server minus a few bugs but it works.
UPDATE: So for some reason facebook is setting the cookie to mysite.com.au instead of subdomain.mysite.com which means that it fails to pick up on the cookie and goes to the default failure page which is /facebook/login.
Now for some reason when I deployed it to my live server, which has the same address(I'm changing my hosts file to simulate the domain) when I try to login I get
"No route found for "GET /facebook/login"
If I try to access this page on the dev, I get the same message, but normally it logs me in and then redirects me to the index.
On the live it gets stuck on /facebook/login
Here's my security.yml
security:
encoders:
"FOS\UserBundle\Model\UserInterface": sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
fos_userbundle:
id: fos_user.user_manager
my_fos_facebook_provider:
id: my.facebook.user
factories:
- "%kernel.root_dir%/../vendor/bundles/FOS/FacebookBundle/Resources/config/security_factories.xml"
firewalls:
public:
pattern: ^/
fos_facebook:
app_url: "(set to the apps.facebook link I have)"
server_url: "http://testbed.mysite.com/app_dev.php/"
check_path: /facebook/check
login_path: /facebook/login
default_target_path: /
provider: my_fos_facebook_provider
form_login:
success_handler: authentication_handler
failure_handler: authentication_handler
provider: fos_userbundle
anonymous: true
logout: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/testing/secure/, role: IS_AUTHENTICATED_FULLY }
- { path: ^/admin/secure/, role: ROLE_ADMIN }
- { path: ^/account, role: IS_AUTHENTICATED_FULLY }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
If you need a look at any other files, let me know
Obviously there is no route for /facebook/login but I believe it's supposed to be that way.
Any ideas people?
Just define login_path as the default path set up in the security.yml :
_security_login:
pattern: /login
requirements:
_scheme: https
_security_check:
pattern: /login_check
requirements:
_scheme: https
_security_logout:
pattern: /logout
requirements:
_scheme: https
You can define your own controller for login_path if you need some specific treatment but you don't have to !
It turns out that somehow on my live site I'd forgotten to setup parameters.ini correctly and as such whenever I attempted to login it'd fail but never actually fully fail.