I use SonataAdminBundle, but I have a some trouble. When I log as admin and then loging put, I still can acces to dashboard panel, and in profile displays like I am authenticated as admin. What I am doing wrong and how I can solve this issue ? Thanks!
Configure security.yml:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: [ROLE_USER, ROLE_SONATA_ADMIN]
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
SONATA:
- ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT # if you are using acl then this line must be commented
providers:
fos_userbundle:
id: fos_user.user_manager
firewalls:
# Disabling the security for the web debug toolbar, the profiler and Assetic.
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# -> custom firewall for the admin area of the URL
admin:
pattern: /admin(.*)
context: user
form_login:
provider: fos_userbundle
login_path: /admin/login
use_forward: false
check_path: /admin/login_check
failure_path: null
default_target_path: /admin/dashboard
logout:
path: /admin/logout
target: /admin/login
anonymous: true
# -> end custom configuration
# default login area for standard users
# This firewall is used to handle the public login area
# This part is handled by the FOS User Bundle
main:
pattern: .*
context: user
form_login:
provider: fos_userbundle
login_path: /login
use_forward: false
check_path: /login_check
failure_path: null
logout: true
anonymous: true
access_control:
# URL of FOSUserBundle which need to be available to anonymous users
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Admin login page needs to be access without credential
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Secured part of the site
# This config requires being logged for the whole site and having the admin role for the admin part.
# Change these rules to adapt them to your needs
- { path: ^/admin/, role: [ROLE_ADMIN, ROLE_SONATA_ADMIN] }
- { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
Regards.
Related
So I made that Role_User could access the website only from a certain IP adress. Everything works like a charm except if a user is connecting from a different IP I try to redirecting it to /en/logout. But it pops up an error
"You must activate the logout security firewall configuration".
Really need help.
security:
encoders:
App\Entity\User: bcrypt
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/
user_checker: App\Security\UserChecker
anonymous: true
stateless: false
guard:
authenticators:
- App\Security\TokenAuthenticator
remember_me:
secret: '%kernel.secret%'
lifetime: 604800
path: /
form_login:
provider: fos_userbundle
check_path: fos_user_security_check
login_path: fos_user_security_login
csrf_token_generator: security.csrf.token_manager
logout:
path: fos_user_security_logout
target: /(%app_locales%)/login
access_denied_url: /(%app_locales%)/logout
role_hierarchy:
ROLE_USER: ROLE_USER
ROLE_TEAMLEAD: ROLE_CUSTOMER
ROLE_ADMIN: ROLE_TEAMLEAD
ROLE_SUPER_ADMIN: ROLE_ADMIN
access_control:
- { path: '^/(%app_locales%)/timesheet', role: ROLE_USER, ip: [IP.IP.IP.IP] }
- { path: '^/(%app_locales%)/timesheet', role: ROLE_ADMIN }
- { path: '^/(%app_locales%)/timesheet', roles: ROLE_NO_ACCESS }
- { path: '^/(%app_locales%)$', role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '^/(%app_locales%)/login', role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '^/(%app_locales%)/register', role: IS_AUTHENTICATED_ANONYMOUSLY, ip: [IP.IP.IP.IP] }
- { path: '^/(%app_locales%)/resetting', role: IS_AUTHENTICATED_ANONYMOUSLY, ip: [IP.IP.IP.IP] }
- { path: '^/(%app_locales%)/', roles: ROLE_USER, ip: [IP.IP.IP.IP] }
- { path: '^/api', roles: IS_AUTHENTICATED_REMEMBERED, ip: [IP.IP.IP.IP] }
- { path: '^/(%app_locales%)/login$', roles: ROLE_NO_ACCESS }
You need to provide path to logout in your access_control list with right parameters. Now your /en/logout authorised by role ROLE_USER and ip [IP.IP.IP.IP]. You need to add next line:
access_control:
...
- { path: '^/(%app_locales%)/logout', roles: ROLE_USER }
...
As you can see I removed dependency on IP-address to be authorised on path /en/logout. Now it depends only on ROLE_USER role of your user.
I think that on top of the access_control entry that Michael posted, you should change the
access_denied_url: /(%app_locales%)/logout
into
access_denied_url: fos_user_security_logout
That seemed to be the issue in a similar case
i created this website and used FOS_user bundle as user Manager, while developing the application everything worked fine, i can log in and register and everything on local machine using wampserver, but when i uploaded it to a hosting server the problem started, i can login on admin.domain on both dev and prod environments but not on www.domain, i get www.domain/login_check and "this page isn't working" any help will be appreciated
security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
# https://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
user_checker: security.user_checker
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
check_path: fos_user_security_check
csrf_token_generator: security.csrf.token_manager
# default_target_path: homepage
# always_use_default_target_path: true
logout:
path: fos_user_security_logout
target: homepage
anonymous: true
http_basic: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/ar/admin/, role: ROLE_ADMIN }
- { path: ^/en/admin/, role: ROLE_ADMIN }
- { path: ^/fr/admin/, role: ROLE_ADMIN }
after 3 days of trying to figure this out and after trying every possible solution turns out it's a server problem, they needed to add permission to access user table from www.domain
I'm using Symfony 3.1 with FOSUserBundle.
I read the docs and integrated FOS in Symfony, here all right, the registration seems to work well and persists the data to the DB, BUT, if I try to login I get redirected again to the login page as an anonymous user.
I checked the Symfony Profiler, and I can see that when it's called the path /login_check (in the profiler) the user result as authenticated, but then after the /login_check phase, when I get redirected, the user is as anonymous...
--
/login_check from profiler:
Property Value
Roles [ROLE_USER]
Inherited Roles none
Token class Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken
--
The sessions seems to exist (dump(app.session)) is not empty, but no stores data of user.
That's my security.yml:
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
login_path: /login
check_path: /login_check
default_target_path: /redirLogIn
# csrf_token_generator: security.csrf.token_manager
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: ^/admin.*, role: ROLE_ADMIN}
# - { path: ^/, role: ROLE_USER}
(I disabled the csrf token due to problems on registration)
(This is an intranet, there is no "homepage", as you open the site you are requested to login)
Why this?
Thanks
I'm not sure I understand the question you are asking, but maybe it's why you are being directed to login when you open the site?
If so, this is why:
default_target_path: /redirLogIn
Change the above to the path (route) you need.
You need to improve the indentation in the file
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
in_memory:
memory: ~
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
# activate different ways to authenticate
# http_basic: ~
# http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate
# form_login: ~
# http://symfony.com/doc/current/cookbook/security/form_login_setup.html
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
# if you are using Symfony < 2.8, use the following config instead:
# csrf_provider: form.csrf_provider
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
I switched to my prod environemnt today and started testing. Everything is working great with my admin user. The problem is when I switch to another user, that has a role PROVIDER. This user is only able to add products or import them in admin panel. However, when I go to admin dashboard I get these errors:
Warning: Missing argument 1 for Sonata\AdminBundle\Admin\Admin::__construct(), called in C:\wamp\www\karpedeal_b2c\vendor\ed\blog-bundle\Security\Authorization\Voter\ArticleVoter.php on line 37 and defined in C:\wamp\www\karpedeal_b2c\app\cache\prod\classes.php on line 5473
No idea whats going on since in DEV environment everything works. I can login with provider user, import products etc... in prod, i cant.
For some reason it is trying to access somethin in the blog bundle, however this user does not have any rights to blogs... What is the problem then?
role_hierarchy:
ROLE_PROVIDER: [ROLE_USER, ROLE_SONATA_PROVIDER]
ROLE_ADMIN: [ROLE_USER, ROLE_SONATA_PROVIDER, ROLE_SONATA_ADMIN, ROLE_BLOG_USER, ROLE_BLOG_ADMIN]
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
ROLE_SONATA_PROVIDER:
- ROLE_MP_SHOP_ADMIN_PRODUCT_LIST
- ROLE_MP_SHOP_ADMIN_PRODUCT_VIEW
- ROLE_MP_SHOP_ADMIN_IMPORTER_LIST
- ROLE_MP_SHOP_ADMIN_IMPORT_SCHEMA_CREATE
- ROLE_MP_SHOP_ADMIN_IMPORT_SCHEMA_LIST
SONATA:
- ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT # if you are using acl then this line must be commented
ROLE_SONATA_EMPLOYEE:
- ROLE_MP_SHOP_ADMIN_PRODUCT_LIST
- ROLE_MP_SHOP_ADMIN_PRODUCT_VIEW
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
admin:
pattern: /admin(.*)
context: user
form_login:
provider: fos_userbundle
login_path: /admin/login
use_forward: false
check_path: /admin/login_check
failure_path: null
logout:
path: /admin/logout
anonymous: true
main:
pattern: ^/
context: user
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /login
#use_forward: false
check_path: fos_user_security_check
#failure_path: null
always_use_default_target_path: false
default_target_path: profile
logout:
path: fos_user_security_logout
oauth:
resource_owners:
facebook: "/login/check-facebook"
login_path: /login
failure_path: /login
oauth_user_provider:
service: my_user_provider
anonymous: true
default:
anonymous: ~
# activate different ways to authenticate
access_control:
# URL of FOSUserBundle which need to be available to anonymous users
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Admin login page needs to be access without credential
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Secured part of the site
# This config requires being logged for the whole site and having the admin role for the admin part.
# Change these rules to adapt them to your needs
- { path: ^/admin/, role: [ROLE_PROVIDER, ROLE_ADMIN, ROLE_SONATA_ADMIN, ROLE_SONATA_PROVIDER] }
- { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
acl:
connection: default
UPDATE:
When changing AppKernel $kernel = new AppKernel('prod', true);everything works, so the debugger is causing the problems? How can that be?
I have a symfony 2 app, with normal members and admin area, but for some reason, i can't get the admin area login part to work. Read all the questions here about the theme and try them but none of them worked for me.
The initial problem i think, is the check route is not behind the firewall, so symfony security not recognise it.
my security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
Symfony\Component\Security\Core\User\User: sha512
firewalls:
alogin:
pattern: ^/admin/login$
security: false
main:
pattern: ^/admin
provider: in_memory
form_login:
check_path: /admin/login_check
login_path: /admin/login
default_target_path: /admin/list
logout:
path: /admin/logout
target: /admin
main:
pattern: ^/(?!admin)
form_login:
provider: fos_userbundle
login_path: /
failure_handler: public.failed_login_handler
success_handler: public.success_login_handler
logout: true
anonymous: true
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
in_memory:
memory:
users:
ryan: { password: ryanpass, roles: 'ROLE_ADMIN' }
role_hierarchy:
ROLE_VIP: ROLE_USER
ROLE_ADMIN: ROLE_VIP
ROLE_SUPER_ADMIN: ROLE_ADMIN
access_control:
- { path: ^/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/.*, role: ROLE_ADMIN }
- { path: ^/admin, role: ROLE_ADMIN }
- { path: ^/.*, role: ROLE_USER }
Without the main firewall, it's working, with it, i got 404 for the /admin/login_check.
Problem that you have 2 firewalls with the same name main. Firewall must be with unique name.