I'm currently trying to implement the remember me functionality in a Symfony2 project following this guide http://symfony.com/doc/master/cookbook/security/remember_me.html.
(I'm currently developing in locale)
So my currently configuration in the security.yml is:
form_login:
[...]
remember_me: true
remember_me:
key: secretKey
lifetime: 31536000 # 365 days in seconds
path: /
domain: localhost # Defaults to the current domain from $_SERVER
access_control:
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login-check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, role: [IS_AUTHENTICATED_REMEMBERED, ROLE_ADMIN] }
The "REMEMBERME" cookie is created at login and it's still present after I close the browser window. When I open the browser again the cookie is still there, but it gets deleted when I try to access the /admin path and then I get redirected to the login page.
Can't really get my head around is...has anybody encountered problems like this?
Thanks
Maybe there is another rule matched in your access_control
from here: http://symfony.com/doc/current/book/security.html#securing-url-patterns-access-control
You can define as many URL patterns as you need - each is a regular expression. BUT, only one will be matched...
Also read this: http://symfony.com/doc/current/cookbook/security/access_control.html
Basic solution
"Remember me" function in FosUserBundle 1.3.5 (with Symfony 2.6) works for me. I just want to be logged in on my page (see user name, picture ...), after browser was closed.
There is a difference between 'IS_AUTHENTICATED_FULLY' and 'IS_AUTHENTICATED_REMEMBERED'.
In my twig:
{% if is_granted('IS_AUTHENTICATED_REMEMBERED') %}
...
{% endif %}
In my security.yml I used default configuration from Symfony Cookbook (How to Add "Remember Me" Login Functionality). Otherwise it is plain security.yml form FossUserBundle Github documentation.
# app/config/security.yml
security:
providers:
fos_userbundle:
id: fos_user.user_provider.username
encoders:
FOS\UserBundle\Model\UserInterface: sha512
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
remember_me:
key: "%secret%"
lifetime: 31536000 # 365 days in seconds
path: /
domain: ~ # Defaults to the current domain from $_SERVER
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
P.S I have to clear:cache to have it work in IE11
Related
I've been having an issue with Symfony 3.3.9. Sometimes, not always, when a user logs in with the correct username and password, it redirects to the main page like it should, but then back to the login page.
I know the user is logged in because I can grab the user's information with twig from the login page.
It is really strange, because this doesn't happen all the time. It seems random and difficult to reproduce.
I've been looking into this issue for days and can't figure out why this is happening. Looking for some suggestions.
Thanks.
Edit-1 added code
Edit-2
When I get redirected to the login, I've tried typing the main page url to manually go there. This doesn't work, even though I am logged in. If I wait a minute or so however, this does work.
I'm using the FOS user bundle
here's my config.yml
# fos bundle
fos_user:
db_driver: orm
firewall_name: main
user_class: Acme\Entity\User
here's my security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_EMPLOYEE: [ROLE_USER]
ROLE_MANAGER: [ROLE_EMPLOYEE]
ROLE_ADMIN: [ROLE_MANAGER]
ROLE_SUPER_ADMIN: [ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH]
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
always_use_default_target_path: true
default_target_path: after_login
# if you are using Symfony < 2.8, use the following config instead:
# csrf_provider: form.csrf_provider
logout: true
anonymous: true
switch_user: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/administration/roe, role: ROLE_ADMIN }
- { path: ^/administration/generateaccessemployees, role: ROLE_ADMIN }
- { path: ^/administration/location, role: ROLE_ADMIN }
- { path: ^/administration/payroll/closepp, role: ROLE_ADMIN }
- { path: ^/administration/t4, role: ROLE_ADMIN }
- { path: ^/administration/eft, role: ROLE_ADMIN }
- { path: ^/administration/stubmessage, role: ROLE_ADMIN }
- { path: ^/administration/payroll_reminder, role: ROLE_ADMIN }
- { path: ^/administration, role: ROLE_MANAGER }
- { path: ^/admin/exit_impersonation, role: ROLE_PREVIOUS_ADMIN }
- { path: ^/admin, role: ROLE_SUPER_ADMIN }
In my login_content.html.twig, I'm able to see:
{{ app.user.username }}
Definitely would need to see some code, more specifically to help get to the root of the problem whatever function is run on login.
EDIT:
In the security.yml you can specify a login_path, in example:
my_firewall:
pattern: ^/(secured_area)/
provider: my_provider
anonymous: ~
form_login:
login_path: my_login_path
default_target_path: /dashboard
And in the routing.yml you can map the route as:
my_login_path:
pattern: /my/relative/url/for/login
defaults: { _controller: MySecurityBundle:Security:login }
then you can use an a normal route, in you specific case:
return $this->forward($this->generateUrl('my_login_path'));
The only reason I suggest this is because default routing after login is causing issues for you.
I have built a website with symfony 2.8, I use FOSUserBundle for authentication, user management etc, and I have an issue that I can solve.
For no apparent reason to me, the "rememberme" cookie won't act like as expected.
I pretty sure I've just missed a config parameter in some way but I'm looking for it since hours and can't find it.
I'm using php 7.0 on an apache 2.0 server.
There is my config.yml file (in most part) :
framework:
#esi: ~
translator: { fallbacks: ["%locale%"] }
secret: "%secret%"
router:
resource: "%kernel.root_dir%/config/routing.yml"
strict_requirements: ~
form: ~
csrf_protection: ~
validation: { enable_annotations: true }
#serializer: { enable_annotations: true }
templating:
engines: ['twig']
default_locale: "%locale%"
trusted_hosts: ~
trusted_proxies: ~
session:
# handler_id set to null will use default session handler from php.ini
handler_id: ~
save_path: "%kernel.root_dir%/sessions/"
fragments: ~
http_method_override: true
...
fos_user:
db_driver: orm
firewall_name: main
user_class: UserBundle\Entity\User
from_email:
address: "%email_referer%"
sender_name: "App"
group:
group_class: UserBundle\Entity\Group
group_manager: sonata.user.orm.group_manager
resetting:
email:
template: :mail:resetting_password.html.twig
service:
mailer: fos_user.mailer.twig_swift
user_manager: sonata.user.orm.user_manager
And there is my security.yml :
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_CHAMPION: [ROLE_USER]
ROLE_ENTREPRISE: [ROLE_USER]
ROLE_ADMIN: [ROLE_USER, ROLE_SONATA_ADMIN, ROLE_A, ROLE_B]
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
SONATA:
- ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT
providers:
fos_userbundle:
id: fos_user.user_manager
firewalls:
admin:
pattern: ^/admin
context: user
form_login:
provider: fos_userbundle
login_path: login
use_forward: true
check_path: sonata_user_admin_security_check
failure_path: null
default_target_path: sonata_admin_dashboard
logout:
path: sonata_user_admin_security_logout
target: homepage
invalidate_session: false
anonymous: true
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: .*
context: user
form_login:
provider: fos_userbundle
login_path: login
use_forward: false
check_path: /login_check
failure_path: null
csrf_token_generator: security.csrf.token_manager
default_target_path: profile
logout:
path: logout
target: homepage
invalidate_session: false
anonymous: true
remember_me:
secret: '%secret%'
lifetime: 15724800 # 6 months
path: /
domain: ~
secure: true
access_control:
# Some public pages
- { path: ^/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/cgu$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/cgv$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/contact$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/faq$, role: IS_AUTHENTICATED_ANONYMOUSLY }
# URL of FOSUserBundle which need to be available to anonymous users
- { path: ^/connexion, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Admin login page needs to be accessed without credential
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: ^/admin/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Admin
- { path: ^/admin/, role: [ROLE_ADMIN, ROLE_SONATA_ADMIN] }
# Partie connectée
- { path: ^/, role: IS_AUTHENTICATED_REMEMBERED }
acl:
connection: default
EDIT:
I did some tests and it appears that my REMEMBERME cookie is not deleted, its still here, with the same startdate and enddate than before.
So, I can close and open my browser, the cookie is still here and when I do this I'm still authenticated (and can go to the admin). But when I just stay "idle" for a period of time and I want to access to the admin section, I'm redirected to the login page.
The REMEMBERME cookie still exists, but at this point, I can't access to the page I could when I was starting my browser.
EDIT 2 :
It appears the session lifetime is the "cause" of my problems. But what I want is that when a user check "Remember me" option he has no longer need to login again, even if he keep a tab of my site open for x days in background (like a mobile browser do). How can I do that ?
EDIT 16/08/2017 :
I've added a line in my security.yml file :
domain: ~
It appears that this line make the system work. The issue is no longer detected on my computer with Chrome and Firefox (in case one of these two was playing with my cookies).
PS : I will update this ticket in some days, to "validate" it, if the problem don't show up again.
I think you are talking about your session lifetime more than remember me feature.
In your config.yml you can configure the framework to use a custom session lifetime.
framework:
session:
cookie_lifetime: 3600
If this configuration is not set, the value from your php.ini will be used.
Hope it helps.
The issue no longer appears, the solution seems to be the "domain" parameter :
domain: ~
I have integrated the FOS user bundle just as the quick guide tells you to do. it seem to work except that once I log in and redirects it loses the session for some reason and I'm back as anonymous user.
This is what i get when I log in before I'm redirect back:
As you can see I'm successfully logged in and should be redirect to the homepage. However when I'm on the homepage I'm redirected back to the login because I check if the user is logged in or not. So somehow it does not remember that I logged in.
This is my configuration for security.xml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
in_memory:
memory: ~
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
check_path: /login_check
login_path: /login
provider: fos_userbundle
default_target_path: /
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
config.yml
fos_user:
db_driver: orm # other valid values are 'mongodb', 'couchdb' and 'propel'
firewall_name: main
user_class: UserBundle\Entity\User
I obviously added the bundle to the app kernel and created the user entity. when i run the doctrine command it successfully creates the user table, etc...
I have this working fine in another project, the only difference is that for this project I'm using docker. Would this cause a problem?
Edit:
This is the code I use to check if the user is logged in:
if(!$this->container->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY') ){
return $this->redirect($this->generateUrl('fos_user_security_login'));
}
And the toolbar shows me as anonymous after the login_check redirects.
It was brought to my attention that if mysave_path is under /var/www/project which is mounted on my local machine it would not work.
So in config.yml I commented out the handler_id and changed thesave_path value to ~
I'm using Symfony 3.1 with FOSUserBundle.
I read the docs and integrated FOS in Symfony, here all right, the registration seems to work well and persists the data to the DB, BUT, if I try to login I get redirected again to the login page as an anonymous user.
I checked the Symfony Profiler, and I can see that when it's called the path /login_check (in the profiler) the user result as authenticated, but then after the /login_check phase, when I get redirected, the user is as anonymous...
--
/login_check from profiler:
Property Value
Roles [ROLE_USER]
Inherited Roles none
Token class Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken
--
The sessions seems to exist (dump(app.session)) is not empty, but no stores data of user.
That's my security.yml:
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
login_path: /login
check_path: /login_check
default_target_path: /redirLogIn
# csrf_token_generator: security.csrf.token_manager
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: ^/admin.*, role: ROLE_ADMIN}
# - { path: ^/, role: ROLE_USER}
(I disabled the csrf token due to problems on registration)
(This is an intranet, there is no "homepage", as you open the site you are requested to login)
Why this?
Thanks
I'm not sure I understand the question you are asking, but maybe it's why you are being directed to login when you open the site?
If so, this is why:
default_target_path: /redirLogIn
Change the above to the path (route) you need.
You need to improve the indentation in the file
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
in_memory:
memory: ~
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
# activate different ways to authenticate
# http_basic: ~
# http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate
# form_login: ~
# http://symfony.com/doc/current/cookbook/security/form_login_setup.html
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
# if you are using Symfony < 2.8, use the following config instead:
# csrf_provider: form.csrf_provider
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
So I've mangaged to get the FOSFacebook bundle integrated into my app alongside the FOSUser bundle. Now it's working properly on my dev server minus a few bugs but it works.
UPDATE: So for some reason facebook is setting the cookie to mysite.com.au instead of subdomain.mysite.com which means that it fails to pick up on the cookie and goes to the default failure page which is /facebook/login.
Now for some reason when I deployed it to my live server, which has the same address(I'm changing my hosts file to simulate the domain) when I try to login I get
"No route found for "GET /facebook/login"
If I try to access this page on the dev, I get the same message, but normally it logs me in and then redirects me to the index.
On the live it gets stuck on /facebook/login
Here's my security.yml
security:
encoders:
"FOS\UserBundle\Model\UserInterface": sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
fos_userbundle:
id: fos_user.user_manager
my_fos_facebook_provider:
id: my.facebook.user
factories:
- "%kernel.root_dir%/../vendor/bundles/FOS/FacebookBundle/Resources/config/security_factories.xml"
firewalls:
public:
pattern: ^/
fos_facebook:
app_url: "(set to the apps.facebook link I have)"
server_url: "http://testbed.mysite.com/app_dev.php/"
check_path: /facebook/check
login_path: /facebook/login
default_target_path: /
provider: my_fos_facebook_provider
form_login:
success_handler: authentication_handler
failure_handler: authentication_handler
provider: fos_userbundle
anonymous: true
logout: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/testing/secure/, role: IS_AUTHENTICATED_FULLY }
- { path: ^/admin/secure/, role: ROLE_ADMIN }
- { path: ^/account, role: IS_AUTHENTICATED_FULLY }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
If you need a look at any other files, let me know
Obviously there is no route for /facebook/login but I believe it's supposed to be that way.
Any ideas people?
Just define login_path as the default path set up in the security.yml :
_security_login:
pattern: /login
requirements:
_scheme: https
_security_check:
pattern: /login_check
requirements:
_scheme: https
_security_logout:
pattern: /logout
requirements:
_scheme: https
You can define your own controller for login_path if you need some specific treatment but you don't have to !
It turns out that somehow on my live site I'd forgotten to setup parameters.ini correctly and as such whenever I attempted to login it'd fail but never actually fully fail.