I'm using FOSUserBundle in an ongoing project and everything works fine but I'm having a small problem when I close session because I go to the index of the application instead of staying in the safe area (secured) which is /admin/login where the login form is. This is my security.yml:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout:
path: /logout
target: /admin
invalidate_session: false
anonymous: true
access_control:
- { path: ^/admin, role: ROLE_ADMIN }
anyone can tell me where I am making the mistake?
I think it's the anonymous: true. If you basically want the whole site to be under access control, with no pages apart from the login page being accessible to someone not logged in then you want something like this:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout:
path: /logout
target: /admin
invalidate_session: false
anonymous: ~ # NO ANONYMOUS ACCESS
access_control:
- { path: ^/admin, role: ROLE_ADMIN }
# anonymous visitors need to be able to get to the logon pages
- { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Could also add "safe" routes like an "about" or "contact us" pages here if you like
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
Related
i created this website and used FOS_user bundle as user Manager, while developing the application everything worked fine, i can log in and register and everything on local machine using wampserver, but when i uploaded it to a hosting server the problem started, i can login on admin.domain on both dev and prod environments but not on www.domain, i get www.domain/login_check and "this page isn't working" any help will be appreciated
security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
# https://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
user_checker: security.user_checker
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
check_path: fos_user_security_check
csrf_token_generator: security.csrf.token_manager
# default_target_path: homepage
# always_use_default_target_path: true
logout:
path: fos_user_security_logout
target: homepage
anonymous: true
http_basic: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/ar/admin/, role: ROLE_ADMIN }
- { path: ^/en/admin/, role: ROLE_ADMIN }
- { path: ^/fr/admin/, role: ROLE_ADMIN }
after 3 days of trying to figure this out and after trying every possible solution turns out it's a server problem, they needed to add permission to access user table from www.domain
I'm using Symfony 3.1 with FOSUserBundle.
I read the docs and integrated FOS in Symfony, here all right, the registration seems to work well and persists the data to the DB, BUT, if I try to login I get redirected again to the login page as an anonymous user.
I checked the Symfony Profiler, and I can see that when it's called the path /login_check (in the profiler) the user result as authenticated, but then after the /login_check phase, when I get redirected, the user is as anonymous...
--
/login_check from profiler:
Property Value
Roles [ROLE_USER]
Inherited Roles none
Token class Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken
--
The sessions seems to exist (dump(app.session)) is not empty, but no stores data of user.
That's my security.yml:
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
login_path: /login
check_path: /login_check
default_target_path: /redirLogIn
# csrf_token_generator: security.csrf.token_manager
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: ^/admin.*, role: ROLE_ADMIN}
# - { path: ^/, role: ROLE_USER}
(I disabled the csrf token due to problems on registration)
(This is an intranet, there is no "homepage", as you open the site you are requested to login)
Why this?
Thanks
I'm not sure I understand the question you are asking, but maybe it's why you are being directed to login when you open the site?
If so, this is why:
default_target_path: /redirLogIn
Change the above to the path (route) you need.
You need to improve the indentation in the file
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
in_memory:
memory: ~
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
# activate different ways to authenticate
# http_basic: ~
# http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate
# form_login: ~
# http://symfony.com/doc/current/cookbook/security/form_login_setup.html
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
# if you are using Symfony < 2.8, use the following config instead:
# csrf_provider: form.csrf_provider
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
I am building a Symfony2 project but I have a problem: I configured the security.yml and routing.yml to create an authentication system. I have 2 bundles: one for admin and one for users. When I try to access to the login page I have a redirect loop.
This is my security.yml file :
security:
encoders:
Symfony\Component\Security\Core\User\User:
algorithm: bcrypt
cost: 12
BackOfficeBundle\Entity\Administrateur:
algorithm: bcrypt
BackOfficeBundle\Entity\Collaborateur:
algorithm: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
administrators:
entity: { class: BackOfficeBundle:Administrateur, property: username }
users:
entity: { class: BackOfficeBundle:Collaborateur, property: email }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
front_login:
pattern: ^/login$
anonymous: true
back_login:
pattern: ^/login$
anonymous: true
back:
pattern: ^/platform
anonymous: true
provider: administrators
form_login:
login_path: /platform/login
check_path: /platform/login_check
default_target_path: /platform
logout:
path: /platform/logout
target: /platform/login
front:
pattern: ^/collaborateur
anonymous: false
provider: users
form_login:
login_path: /collaborateur/login
check_path: /collaborateur/login_check
default_target_path: /collaborateur
logout:
path: /collaborateur/logout
target: /collaborateur/clogin
access_control:
#- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/platform, roles: ROLE_ADMIN }
- { path: ^/collaborateur, roles: ROLE_USER }
And this is the app/config/routing.yml:
front_office:
resource: "#FrontOfficeBundle/Resources/config/routing.yml"
prefix: /collaborateur
back_office:
resource: "#BackOfficeBundle/Resources/config/routing.yml"
prefix: /platform
and the BackOfficeBundle/Resources/config/routing.yml:
login:
pattern: /login
defaults: { _controller: UserBundle:Security:login }
login_check:
pattern: /login_check
logout:
pattern: /logout
You need to describe in the security.yml that the login route are public as follow:
access_control:
- { path: ^/platform/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/collaborateur/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/platform, roles: ROLE_ADMIN }
- { path: ^/collaborateur, roles: ROLE_USER }
Hope this help
Try this:
firewalls:
...
front_login:
pattern: ^/platform/login$
anonymous: true
back_login:
pattern: ^/collaborateur/login$
anonymous: true
...
Your login form is on /platform/login but your anonymous security exceptions are only for /login (which is wrong) and everything under ^/platform is protected. Symfony detects secured area and try to redirect to login path but /platform/login is again in secured area (and again, again, again).
I have a symfony 2 app, with normal members and admin area, but for some reason, i can't get the admin area login part to work. Read all the questions here about the theme and try them but none of them worked for me.
The initial problem i think, is the check route is not behind the firewall, so symfony security not recognise it.
my security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
Symfony\Component\Security\Core\User\User: sha512
firewalls:
alogin:
pattern: ^/admin/login$
security: false
main:
pattern: ^/admin
provider: in_memory
form_login:
check_path: /admin/login_check
login_path: /admin/login
default_target_path: /admin/list
logout:
path: /admin/logout
target: /admin
main:
pattern: ^/(?!admin)
form_login:
provider: fos_userbundle
login_path: /
failure_handler: public.failed_login_handler
success_handler: public.success_login_handler
logout: true
anonymous: true
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
in_memory:
memory:
users:
ryan: { password: ryanpass, roles: 'ROLE_ADMIN' }
role_hierarchy:
ROLE_VIP: ROLE_USER
ROLE_ADMIN: ROLE_VIP
ROLE_SUPER_ADMIN: ROLE_ADMIN
access_control:
- { path: ^/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/.*, role: ROLE_ADMIN }
- { path: ^/admin, role: ROLE_ADMIN }
- { path: ^/.*, role: ROLE_USER }
Without the main firewall, it's working, with it, i got 404 for the /admin/login_check.
Problem that you have 2 firewalls with the same name main. Firewall must be with unique name.
I'm using FOSUserBundle+FOSFacebookBundle and I'm trying to make my login and register page unaccesible after logging in. If the user logged in and is accesing one of these page he should be redirected to page defined in firewall's default_target_path.
The problem is that I don't know how to get default_target_path while inside an controller. I was using
$request->getSession()->get('_security.target_path');
but it returns null.
Here is my security.yml file:
jms_security_extra:
secure_all_services: false
expressions: true
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
chainprovider:
chain:
providers: [ fos_userbundle, fos_facebookbundle]
fos_userbundle:
id: fos_user.user_provider.username
fos_facebookbundle:
id: fos_facebookbundle
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
default_target_path: /
fos_facebook:
app_url: "FB_APP_URL"
server_url: "APP_URL"
login_path: /login
check_path: /login_fb_check
default_target_path: /
provider: fos_facebookbundle
logout: true
anonymous: true
dev:
pattern: ^/(_(profiler|wdt)|css|images|js|font)/
security: false
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
Any ideas?
Thank you.
Set:
firewalls:
main:
pattern: ^/
form_login:
# ...
default_target_path: %target_path%
target_path set in parameters.yml
parameters:
# ...
target_path: /
# ...
and than get value by:
$this->container->getParameter('target_path');
You miss a part in the get:
$request->getSession()->get('_security.main.target_path');