I developped my first site with symfony, so maybe I'm having a really obvious problem.
I had no problem on my local dev server, but since I send it to my live server and using app.php instead of app_dev.php, I am stuck in a redirect loop...
I looked over the internet and it seems that redirect loop are often caused by security.yml.
I'm using FOSUserBundle, maybe this is related ?!
Edit : Since everyone is pointing out the fact I'm using /admin as route for login may be one of the cause of my problem, I changed it to /admin/login but I still have the problem.
Maybe I should clarify some point. The website is in two part :
- a frontend, which can be accessible for everyone
- a backoffice in which you can find some CMS like page and some other stuff..., only accessible by login.
On every page, even when I'm trying to access the homepage, I'm stuck in that loop. I end up with the requested url followed by a bunch of ///////////////////// at the end.
Anyway, here is my new security.yml :
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
#in_memory:
# memory:
# users:
# user: { password: userpass, roles: [ 'ROLE_USER' ] }
# admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
fos_userbundle:
id: fos_user.user_manager
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/admin/login$
anonymous: true
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /admin/login
always_use_default_target_path: true
default_target_path: /admin/menu
logout: ~
anonymous: true
access_control:
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }
routing.yml :
mcr:
resource: "#McrBundle/Controller/"
type: annotation
prefix: /
fos_user_security:
resource: "#FOSUserBundle/Resources/config/routing/security.xml"
fos_user_security_login:
pattern: /admin/login
defaults: { _controller: FOSUserBundle:Security:login }
fos_user_security_check:
pattern: /admin/login_check
defaults: { _controller: FOSUserBundle:Security:check }
Any help will be greatly apreciated :)
Thanks a lot.
It likely has to do with how you have your routes setup;
access_control:
- { path: ^/admin$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
When you try and access /admin internally symfony redirects this to /admin/ and because your AC requires the role admin im guessing you are not logged in and want to be taken to your login page which im also guessing you have on /admin. Thus creating your non ending redirect loop.
I would recommend using /admin/login for your login route. You will need to update you routing.yml and security.yml
I think I found the issue. You need to define a separate firewall for the login path with anonymous access which is not shared with other firewalls:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
website:
pattern: ^/
security: false
anonymous: true
login:
pattern: ^/admin/login$
anonymous: true
main:
pattern: ^/admin
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /admin/login
always_use_default_target_path: true
default_target_path: /admin/menu
logout: ~
anonymous: true
access_control:
- { path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
Related
I'm creating a website with Symfony 2.8 and FOSUserBundle for authentication.
I want the website to be public to anyone, and the back-office (with the prefix /admin) to be accessed after login authentication.
I just keep getting the error:
The check_path "/login_check" for login method "form_login" is not
matched by the firewall pattern "^/admin/(.*)".
My app/config/security.yml looks like:
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
admin:
pattern: ^/admin/(.*)
form_login:
provider: fos_userbundle
login_path: /login
check_path: /login_check
always_use_default_target_path: false
default_target_path: /admin
logout:
path: /logout
target: /login
anonymous: true
main:
anonymous: ~
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
#- { path: ^/login_check, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
I know there's something wrong in the form_login, but I just can't really grasp it...
PS: Similar questions have been asked, but without great answers (or answers that work for me, for that matter).
I think your pattern need to be like that :
admin:
pattern: ^/admin/
I am building a Symfony2 project but I have a problem: I configured the security.yml and routing.yml to create an authentication system. I have 2 bundles: one for admin and one for users. When I try to access to the login page I have a redirect loop.
This is my security.yml file :
security:
encoders:
Symfony\Component\Security\Core\User\User:
algorithm: bcrypt
cost: 12
BackOfficeBundle\Entity\Administrateur:
algorithm: bcrypt
BackOfficeBundle\Entity\Collaborateur:
algorithm: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
administrators:
entity: { class: BackOfficeBundle:Administrateur, property: username }
users:
entity: { class: BackOfficeBundle:Collaborateur, property: email }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
front_login:
pattern: ^/login$
anonymous: true
back_login:
pattern: ^/login$
anonymous: true
back:
pattern: ^/platform
anonymous: true
provider: administrators
form_login:
login_path: /platform/login
check_path: /platform/login_check
default_target_path: /platform
logout:
path: /platform/logout
target: /platform/login
front:
pattern: ^/collaborateur
anonymous: false
provider: users
form_login:
login_path: /collaborateur/login
check_path: /collaborateur/login_check
default_target_path: /collaborateur
logout:
path: /collaborateur/logout
target: /collaborateur/clogin
access_control:
#- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/platform, roles: ROLE_ADMIN }
- { path: ^/collaborateur, roles: ROLE_USER }
And this is the app/config/routing.yml:
front_office:
resource: "#FrontOfficeBundle/Resources/config/routing.yml"
prefix: /collaborateur
back_office:
resource: "#BackOfficeBundle/Resources/config/routing.yml"
prefix: /platform
and the BackOfficeBundle/Resources/config/routing.yml:
login:
pattern: /login
defaults: { _controller: UserBundle:Security:login }
login_check:
pattern: /login_check
logout:
pattern: /logout
You need to describe in the security.yml that the login route are public as follow:
access_control:
- { path: ^/platform/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/collaborateur/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/platform, roles: ROLE_ADMIN }
- { path: ^/collaborateur, roles: ROLE_USER }
Hope this help
Try this:
firewalls:
...
front_login:
pattern: ^/platform/login$
anonymous: true
back_login:
pattern: ^/collaborateur/login$
anonymous: true
...
Your login form is on /platform/login but your anonymous security exceptions are only for /login (which is wrong) and everything under ^/platform is protected. Symfony detects secured area and try to redirect to login path but /platform/login is again in secured area (and again, again, again).
I know this is a common problem. And several questions on this topic have been posted. I have tried all those solutions recommended in those questions, but none worked.
I found that this problem occurs if I put my form_login behind a firewall. But I'm not having any extra layer in firewall so the path should be simple as described in documentation.
My security.yml
# app/config/security.yml
security:
encoders:
Joy\JoyBundle\Entity\User:
algorithm: sha512
encode_as_base64: true
iterations: 1
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
administrators:
entity: { class: JoyBundle:User, property: username }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/login
security: false
secured_area:
pattern: ^/
anonymous: ~
form_login:
login_path: login
check_path: login_check
logout:
path: /logout
target: /login
access_control:
- { path: ^/signup, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_ADMIN }
My routing.yml in app/config
# app/config/routing.yml
login:
path: /login
defaults: { _controller: JoyBundle:Security:login }
login_check:
path: /login_check
joy_hello:
resource: "#JoyBundle/Resources/config/routing.yml"
prefix: /
So I'm performing login check while accessing app_dev.php/ But it's showing that error after pressing submit in login form.
Unable to find the controller for path "/login_check". Maybe you
forgot to add the matching route in your routing configuration? 404
Not Found - NotFoundHttpException
I tried
login_path: /login
check_path: /login_check
Didn't work. What I'm missing ?? Please help.....
The route login_check is not behind the firewall because the login_check route pattern matches the login firewall which has no security.
login:
pattern: ^/login # This matches /login_check
security: false
Solution 1: Change this to
login:
pattern: ^/login$
security: false
Solution 2: Remove the login firewall altogether and add this rule to access_control
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
In security.yml try setting the provider at the secured_area section:
secured_area:
provider: administrators
pattern: ^/
anonymous: ~
I've got a wired problem with the symfony 2 security component. Due to the fact that the {{ app.user }} object is only available within the secured area, I set the firewall pattern to ^/. Now I want to "unsecured" some pages, like registration. I've tried this by using access_control but it doesn't work.
Here is my security.yml
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/account/login$
security: false
account_area:
pattern: ^/
form_login:
check_path: /account/login_check
login_path: /account/login
default_target_path: /account
remember_me:
key: blaBlubKey
lifetime: 3600
path: /
domain: ~
logout:
path: /account/logout
target: /
access_control:
#works
- { path: ^/backend, roles: ROLE_USER }
#works not
- { path: ^/registration, roles: IS_AUTHENTICATED_ANONYMOUSLY }
Thanks in advance!
Worth mentioning is that the best practice here is to use only one firewall with access_control for login page. Why? What would You do if the logged user tries to access the /login page? You won't be able to check in controller if he is authenticated and redirect him, because the user will be authenticated to your main firewall, but not to the login firewall, as they are separate security systems.
Here is the security.yml that works great for me:
security:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: true
anonymous: ~
secured_area:
pattern: ^/
anonymous: ~
form_login:
login_path: /login
check_path: /login_check
always_use_default_target_path: true
default_target_path: /
logout:
path: /logout
target: /
providers:
main:
entity: { class: Core\UserBundle\Entity\User, property: username }
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_SUPERADMIN }
- { path: ^/user, roles: ROLE_USER }
- { path: ^/, roles: IS_AUTHENTICATED_FULLY }
USe anynymous directive in account_area:
account_area:
pattern: ^/
anonymous: ~
I'm working on a project with Symfony2 where you must be logged to be able to see the website. I am using FOSUserBundle to create the member area. Here is the idea : if an anonymous comes to the website, I systematically redirect to the login page.
Here is my security.yml :
providers:
fos_userbundle:
id: fos_user.user_manager
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
realm: "Acces reserve"
login:
pattern: ^/(login$|register|resetting)
anonymous: true
main:
pattern: ^/
form_login:
provider: fos_userbundle
remember_me: true
remember_me:
key: %secret%
anonymous: true
logout: true
access_control:
- { path: ^/backoffice, roles: ROLE_ADMIN }
- { path: ^/, roles: ROLE_USER }
I think there is no reason for it not to work ; here is the problem now. I observed that I'm not logged the same in /login and in others areas. For example, if I log myself then I'm the user named "admin" with role "ROLE_USER" on the website BUT if I go then to /login, I'm logged as "anon" with no role at all.
Same problem but more boring: when a new user register, he's log on the /login page but not on the other pages... So he's always redirect to /login and the logout doesn't change anything. :/
Do you have an idea ?
Thanks !
P.S. : Is it possible to manually clean all sessions in Symfony2 ? 'cause I would like to be able to try other things but in Chrome I just can't do anything for now... I tryed clear the browser cache and cookies, clear Symfony cache, etc... Nothing changes, I'm still logged as "admin" on the /login page -_-
The thing is you specified the fos_userbundle provider only for main firewall, not for login and dev firewalls. So fos_userbundle isn't used for /login page at all.
The documentation says you should use this config:
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
remember_me: true
remember_me:
key: %secret%
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/backoffice, roles: ROLE_ADMIN }
- { path: ^/, roles: ROLE_USER }