I am new to the FriendsOfSymfony UserBundle and everything has been going well until I try to have a user logout. The login works perfectly and I am using the basic configuration that I have seen on many sites. I only have 2 users that need to login. The problem occurs when the user clicks on the logout URL. In this case /logout. I receve a generic server error in the browser and the error_log shows "Premature end of script headers: app_dev.php". If I hit refresh on the error page it goes back to my home page and I am logged out successfully.
Here is my firewall section in security.yml:
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
check_path: fos_user_security_check
csrf_provider: form.csrf_provider
logout: true
anonymous: true
Here is the access_control section of security.yml:
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel:https }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/logout, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
Here is the fos_user section in config.yml
fos_user:
db_driver: orm
firewall_name: main
user_class: Wielding\BassBundle\Entity\User
I am generating the logout url in my twig form with:
logout
If I am not logged into the site and I go manually to the logout url I get redirected back to the default index page without any error. If I am logged in and manually type in the logout url I get the server error. I have tried so many variations of config changes I can't even list them here. They all failed.
I even tried to write my own logout by invalidating the session in the controller and that generates the same error.
My only clue so far is an entry in dev.log:
[2013-07-27 14:51:26] request.CRITICAL: Uncaught PHP Exception Symfony\Component\Debug\Exception\ContextErrorException: "Warning: SessionHandler::write(): Parent session handler is not open in /home/dev2/app/cache/dev/classes.php line 407" at /home/dev2/app/cache/dev/classes.php line 407 {"exception":"[object] (Symfony\\Component\\Debug\\Exception\\ContextErrorException: Warning: SessionHandler::write(): Parent session handler is not open in /home/dev2/app/cache/dev/classes.php line 407 at /home/dev2/app/cache/dev/classes.php:407)"} []
Searching on this initially indicated that this was not something to worry about but I am out of other ideas. This is my final task in getting security working and its freaking me out.
I will gladly provide any other information needed to help solve this really annoying problem. Thanks in advance for any assistance.
It's error of PHP. You need to upgrade php to minium 5.4.11.
Reference:
https://github.com/symfony/symfony/issues/5868
Related
I am using Symfony 4.1.
I am trying to allow/deny a route according the "dev"/"prod" environment.
I tried to define distinct security configuration files per environment but I am not allow. The following message is displayed loading the Symfony cache :
Configuration path "security.access_control" cannot be overwritten. You have to define all options for this path, and any of its sub-paths in one configuration section.
Here my security section :
security:
access_control:
- { path: '^/$' , roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '^/ping$' , roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '^/docs\.json$' , roles: IS_AUTHENTICATED_ANONYMOUSLY }
I want to allow (without authentication) the docs.json route in dev environment and restrict (with authentication) the docs.json route in prod environment.
Any ideas on how to do that?
With the Symfony ExpressionLanguage component, you can try to add condition: "'%kernel.environment%' === 'dev'" In annotations or whatever you are using to define your route.
The security.firewalls.dev: configuration is used in every Symfony environment (dev,test,prod)!
In Symfony 4, to achieve making some routes available in just some environments, you could do something like this:
Setup:
config/packages/security.yaml:
parameters:
# Adds a fallback SECURITY_DEV_PATTERN if the env var is not set.
env(SECURITY_DEV_PATTERN): '^/(_(profiler|wdt)|css|images|js)/'
security:
firewalls:
dev:
pattern: '%env(SECURITY_DEV_PATTERN)%'
security: false
Override per Symfony environment:
create a new file config/packages/dev/parameters.yaml:
parameters:
env(SECURITY_DEV_PATTERN): '^/(_(profiler|wdt)|css|images|js)/|^/docs'
Now /docs is only available without firewall in the Symfony dev environment
Override using environment variables:
You could also override SECURITY_DEV_PATTERN in the .env file:
SECURITY_DEV_PATTERN=^/(_(profiler|wdt)|css|images|js)/|^/docs
This only works if you don't include the .env in your production environment, or if you specifically override the SECURITY_DEV_PATTERN environment variable there as well.
So I solve the issue by setting-up the dev firewall and updating the pattern to bypass the security.
security:
access_control:
- { path: '^/$' , roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '^/ping$' , roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '^/docs\.json$' , roles: IS_AUTHENTICATED_ANONYMOUSLY }
firewalls:
dev:
pattern: '^/(_(profiler|wdt)|css|images|js|docs)/'
security: false
I'm trying to implement ACL to restric comments on FOSCommentBundle to users role.
I followed step by step the Bundles Doc but shows me an error:
The definition for "acl" has no class.
Thats my app/config/config.yml
fos_comment:
db_driver: orm
class:
model:
comment: BackEndBundle\Entity\Comment
thread: BackEndBundle\Entity\Thread
vote: BackEndBundle\Entity\Vote
acl: true
service:
acl:
thread: fos_comment.acl.thread.roles
comment: fos_comment.acl.comment.roles
vote: fos_comment.acl.vote.roles
manager:
thread: fos_comment.manager.thread.acl
comment: fos_comment.manager.comment.acl
vote: fos_comment.manager.vote.acl
acl_roles:
comment:
create: IS_AUTHENTICATED_ANONYMOUSLY
view: IS_AUTHENTICATED_ANONYMOUSLY
edit: ROLE_ADMIN
delete: ROLE_ADMIN
thread:
create: IS_AUTHENTICATED_ANONYMOUSLY
view: IS_AUTHENTICATED_ANONYMOUSLY
edit: ROLE_ADMIN
delete: ROLE_ADMIN
vote:
create: IS_AUTHENTICATED_ANONYMOUSLY
view: IS_AUTHENTICATED_ANONYMOUSLY
edit: ROLE_ADMIN
delete: ROLE_ADMIN
assetic:
bundles: [ "FOSCommentBundle" ]
I thought that symfony3 didn't have the ACL installed so i tried to with commands but gives me the same error "The definition for "acl" has no class".
Thats my app/config/services.yml
parameters:
services:
acl:
connection: default
You don't have to add ACL configuration to app/config/services.yml. The bundle, FOSCommentBundle in this case, has its own config file for services.
Just install the bundle via Composer and add the bundle into AppKernel.php
$bundles = [
...
new FOS\CommentBundle\FOSCommentBundle(),
...
If you have done all above, just remove the acl: connection: default from app/config/services.yml and it should work. You can check if there are FOSCommentBundle services available by bin\console debug:container fos_comment.
I have this odd problem with my symfony add (installed locally)
It was working fine for the past some time, but since yesterday, when I was working on login/logout and a session variable, the load time has inscresed by a great amound
Previously, even prior to the image optimization the load time was approx. 500ms.
Now it's showing me a 1298ms init time, from which 800ms comes from initialization, and according to the Profiler 400ms comes purely from the RouterListener
The side this params are for is around 30mb
Here is the profiler:
The problems started around when I added a change to a session variable in my index controller:
$session = $request->getSession();
$session->set('voted', true);
And later checked it in the twig with:
{% if app.session.get('voted') %}...
The delay happens on all sites, even ones without any session variables
Here are my config files just in case:
routing.yml
app:
resource: "#AppBundle/Controller/"
type: annotation
oneup_uploader:
resource: .
type: uploader
_liip_imagine:
resource: "#LiipImagineBundle/Resources/config/routing.xml"
logout:
path: /logout
security.yml
# To get started with security, check out the documentation:
# http://symfony.com/doc/current/security.html
security:
# http://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded
providers:
in_memory:
memory:
users:
admin:
password: kitten
roles: 'ROLE_ADMIN'
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: ~
form_login:
login_path: login
check_path: login
# activate different ways to authenticate
# http://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
# form_login: ~
# http://symfony.com/doc/current/cookbook/security/form_login_setup.html
#secured_area:
logout:
path: /logout
target: /
access_control:
# require ROLE_ADMIN for /admin*
- { path: ^/admin, roles: ROLE_ADMIN }
encoders:
Symfony\Component\Security\Core\User\User: plaintext
And also the security controller. The issue started happening somewhere arount addin the contoller, and the session varialbe
<?php
namespace AppBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
class SecurityController extends Controller
{
/**
* #Route("/login", name="login")
*/
public function loginAction(Request $request)
{
$authenticationUtils = $this->get('security.authentication_utils');
$error = $authenticationUtils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('security/login.html.twig', array(
'last_username' => $lastUsername,
'error' => $error,
));
}
}
I really am not sure what else to post here so if more files are needed just tell me.
Has anyone else came across such issue?
How can I fix it?
EDIT: This is Symfony 3.2.4
UPDATE The website suddently started normally.
Was working on a 404 page, and when I reload it it drops back to 500ms.
The profiler now looks like this:
I'm not closing the question, because I yet don't know why would such a change occur suddently
I wanted to try the new LDAP component in Symfony 2.8 and started to play with it few days ago. However I don't really get it and have problems to authenticate the users. I have followed this article:
http://symfony.com/blog/new-in-symfony-2-8-ldap-component
Here are my configuration files:
# app/config/services.yml
services:
app.ldap:
class: Symfony\Component\Ldap\LdapClient
arguments: ["ldaps://ldap.uni-rostock.de"]
and:
# app/config/security.yml
security:
providers:
# in_memory:
# memory: ~
app_users:
ldap:
service: app.ldap
base_dn: ou=people,o=uni-rostock,c=de
search_dn: uid=tester,ou=people,o=uni-rostock,c=de
search_password: testpass
#filter: (sAMAccountName={username})
filter: (uid={username})
default_roles: ROLE_USER
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
admin:
provider: app_users
stateless: true
pattern: ^/admin
http_basic_ldap:
service: app.ldap
dn_string: "{username}"
Here is a guide (only in German, but the essential part is the code) to connecting to the server:
http://www.itmz.uni-rostock.de/en/software/windows/universitaetsweite-dienste/ldap-authentifizierungsserver/
When I run the server like this: php app/console server:run -vvv and open http://localhost:8000/admin I'm prompted to enter the credentials. Unfortunately I'm not passing through even though I tried many times and I'm very sure I didn't make a typo. In the console there is only this relevant line:
[Fri Mar 11 08:39:32 2016] 127.0.0.1:36632 [401]: /admin
I'm unauthorized (401) and prompted again to enter the credentials.
Am I maybe missing something? I have tried many different combinations, put the values in quotes, tried to add:
access_control:
- { path: ^/admin, roles: ROLE_USER }
to the security.yml, but it didn't help.
There is also another question with somewhat similar problematic:
LDAP Authentication with Symfony 2.8
but I couldn't really move further.
Does someone maybe have an idea what else could I try?
Just for reference, adding this in as the answer:
The issue would be dn_string: "{username}". Unless you're typing a full DN when prompted for a username/password, this will not work. For example, if all your users are in a common OU/container you could make it something like: dn_string: uid={username},ou=people,o=uni-rostock,c=de.
Glad this fixed it!
Hopefully I'm missing something here.
The following security.yml file works without issue in Symfony 2.3. However, upgrading to Symfony 2.8 throws this error:
Argument 2 passed to Symfony\Component\Security\Core\Authentication\Provider\DaoAuthenticationProvider::__construct() must be an instance of Symfony\Component\Security\Core\User\UserCheckerInterface
I've tested this on a fresh install of Symfony 2.8.2 and 2.3, having only changed the security.yml file.
security.yml
security:
providers:
my_in_memory_provider:
memory:
users:
foo:
password: foo
roles: ROLE_USER
bar:
password: bar
roles: [ROLE_USER, ROLE_ADMIN]
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
api:
pattern: ^/api
http_digest:
key: %secret%
anonymous: false
I've checked the upgrade path from 2.3 to 2.8 and nothing has jumped out at me as obviously being the problem. However searching online for the issue hasn't brought up much so I'm guessing I've missed something?
Eventually found out this was a bug in Symfony 2.8.
Fixed here https://github.com/symfony/symfony/pull/17559