I'm working on a project with Symfony2 where you must be logged to be able to see the website. I am using FOSUserBundle to create the member area. Here is the idea : if an anonymous comes to the website, I systematically redirect to the login page.
Here is my security.yml :
providers:
fos_userbundle:
id: fos_user.user_manager
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
realm: "Acces reserve"
login:
pattern: ^/(login$|register|resetting)
anonymous: true
main:
pattern: ^/
form_login:
provider: fos_userbundle
remember_me: true
remember_me:
key: %secret%
anonymous: true
logout: true
access_control:
- { path: ^/backoffice, roles: ROLE_ADMIN }
- { path: ^/, roles: ROLE_USER }
I think there is no reason for it not to work ; here is the problem now. I observed that I'm not logged the same in /login and in others areas. For example, if I log myself then I'm the user named "admin" with role "ROLE_USER" on the website BUT if I go then to /login, I'm logged as "anon" with no role at all.
Same problem but more boring: when a new user register, he's log on the /login page but not on the other pages... So he's always redirect to /login and the logout doesn't change anything. :/
Do you have an idea ?
Thanks !
P.S. : Is it possible to manually clean all sessions in Symfony2 ? 'cause I would like to be able to try other things but in Chrome I just can't do anything for now... I tryed clear the browser cache and cookies, clear Symfony cache, etc... Nothing changes, I'm still logged as "admin" on the /login page -_-
The thing is you specified the fos_userbundle provider only for main firewall, not for login and dev firewalls. So fos_userbundle isn't used for /login page at all.
The documentation says you should use this config:
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
remember_me: true
remember_me:
key: %secret%
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/backoffice, roles: ROLE_ADMIN }
- { path: ^/, roles: ROLE_USER }
Related
I've been having an issue with Symfony 3.3.9. Sometimes, not always, when a user logs in with the correct username and password, it redirects to the main page like it should, but then back to the login page.
I know the user is logged in because I can grab the user's information with twig from the login page.
It is really strange, because this doesn't happen all the time. It seems random and difficult to reproduce.
I've been looking into this issue for days and can't figure out why this is happening. Looking for some suggestions.
Thanks.
Edit-1 added code
Edit-2
When I get redirected to the login, I've tried typing the main page url to manually go there. This doesn't work, even though I am logged in. If I wait a minute or so however, this does work.
I'm using the FOS user bundle
here's my config.yml
# fos bundle
fos_user:
db_driver: orm
firewall_name: main
user_class: Acme\Entity\User
here's my security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_EMPLOYEE: [ROLE_USER]
ROLE_MANAGER: [ROLE_EMPLOYEE]
ROLE_ADMIN: [ROLE_MANAGER]
ROLE_SUPER_ADMIN: [ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH]
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
always_use_default_target_path: true
default_target_path: after_login
# if you are using Symfony < 2.8, use the following config instead:
# csrf_provider: form.csrf_provider
logout: true
anonymous: true
switch_user: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/administration/roe, role: ROLE_ADMIN }
- { path: ^/administration/generateaccessemployees, role: ROLE_ADMIN }
- { path: ^/administration/location, role: ROLE_ADMIN }
- { path: ^/administration/payroll/closepp, role: ROLE_ADMIN }
- { path: ^/administration/t4, role: ROLE_ADMIN }
- { path: ^/administration/eft, role: ROLE_ADMIN }
- { path: ^/administration/stubmessage, role: ROLE_ADMIN }
- { path: ^/administration/payroll_reminder, role: ROLE_ADMIN }
- { path: ^/administration, role: ROLE_MANAGER }
- { path: ^/admin/exit_impersonation, role: ROLE_PREVIOUS_ADMIN }
- { path: ^/admin, role: ROLE_SUPER_ADMIN }
In my login_content.html.twig, I'm able to see:
{{ app.user.username }}
Definitely would need to see some code, more specifically to help get to the root of the problem whatever function is run on login.
EDIT:
In the security.yml you can specify a login_path, in example:
my_firewall:
pattern: ^/(secured_area)/
provider: my_provider
anonymous: ~
form_login:
login_path: my_login_path
default_target_path: /dashboard
And in the routing.yml you can map the route as:
my_login_path:
pattern: /my/relative/url/for/login
defaults: { _controller: MySecurityBundle:Security:login }
then you can use an a normal route, in you specific case:
return $this->forward($this->generateUrl('my_login_path'));
The only reason I suggest this is because default routing after login is causing issues for you.
I have a problem concerning identification, authentication and redirection on Symfony2 (v2.8.9).
I installed HWIOAuthBundle in order to use the Google Sign-in and based on a User Bundle handmade. The website is completely closed to anonymous users and you need to login to use it.
My problem is that in order to access a precise URL given by someone, and land on it after you logged in via the login page, I set in the app/config/config.yml the use_referer to true.
Since then, when someone goes directly to the /login page, once he's authenticated, he's taken back to the /login page instead of being re-directed on the private homepage of the website (/hub defined by the route rnd_hub_homepage). He's taken there properly identified and authenticated but I wish he shouldn't land there but on the /hub page.
If I set the line always_use_default_target_path to true in app/config/security.yml, then the use_referer is no longer taken into account for others URLs...
Here is my extract for the file app/config/security.yml:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/login$
anonymous: true
main:
pattern: ^/
anonymous: true
#logout: true
logout:
path: /logout
target: /login
oauth:
resource_owners:
google: "/login/check-google"
login_path: /login
always_use_default_target_path: false
failure_path: /login
oauth_user_provider:
service: ib_user.oauth_user_provider
access_control:
- { path: ^/hub, roles: IS_AUTHENTICATED_FULLY }
- { path: ^/user, roles: ROLE_USER }
- { path: ^/XXX, roles: ROLE_XXX }
- { path: ^/YYY, roles: ROLE_YYY }
- { path: ^/ZZZ, roles: ROLE_ZZZ }
- { path: ^/AAA, roles: ROLE_AAA }
- { path: ^/BBB, roles: ROLE_BBB }
- { path: ^/DDD, roles: ROLE_DDD }
- { path: ^/EEE, roles: ROLE_EEE }
- { path: ^/admin, roles: ROLE_ADMIN }
And here is the extract of my app/config/config.yml file:
hwi_oauth:
firewall_names: [main]
target_path_parameter: rnd_hub_homepage
use_referer: true
resource_owners:
google:
type: google
#etc....
Thank you in advance for your various inputs on this question...
(sorry for my english, I'm french born)
I think you have defined 2 times logout configuration. Try to remove:
logout: true
I'm creating a website with Symfony 2.8 and FOSUserBundle for authentication.
I want the website to be public to anyone, and the back-office (with the prefix /admin) to be accessed after login authentication.
I just keep getting the error:
The check_path "/login_check" for login method "form_login" is not
matched by the firewall pattern "^/admin/(.*)".
My app/config/security.yml looks like:
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
admin:
pattern: ^/admin/(.*)
form_login:
provider: fos_userbundle
login_path: /login
check_path: /login_check
always_use_default_target_path: false
default_target_path: /admin
logout:
path: /logout
target: /login
anonymous: true
main:
anonymous: ~
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
#- { path: ^/login_check, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
I know there's something wrong in the form_login, but I just can't really grasp it...
PS: Similar questions have been asked, but without great answers (or answers that work for me, for that matter).
I think your pattern need to be like that :
admin:
pattern: ^/admin/
I developped my first site with symfony, so maybe I'm having a really obvious problem.
I had no problem on my local dev server, but since I send it to my live server and using app.php instead of app_dev.php, I am stuck in a redirect loop...
I looked over the internet and it seems that redirect loop are often caused by security.yml.
I'm using FOSUserBundle, maybe this is related ?!
Edit : Since everyone is pointing out the fact I'm using /admin as route for login may be one of the cause of my problem, I changed it to /admin/login but I still have the problem.
Maybe I should clarify some point. The website is in two part :
- a frontend, which can be accessible for everyone
- a backoffice in which you can find some CMS like page and some other stuff..., only accessible by login.
On every page, even when I'm trying to access the homepage, I'm stuck in that loop. I end up with the requested url followed by a bunch of ///////////////////// at the end.
Anyway, here is my new security.yml :
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
#in_memory:
# memory:
# users:
# user: { password: userpass, roles: [ 'ROLE_USER' ] }
# admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
fos_userbundle:
id: fos_user.user_manager
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/admin/login$
anonymous: true
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /admin/login
always_use_default_target_path: true
default_target_path: /admin/menu
logout: ~
anonymous: true
access_control:
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }
routing.yml :
mcr:
resource: "#McrBundle/Controller/"
type: annotation
prefix: /
fos_user_security:
resource: "#FOSUserBundle/Resources/config/routing/security.xml"
fos_user_security_login:
pattern: /admin/login
defaults: { _controller: FOSUserBundle:Security:login }
fos_user_security_check:
pattern: /admin/login_check
defaults: { _controller: FOSUserBundle:Security:check }
Any help will be greatly apreciated :)
Thanks a lot.
It likely has to do with how you have your routes setup;
access_control:
- { path: ^/admin$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
When you try and access /admin internally symfony redirects this to /admin/ and because your AC requires the role admin im guessing you are not logged in and want to be taken to your login page which im also guessing you have on /admin. Thus creating your non ending redirect loop.
I would recommend using /admin/login for your login route. You will need to update you routing.yml and security.yml
I think I found the issue. You need to define a separate firewall for the login path with anonymous access which is not shared with other firewalls:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
website:
pattern: ^/
security: false
anonymous: true
login:
pattern: ^/admin/login$
anonymous: true
main:
pattern: ^/admin
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /admin/login
always_use_default_target_path: true
default_target_path: /admin/menu
logout: ~
anonymous: true
access_control:
- { path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
I've got a wired problem with the symfony 2 security component. Due to the fact that the {{ app.user }} object is only available within the secured area, I set the firewall pattern to ^/. Now I want to "unsecured" some pages, like registration. I've tried this by using access_control but it doesn't work.
Here is my security.yml
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/account/login$
security: false
account_area:
pattern: ^/
form_login:
check_path: /account/login_check
login_path: /account/login
default_target_path: /account
remember_me:
key: blaBlubKey
lifetime: 3600
path: /
domain: ~
logout:
path: /account/logout
target: /
access_control:
#works
- { path: ^/backend, roles: ROLE_USER }
#works not
- { path: ^/registration, roles: IS_AUTHENTICATED_ANONYMOUSLY }
Thanks in advance!
Worth mentioning is that the best practice here is to use only one firewall with access_control for login page. Why? What would You do if the logged user tries to access the /login page? You won't be able to check in controller if he is authenticated and redirect him, because the user will be authenticated to your main firewall, but not to the login firewall, as they are separate security systems.
Here is the security.yml that works great for me:
security:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: true
anonymous: ~
secured_area:
pattern: ^/
anonymous: ~
form_login:
login_path: /login
check_path: /login_check
always_use_default_target_path: true
default_target_path: /
logout:
path: /logout
target: /
providers:
main:
entity: { class: Core\UserBundle\Entity\User, property: username }
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_SUPERADMIN }
- { path: ^/user, roles: ROLE_USER }
- { path: ^/, roles: IS_AUTHENTICATED_FULLY }
USe anynymous directive in account_area:
account_area:
pattern: ^/
anonymous: ~