I'm working on Symfony5.
I want, in some cases, to logout the user, redirecting him to the login page and displaying on this page the reasons why he has been logged out.
To achieve that, I use a classic "logout" redirect route, which then automatically redirect to the login page.
I tried to put data in the user's session, but the session is cleared on logout so it's empty when it get to the login page.
Here is an extract of my controller function launching the logout process :
//... some code to put data in the session
return $this->redirectToRoute('app_logout');
And an extract of my security.yml :
main:
anonymous: true
lazy: true
provider: app_user_provider
logout:
path: app_logout
target: app_login
guard:
authenticators:
- App\Security\LoginFormAuthenticator
Do you have any idea how I can do this ? Ideally it would be forcing Symfony to let the data in the session but maybe there are some other ways.
Thanks in advance.
Related
I have a site with multiple subdomains. I would like to log users that have certain rights to one of the sub domain only when he's already authenticated on the 'main' site. Let's say that my main domain is www.domain.com, i have sub1.domain.com, sub2.domain.com, sub3.domain.com.
When a user is authenticated on domain.com, i would like to be able to redirect him to sub2.domain.com without asking him to re-authenticate. But it should not be authenticate to sub1.domain.com or sub3.domain.com.
I have read about setting the cookie_domain in the config.xml but in this case the user will be logged for all subdomains.
Is that possible ?
Thanks !
Edit for more info
I'm working with Symfony 2.7 and i have tried both solution in the security.yml : one main shared firewall and one per sub domain (See below).
But i have not configured the session cookie_domain in config.yml to '.domain.com' as i don't want to log the user in all the subdomains.
firewalls:
main:
pattern: ^/
host: %main_domain%
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout:
path: /logout
target: /login
anonymous: true
context: main_context
sub1:
pattern: ^/
host: %sub1_domain%
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout:
path: /logout
target: /login
anonymous: true
context: main_context
sub2:
pattern: ^/
host: %sub2_domain%
....
It is possible in multiple ways. Since you log in in your main domain, you need some way to specify which user has access to which sub domain. Using different roles seems like a reasonable approach for this. So, for example a user who has access to subdomain1 will also have a role like ROLE_USER_SUB1.
With this set up, you can modify your security.yaml and use the access_control settings to restrict access to certain roles based on the domain, using additional matching options
security:
access_control:
...
- { path: ^/, roles: ROLE_USER_SUB1, host: sub1\..* }
- { path: ^/, roles: ROLE_USER_SUB2, host: sub2\..* }
You might have to tweak this to your needs and you also have to be careful to have the correct ordering of the routes, as the first matching rule will be used.
Another possible solution is to use a simple event listener that is triggered on each request at the kernel.request (be careful to check the priority, as you probably need to put your listener after the firewall listener) or kernel.controller event and then use the access decision manager or Symfony\Component\Security\Core\Security to check whether the user is (a) logged in and (b) has the correct role set, see https://symfony.com/doc/current/security/securing_services.html
I have a project where I log in with the auth and from time to time it's an error and it is not possible to connect. And I would have something to show me this error, so I can do the treatment and return a message to the User.
When he does not connect it automaiticamente back to the root, and that this ta treaty on security:
oauth:
resource_owners:
facebook: "/security/login/check-facebook"
google: "/security/login/check-google"
linkedin: "/security/login/check-linkedin"
login_path: /
failure_path: /
default_target_path: /security/connected
check_path: /security/login_check
oauth_user_provider:
service: web_key_user_provider
Mainly to get treatment when the authentication page facebook or google me return one bad_request = 400
as I would for the Routa to put in failure_path, to catch because it failed?
You have to implement an EventListener which is called when the onAuthenticationFailure event is fired, and set it as failure_handler in your HWIOAuth configuration.
See this great answer on another similar issue :
How to disable redirection after login_check in Symfony 2
Hopes this helps you.
How can I redirect automaticaly an user when it enters a restricted page to /register-as-guest?
My wrong solution: in security.yml I set
firewalls:
default:
form_login:
login_path: /register-as-guest
This works, but when user enters wrong credentials at login it is redirected to /register-as-guest ( login_path ) but should be redirected to /login.
You're on the right track :)
Just a little more configuration is needed, as you can see in the docs
If you want explicit behavior to happen on login success/failure, you should use these config settings under the firewall:
firewall:
default:
...
form_login:
...
# login success redirecting options
always_use_default_target_path: false
default_target_path: / # use this if you want a standard page to be shown on login success
target_path_parameter: _target_path
use_referer: false # set this to true to redirect back to the previously attempted page
# login failure redirecting options
failure_path: /foo
failure_forward: false # this is what you need
failure_path_parameter: _failure_path
failure_handler: some.service.id
success_handler: some.service.id
Hope this helps :)
Just use the FOSUserBundle, everything you need is included there then you don't have to implement it on your own, also it is very well documented it is very is to integrate into a project
i am new to symfony so i need your help. I got a problem with my my security. yml. I tried to make a little application which stores some data in my database and shows them on my homepage. It works really fine but changing the route from routing.yml:
addlink:
path: /addlink
defaults: { _controller: ExerciseLinkBundle:Exercise:addLink }
to
addlink:
path: /secured_area/addlink
defaults: { _controller: ExerciseLinkBundle:Exercise:addLink }
causes a redirect to my login site. As you see below i obviously really dont know what i am doing in the security.yml. Please tell me how to redirect to my 'addlink' route. As I mentioned it works fine using the first route so the controller/template has to be ok.
login_firewall:
pattern: ^/secured_area/login$
anonymous: ~
exercise:
pattern: ^/secured_area
form_login:
csrf_provider: form.csrf_provider
login_path: /secured_area/login
check_path: /secured_area/login_check
always_use_default_target_path: true
default_target_path: /secured_area/addlink
logout:
path: /secured_area/logout
target: /
And Please dont tell me about FOSUserBundle meanwhile i'ld use this but this one has to be finished first :). So please help me out of there.
Your firewall in security.yml is configured to protect every URL that begins with ^/secured_area. That means that if someone tries to access a URL like http://yoursite.dev/secured_area/addlink, the firewall would intercept this and make sure that the user is authorized to view that page. The reason it redirects to your login is because a user must be authenticated before the firewall can determine if the user is authorized to view the page. Once you sign in with an authorized user, you will be redirected to the initial page (/secured_area/addlink). And it looks like you are securing the /login_check URL, which means you will never be able to login.
I think there is a less confusing way to create your firewall. Try something like this:
firewalls:
exercise:
pattern: ^/
form_login:
csrf_provider: form.csrf_provider
login_path: /login
check_path: /login_check ### there is not reason to secure this URL
always_use_default_target_path: true
default_target_path: /secured_area/addlink
logout:
path: /secured_area/logout
target: /
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/secured_area, role: IS_AUTHENTICATED_REMEMBERED }
- { path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }
This will have a similar effect, but is cleaner and easier to see what is happening. First, with this approach you can still have some public pages if you wish. Second, your 'login_check' doesn't require authentication (which I think is part of the main problem you are seeing). Finally, with this configuration your whole site will go through this firewall. That doesn't mean your whole site will be password protected, it just means that you can specify (in the access_control part of security.yml) exactly which pages are viewable by unauthenticated users and which are viewable by authenticated users.
For more information on protecting your site, read the Authorization section of the Symfony security docs It has lots of good information.
I have added this option in security.yml, under firewall settings :
use_referer: true
Now, I have created a link which is used for email confirmation. When I am in development mode, if i click on the link and not logged in to the application, I got to the login page and then after login the I go to email confirmation link. But in production mode this is not working after login It is redirecting me too the default target path.
Here is security.yml :
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
my-login:
login_path: /
check_path: /login_check
default_target_path: /default_root
provider: my_provide
use_referer: true
EDIT : some more information
I have created exception listener, which checks the response and redirects user to login page if he/she is not authenticated. Previously it was working only in production mode, i made it working in dev mode and now referer is not working in dev mode too.
Is there any way that I can by pass exception listener for this particular route.?
I found the answer myself.. :)
I just skipped that particular path from checking in exception listener.
$path = $event->getRequest()->getPathInfo();
if($this->container->get('security.context')->isGranted('IS_AUTHENTICATED_FULLY') == false) {
if($path == "my/path") {
// simply redirect to login page without clearing session and cookies
} else {
// clear session and redirect to login page so that referer does not contain any data
}
}