Develop Reference

how to set routing prefix for dosuserbundle and hwiauthbundle (ERR_TOO_MANY_REDIRECTS)

i am working with an application build with Symfony3.4 using fosuserbundle and HWIOAuthBundle everything was working fine but when i tried tu use prefixes for the routing i am getting an ERR_TOO_MANY_REDIRECTS error when trying to log in
Security.yml:
firewalls:
main:
pattern: ^/
provider: chain_provider
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
check_path: fos_user_security_check
login_path: fos_user_security_login
failure_path: fos_user_security_login
oauth:
resource_owners:
azure: azure_login
login_path: fos_user_security_login
failure_path: fos_user_security_login
use_forward: false
oauth_user_provider:
service: custom.user_provider
logout:
path: fos_user_security_logout
target: fos_user_security_login
anonymous: true
switch_user: true
logout_on_user_change: true
access_control:
- { path: ^/api/tokens, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/connect/azure, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/configuration/, role: [ROLE_SUPER_ADMIN] }
- { path: ^/admin/, role: [ROLE_ADMIN] }
- { path: ^/, role: IS_AUTHENTICATED_FULLY }
- { path: ^/%app_name%, role: IS_AUTHENTICATED_FULLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
Routing.yml:
fos_user_security:
resource: "#FOSUserBundle/Resources/config/routing/security.xml"
prefix: /%app_name%
fos_user_resetting:
resource: "#FOSUserBundle/Resources/config/routing/resetting.xml"
prefix: /%app_name%/resetting
methods: [GET,POST]
can someone tell me what i am missing here because using fosuserbundle by itself every things works like charm but when adding the:
oauth:
resource_owners:
azure: azure_login
login_path: fos_user_security_login
i am going into loop

So i found the solution for this problem my problem was not only in the security file but it seems to be that the annotation was causing the problem also but after changing the access control from :
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
To:
- { path: ^/%app_name%/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
and in the annotation in this should not be written above the class but above the controller it self and be careful from the / at the end

User redirecting to login page even after successful authentication in Ez Publish

I'm new to Ez publish and symfony. We have a application in Ezpublish where user can login with his username and password.
Even after giving correct credentials it is redirecting to login page.
We are able to login to the back office with the same credentials. We
are facing issue only for end user login to the front office.
Using Ezpublish version 5.4.
Following is my security.yml file
security:
providers:
ezpublish:
id: ezpublish.security.user_provider
role_hierarchy:
ROLE_USER: []
ROLE_RISKMANAGER: [ROLE_USER]
ROLE_MANAGER: [ROLE_RISKMANAGER]
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
ezpublish_setup:
pattern: ^/ezsetup
security: false
ezpublish_rest_forgotpassword:
pattern: ^/api/ezp/v2/user/forgotpassword
anonymous: ~
#security: false
stateless: true
ezpublish_rest:
pattern: ^/api/ezp/v2
stateless: true
ezpublish_http_basic:
realm: eZ Publish REST API
ezpublish_front:
pattern: ^/
anonymous: ~
ezpublish_rest_session: ~
form_login:
login_path: login
check_path: login_check
require_previous_session: false
use_forward: false
always_use_default_target_path: false
default_target_path: /
use_referer: true
failure_path: /loginfailed
logout: ~
guard:
authenticators:
- project.security.device_authenticator
default:
anonymous: ~
access_control:
#- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
# backend
- { path: ^/api/ezp/v2/user/forgotpassword, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/mot-de-passe-oublie, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/fr/mot-de-passe-oublie, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/creer-votre-compte, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/fr/creer-votre-compte, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/verification-email, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/fr/verification-email, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/completer-votre-compte, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/fr/completer-votre-compte, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/mise-a-jour-mot-de-passe, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/fr/mise-a-jour-mot-de-passe, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/_fos_user_context_hash, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/activer-votre-compte, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/fr/activer-votre-compte, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/bo, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/en/mot-de-passe-oublie, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/en/creer-votre-compte, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/en/verification-email, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/en/completer-votre-compte, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/en/mise-a-jour-mot-de-passe, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/en/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/fr/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/en/_fos_user_context_hash, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/en/activer-votre-compte, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/country/polygons, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/fr/country/polygons, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/en/country/polygons, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/manage-translation, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/.*, role: ROLE_USER }
- { path: ^/en/country/map, role: ROLE_USER }
- { path: ^/en/, role: ROLE_USER }

You SHOULD change the default page which is the page where the user is redirected to, if no previous page was stored in the session :
The value can be a relative/absolute URL or a Symfony route name:
# config/packages/security.yaml
security:
# ...
firewalls:
main:
form_login:
# ...
default_target_path: after_login_route_name
Source : official symfony 4 documentation
https://symfony.com/doc/current/security/form_login.html

I served my domain over HTTPS instead of HTTP then it works.

Symfony2 loop redirect after logout

I have loop redirect after logout
My security.yml
# app/config/security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: security.csrf.token_manager # Use form.csrf_provider instead for Symfony <2.4
# login_path: /login111
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/accaunt, role: ROLE_USER }
- { path: ^/accaunt/, role: ROLE_USER }
- { path: ^/, roles: IS_AUTHENTICATED_FULLY }
- { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
If I'm replace in config.yml handler_id: session.handler.pdo
into handler_id: ~
All good

As the name suggests, when an anonymous user try to access page A which needs an admin role, symfony redirects to the login page, login page of your seems to be also aking for a role user, and hence the error
I think your problem is a typo?! the ^/login$ in your access_control?

looping redirect login security.yml

someone could help me solve this problem in the login redirection?
the browser says that the page has made too many redirects
here i show file security.yml:
firewalls:
frontend:
pattern: ^/
anonymous: ~
form_login:
login_path: /login
check_path: /login_check
default_target_path: /index
success_handler: authentication_handler
logout:
path: /logout
target: /
success_handler: authentication_handler
security: true
remember_me:
key: sitio123
lifetime: 604800 # 7 * 24 * 3600 = 604.800 = 1 semana
access_denied_handler: accessdenied_handler
access_control:
- { path: ^/, roles: ROLE_U }
- { path: ^/admin, roles: ROLE_A }
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/pruebita, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/prueba, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/comprobarmail, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/nuevacontrasena, roles: IS_AUTHENTICATED_ANONYMOUSLY }
providers:
chain_provider:
providers: [in_memory, user_db]
in_memory:
users:
foo: { password: test, roles: 'ROLE_A' }
foo1: { password: test1, roles: 'ROLE_U' }
user_db:
entity: { class: mio\mioBundle\Entity\Empleado, property: username }
role_hierarchy:
ROLE_A: ROLE_U
encoders:
mio\mioBundle\Entity\Empleado: { algorithm: sha1 }
Symfony\Component\Security\Core\User\User: plaintext
thank you very much for your time

Place the anonymous access control items before the secured items:
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/pruebita, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/prueba, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/comprobarmail, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/nuevacontrasena, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_U }
- { path: ^/admin, roles: ROLE_A }

default_target_path does not work with FOSUserBundle

I have installed FOSUserBundle and I am using it in my project. Its login page redirects to an unknown path /_wdt/50366043f414d. I changed the default_target_path under form_login in security.yml file, but it did not take effect.
How can I change the target path of the login page in FOSUserBundle?

I must set the always_use_default_target_path to true, as shown in
symfony documentation
#app/config/security.yml
firewalls:
main:
pattern: ^/
form_login:
login_path: /login
default_target_path: /my/desired/path
always_use_default_target_path: true

I had the same issue, and the reason I was having this problem was because Symfony was trying to load the Web Debug Toolbar (hence the "_wdt" bit in the error), which has its own routes that are called at the end of the page load. In my case, I had configured my security.yml like so:
app/config/security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/css, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/js, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_USER }
This means that if the user is trying to open a page for anything behind the root "/", he is required to be logged in.
The way I fixed the problem was by adding the "_wdt" part and allowing it for anonymous users:
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/css, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/js, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_USER }

This may be an old issue but instead of changing the access_control the current Symfony2 config features an extra firewall for the debug toolbar:
# Disabling the security for the web debug toolbar, the profiler and Assetic.
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false