Develop Reference

Symfony 4 + API Plantform +LexikJWTAuthenticationBundle Bad Credential

Good afternoon. Please i'm using LexikJWTAuthenticationBundle in a symfony 4 api project. I'm using UserProvider for Doctrine.
After Configure Doctrine User Provider, I've install and configure LexikJWTAuthenticationBundle. But when i tried to athentificate using Postman on the url http://localhost:8000/api/login_check whith this JSON {"username":"ak",
"password":"ak"} I've this error: {
"code": 401,
"message": "Bad credentials"
}.
See below my Security.yaml config file. I've read forums to tried to solve this issue but i've not yet found the solution. Can you please help me?
security:
encoders:
App\Entity\Utilisateur:
algorithm: bcrypt
providers:
#in_memory: { memory: ~ }
our_db_provider:
entity:
class: App\Entity\Utilisateur
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/api/login
stateless: true
anonymous: true
json_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api
stateless: true
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
main:
pattern: ^/
user_checker: App\Security\UtilisateurChecker
anonymous: true
provider: our_db_provider
access_control:
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }

Have you missed a piece of configuration during installation? I dont see the lexik one:
lexik_jwt_authentication:
secret_key: '%kernel.project_dir%/config/jwt/private.pem' # required for token creation
public_key: '%kernel.project_dir%/config/jwt/public.pem' # required for token verification
pass_phrase: 'your_secret_passphrase' # required for token creation, usage of an environment variable is recommended
token_ttl: 3600

Good morning All. I've found the solution of my problem. In fact, i was typing a bad User Password.
To solve this article, i've used this article https://numa-bord.com/miniblog/symfony-4-les-base-dune-gestion-des-utilisateurs-inscription-connexion-droits-dacces/
I've created au database user by using create user command implemented in the article.
After i have been connected with this previous created user sucessfully. ApiPlatform generate a web tocken for me.
Thank you very much

Timeout Facebook Login with hwioauth bundle : Timeout Gateway 504

Hi!
I am becoming mad with the following error, found into the prod log, with Facebook Login, by HWIOAuthBundle. I have never encountered this bug on our localhosts. It occurred (and continues to occur) several times on prod, sporadically. I tried to set verify_peer to false inside config.yml, put off ipv6 on the nginx server, etc. Nothing had solved this problem.
Here is the exact error :
[2017-09-05 17:48:16] request.CRITICAL: Uncaught PHP Exception
HWI\Bundle\OAuthBundle\OAuth\Exception\HttpTransportException:
"Error while sending HTTP request" at
/home/keywinf/htdocs/www/vendor/hwi/oauth-bundle/OAuth/ResourceOwner/AbstractResourceOwner.php line 255
{"exception":"[object] (HWI\\Bundle\\OAuthBundle\\OAuth\\Exception\\HttpTransportException(code: 28):
Error while sending HTTP request at /home/keywinf/htdocs/www/vendor/hwi/oauth-bundle/OAuth/ResourceOwner/AbstractResourceOwner.php:255, Buzz\\Exception\\RequestException(code: 28):
Connection timed out after 60000 milliseconds at /home/keywinf/htdocs/www/vendor/kriswallsmith/buzz/lib/Buzz/Client/Curl.php:29)"} []
config.yml
hwi_oauth:
firewall_names: [main]
use_referer: true
fosub:
username_iterations: 30
properties:
facebook: facebookId
resource_owners:
facebook:
type: facebook
client_id: "%facebook_id%"
client_secret: "%facebook_secret%"
infos_url: 'https://graph.facebook.com/me?fields=id,name,first_name,last_name,picture.type(large),email,gender,birthday,location,age_range'
scope: "email,user_friends"
http_client:
timeout: 60
security.yml
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
api:
pattern: ^/api/[a-z0-9](-[a-z0-9])+/
stateless: true
simple_preauth:
authenticator: api_key_authenticator
provider: api
main:
pattern: ^/
anonymous: true
provider: main
switch_user: true
form_login:
login_path: fos_user_security_login
check_path: fos_user_security_check
success_handler: acme.security.authentication_handler
failure_handler: acme.security.authentication_handler
always_use_default_target_path: false
default_target_path: /
oauth:
resource_owners:
facebook: /login/check-facebook
login_path: /login
failure_path: /login
success_handler: acme.security.authentication_handler
always_use_default_target_path: false
default_target_path: /
oauth_user_provider:
service: dm.user_provider
logout:
path: fos_user_security_logout
target: /
remember_me:
secret: %secret%
If one knows what could be causing it.. Thank you very much

Ok, I got it, for anyone who have been encountering the same storm.
Be careful with ipv6 stuff on your server. PHP curl was trying to do its job through it, but the server was not ipv6-ready, and it eventually found it more cool to step back to ipv4 (but after a long time). My solution was to activate ipv6 completely (DNS, conf, etc.). You've plenty of useful (and short) examples for it on the web.
Have fun!

Symfony access_control not applied 'per-host' rule

Morning folks,
mainly i want to secure all call against a url that starts with /api/internal.
All endpoints that start with this path are only for internal calls, e.g. in a ajax-search box. So right me when i am wrong but i thought it would be a good idea to secure this via host definition in access_roles
I tried it with the following security.yml
security:
role_hierarchy:
ROLE_myproject_USER: ROLE_USER
ROLE_TEAMMANAGER: ROLE_USER
ROLE_ADMIN: [ROLE_TEAMMANAGER]
providers:
dashboard_users:
ldap:
service: myproject.ldap
# my ldap config
custom_user_provider:
id: myproject.factory.scale_user
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
api_internal:
pattern: ^/api/internal
security: true
host: myproject.dev
api_doc:
pattern: ^/api/doc
security: false
api_login:
pattern: ^/api/login
stateless: true
anonymous: true
api:
pattern: ^/api
stateless: true
provider: custom_user_provider
guard:
authenticators:
- myproject.api_login_authenticator
main:
anonymous: ~
form_login_ldap:
login_path: myproject_login
check_path: myproject_login
service: myproject.ldap
dn_string: 'Verbund\{username}'
logout:
path: myproject_logout
target: /
access_control:
- { path: ^/api/internal, host: myproject.dev }
But i get this error:
InvalidConfigurationException in SecurityExtension.php line 481:
No authentication listener registered for firewall "api_internal".
Side information: In this project there a 3 different sections:
/api/internal/**** - should only be accessible from the website itself
/api/ - should be accessible via REST, is secured via JWTToken
the Website itself - is secured via form login and LDAP
Thankful for any help you can provide.
Max

In order to have hosts secured, use access_control
access_control:
# require ROLE_ADMIN for /admin*
- { path: ^/admin, roles: ROLE_ADMIN }
where the path is your desired host.
In order to have everything for a subhost secured use
- { path: ^/admin/*, roles: ROLE_ADMIN }
remove other firewalls than main and dev!
Please refer to http://symfony.com/doc/2.8/security.html for more information

The security context contains no authentication token ESI and Symfony2

I'm using ESI (Edge Side Includes) to speed up my page but every time that I want to check if the user is loged in or not I get this error:
AuthenticationCredentialsNotFoundException: The security context contains no authentication token. One possible reason may be that
there is no firewall configured for this URL.
In my config.yml file I have this:
**esi: true<br>
fragments: { path: /_proxy }<br>
trusted_proxies: [127.0.0.1]**
Does someone knows how to solve it? I already tried to set a firewall for the /_proxy urls but I think that this is not the solution.
These are my firewalls:
main:
pattern: ^/
form_login:
check_path: /user/login_check
login_path: /user/login
provider: chain_provider
failure_path: null
logout:
path: /user/logout
target: /
success_handler: logout_success_handler
invalidate_session: true
anonymous: ~
security: true
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
Thanks

InvalidConfigurationException: The child node "key" at path "security.firewalls.main.remember_me" must be configured

I tried to update my vendor bundles in symfony2 using php composer.phar update, but when I did so I received an error after this line:
Updating the "app/config/parameters.yml" file
The error I get is:
[Symfony\Component\Config\Definition\Exception\InvalidConfigurationException]
The child node "key" at path "security.firewalls.main.remember_me" must be configured.
Script Sensio\Bundle\DistributionBundle\Composer\ScriptHandler::clearCache handling the post-update-cmd event terminated with an exception
[RuntimeException]
An error occurred when executing the "'cache:clear --no-warmup'" command.
My security.yml file has the following in its firewall section:
firewalls:
main:
pattern: ^/
provider: fos_userbundle
form_login:
csrf_provider: form.csrf_provider
always_use_default_target_path: false
default_target_path: webplio_site_dashboard_index
#success_handler: webplio_site.login_success_handler
check_path: /login_check
login_path: /login
logout: true
remember_me: true
anonymous: true
remember_me:
key: "%secret%"
lifetime: 31536000 # 365 days in seconds
path: /
domain: ~ # Defaults to the current domain from $_SERVER
where secret is defined in my parameters.yml file
My question then is what else do I need to do in order to configure the child node "key" at path "security.firewalls.main.remember_me"?

You need to change from
remember_me:
key: "%secret%"
to
remember_me:
secret: "%secret%"

Move your remember_me: true to
form_login:
...
remember_me: true
Check the security-reference as to see why.

Change key to secret and it works