Hello I have an issue on login operation when for more explain , have 2 button :
sign in (with email and password)
login with gmail accout
when i click write email and password , click on sign in is redirect me to chose an gmail account but i want to login with email and password normaly
and this is security.yaml file
security.yaml
encoders:
App\Entity\User:
algorithm: argon2i
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: ~
guard:
authenticators:
- App\Security\GoogleAuthenticator
- App\Security\LoginFormAuthenticator
entry_point: App\Security\LoginFormAuthenticator
logout:
path: logout
# activate different ways to authenticate
# http_basic: true
# https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
# form_login: true
# https://symfony.com/doc/current/security/form_login_setup.html
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/profile, roles: ROLE_USER }
- { path: ^/car, roles: ROLE_USER }
how resolve this problem
Related
I create two auth "admin" and "user" in Symfony 5 ( security section )
I set them in main firewall.
Now how can I define "remember me" for each one separately??
For admin:
remember_me:
secret: '%kernel.secret%'
lifetime: 86400
For users:
remember_me:
secret: '%kernel.secret%'
lifetime: 32598000
And my security.yaml is:
security:
encoders:
App\Entity\Admin:
algorithm: auto
App\Entity\User:
algorithm: auto
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
# used to reload user from session & other features (e.g. switch_user)
app_admin_provider:
entity:
class: App\Entity\Admin
property: username
app_user_provider:
entity:
class: App\Entity\User
property: username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: true
lazy: true
provider: app_user_provider
guard:
authenticators:
- App\Security\AdminAuthenticator
- App\Security\UserAuthenticator
entry_point: App\Security\UserAuthenticator
logout:
path: app_logout
# where to redirect after logout
# target: app_any_route
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#firewalls-authentication
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
You can divide your main firewall to two and setup remember_me parameter as you want for each role. You can read more about firewalls from here: https://symfony.com/doc/current/security.html#firewalls-authentication
I have two entities User and Merch.
A User uses a form and authenticates with his username and password.
A Merch uses an iPad app and authenticates with their merchCode (integer eg:11) and password.
With JWT Authentification I can generate a token for User.
The problem is I don't know what do to generate a token for Merch, too.
I want to use two different paths:
/api/login_check_user
/api/login_check_merch
for Merch I want to return a Response contain token + marchId
my security.yaml
security:
encoders:
App\Entity\User:
algorithm: argon2i
App\Entity\Merch:
algorithm: auto
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: email
# used to reload user from session & other features (e.g. switch_user)
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/api/login
stateless: true
anonymous: true
json_login:
check_path: /api/login_check_user
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
refresh:
pattern: ^/api/token/refresh
stateless: true
anonymous: true
api:
pattern: ^/api
stateless: true
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
main:
anonymous: true
# access_control:
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/validator, roles: ROLE_VALIDATOR }
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/token/refresh, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
How can I solve this?
With Lexik, we can override the response with events:
https://github.com/lexik/LexikJWTAuthenticationBundle/blob/master/Resources/doc/2-data-customization.md#eventsjwt_created---adding-custom-data-or-headers-to-the-jwt
So you sould have only one firewall
I'm trying to make an authenticated section called /admin but putting in access_control has broken my API (nothing is returned). I don't need authentication for the API so I've used IS_ANONYMOUS as role. Here is my security.yml, what am I doing wrong?
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
providers:
in_memory:
memory: ~
fos_userbundle:
id: fos_user.user_provider.username # fos_user.user_provider.username_email does not seem to work (OAuth-spec related ("username + password") ?)
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
default:
anonymous: ~
http_basic: ~
oauth_token: # Everyone can access the access token URL.
pattern: ^/api/oauth/v2/token
security: false
api:
pattern: ^/api # All URLs are protected
fos_oauth: true # OAuth2 protected resource
stateless: true # Do no set session cookies
anonymous: true # Anonymous access is not allowed
security: false
access_control:
# require ROLE_ADMIN for /admin*
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/api, roles: IS_ANONYMOUS }
I've built a web app using Symfony 2.8 and I've now got to the task of separating the admin area from the front end. I have done that using the following code in the security.yml file:
security:
encoders:
MyApp\Bundle\CoreBundle\Entity\Users:
algorithm: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_BLOCKED
providers:
main:
entity: { class: MyApp\Bundle\CoreBundle\Entity\Users, property: username }
firewalls:
default:
anonymous: ~
secured_area:
pattern: ^/admin
anonymous: ~
access_denied_url: core_login
form_login:
check_path: core_login_check
login_path: core_login
failure_path: core_login
default_target_path: ^/admin/booking/today/
logout:
path: core_logout
target: core_login
access_control:
- { path: ^/admin, roles: 'ROLE_ADMIN' }
- { path: ^/ajax/admin, roles: 'ROLE_ADMIN' }
- { path: ^/ajax/backend, roles: 'ROLE_ADMIN' }
- { path: ^/, roles: 'IS_AUTHENTICATED_ANONYMOUSLY' }
This is working for me in terms of blocking access to the areas I want. However, if the anonymous user tries to access /admin I get the following message:
Full authentication is required to access this resource.
When I do this in the production environment, I just get the standard 500 error.
What I want to have happen is the user be redirected to the login page. This isn't happening at the moment, so what can I do to acheive this?
I can not access the admin page from my symfony project.
If I visit XXX.XXX.XXX.XXX/admin I get:
Full authentication is required to access this resource
However going to XXX.XXX.XXX.XXX/security/login gives me the login page.
What am I doing wrong?
security:
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
in_memory:
memory:
users:
admin:
password: XXX
roles: 'ROLE_ADMIN'
encoders:
Symfony\Component\Security\Core\User\User:
algorithm: bcrypt
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/admin
anonymous: ~
main:
anonymous: ~
# activate different ways to authenticate
# http_basic: ~
# http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate
# form_login: ~
# http://symfony.com/doc/current/cookbook/security/form_login_setup.html
form_login:
login_path: security_login
check_path: security_login
csrf_token_generator: security.csrf.token_manager
default_target_path: userRedirectAction
logout:
path: /logout
target: /blog
access_control:
# require ROLE_ADMIN for /admin*
- { path: ^/admin, roles: ROLE_ADMIN }
I think under your secured area firewall you need to specify an authentication type such as http_basic: ~
secured area should be:
secured_area:
pattern: ^/blog/admin
It's working now
If you want just test if it does work, you may change your user's role in the path, an delete the anonymous option
- { path: ^/admin, roles: IS_AUTHENTICATED_ANONYMOUSLY }
It should be work