Develop Reference

Change the FOS users connection property

I have a problem with the connection with the friends of symfony and jwt bundle, by default it uses the username to connect only I need to use email.
I first try to change the property in secutiy.yaml but I can't get it to work.
security:
encoders:
App\Entity\User:
algorithm: bcrypt
providers:
entity_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/login
stateless: true
anonymous: true
json_login:
check_path: /login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
register:
pattern: ^/register
stateless: true
anonymous: true
api:
pattern: ^/api
stateless: true
anonymous: false
provider: entity_provider
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
Always when I try to connect it asks me for the username.

try :
fos_userbundle:
id: fos_user.user_provider.username_email

How to generate token for two classes using JWT symfony 4?

I have two entities User and Merch.
A User uses a form and authenticates with his username and password.
A Merch uses an iPad app and authenticates with their merchCode (integer eg:11) and password.
With JWT Authentification I can generate a token for User.
The problem is I don't know what do to generate a token for Merch, too.
I want to use two different paths:
/api/login_check_user
/api/login_check_merch
for Merch I want to return a Response contain token + marchId
my security.yaml
security:
encoders:
App\Entity\User:
algorithm: argon2i
App\Entity\Merch:
algorithm: auto
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: email
# used to reload user from session & other features (e.g. switch_user)
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/api/login
stateless: true
anonymous: true
json_login:
check_path: /api/login_check_user
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
refresh:
pattern: ^/api/token/refresh
stateless: true
anonymous: true
api:
pattern: ^/api
stateless: true
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
main:
anonymous: true
# access_control:
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/validator, roles: ROLE_VALIDATOR }
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/token/refresh, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
How can I solve this?

With Lexik, we can override the response with events:
https://github.com/lexik/LexikJWTAuthenticationBundle/blob/master/Resources/doc/2-data-customization.md#eventsjwt_created---adding-custom-data-or-headers-to-the-jwt
So you sould have only one firewall

LexikJWTAuthenticationBundle - Unable to find the controller for path "/api/login_check". The route is wrongly configured

I use configuration like documentation. This is my security file:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: [ROLE_USER]
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
login:
pattern: ^/api/login
stateless: true
anonymous: true
json_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api
provider: fos_userbundle
stateless: true
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
access_control:
- { path: ^/api/login_check, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
and my routing file
api_login_check:
path: /api/login_check
When I get in m browser to /api/login_check i get error
Unable to find the controller for path "/api/login_check". The route is wrongly configured.
Any idea?

change your security.yml login firewall configuration with the following:
login:
pattern: ^/api/login
stateless: true
anonymous: true
form_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
remove login_check path from your access control it should be already configured
- { path: ^/api/login_check, roles: IS_AUTHENTICATED_ANONYMOUSLY }

You need to adjust your access control configuration :
access_control:
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
I am pretty sure you use API Platform for this, if you read the documentation here, you will see that the access control on the login URL use ^/login in the path and not ^/api/login_check

Non-existent service "form.csrf_provider" in Symfony2 application

I am trying configure HWIOauthBundle in my Symfony2 application with this link.
When I run app/console cache:clear, or composer install I get this message:
[Symfony\Component\DependencyInjection\Exception\ServiceNotFoundException]
The service "security.firewall.map.context.main" has a dependency on a non-
existent service "form.csrf_provider".
My security.yml file:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_USER
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
in_memory:
memory:
users:
restapi: { password: secretpw, roles: [ 'ROLE_API' ] }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /login
check_path: /login_check
oauth:
resource_owners:
facebook: "/login/check-facebook"
login_path: /login
failure_path: /login
oauth_user_provider:
service: my_user_provider
logout: true
anonymous: true
http_basic:
realm: "Demo REST API (username: restapi, password: secretpw)"
stateless: true
login:
pattern: ^/login$
security: false
remember_me:
key: "%secret%"
lifetime: 31536000 # 365 days in seconds
path: /
domain: ~ # Defaults to the current domain from $_SERVER
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
I was looking for this error in network, but I can't find good solution for me.

I can't look now to hwio bundle but looks like you doesn't have 'form.csrf_provider' provider regisrered like service. search in project if 'form.csrf_provider' exist.

Symfony2 FOSOAuthServerBundle authenticated but anonymous

I'm trying to use FOSOAuthServerBundle.
From my ios application, I correctly get the token from /oauth/v2/token, I can see in my database the entry in AccessToken and RefreshToken with the correct user_id.
Opening the _profile, I can see I'm authenticated but I'm logged in as anonymous... why this is happening?
When trying to access /secured/api/me, I'm redirected to /login path...
Can somebody help me?
Here my security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_USER
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
oauth_token:
pattern: ^/oauth/v2/token
security: false
oauth_authorize:
pattern: ^/oauth/v2/auth
# form_login:
# provider: fos_userbundle
# check_path: /oauth/v2/auth_login_check
# login_path: /oauth/v2/auth_login
anonymous: true
api:
pattern: ^/api
fos_oauth: true
stateless: true
anonymous: true
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /login
check_path: /login_check
oauth:
resource_owners:
facebook: "/login/check-facebook"
google: "/login/check-google"
login_path: /login
use_forward: false
failure_path: /login
oauth_user_provider:
#this is my custom user provider, created from FOSUBUserProvider - will manage the
#automatic user registration on your site, with data from the provider (facebook. google, etc.)
service: my_user_provider
logout: true
anonymous: true
login:
pattern: ^/login$
security: false
remember_me:
key: "%secret%"
lifetime: 31536000 # 365 days in seconds
path: /
domain: ~ # Defaults to the current domain from $_SERVER
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/oauth/v2/auth, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/secured, role: [ IS_AUTHENTICATED_FULLY ] }
.

I think you have in your security.yml, under the firewall 'api ' :
//...
api :
// ...
stateless : true
// ...
You have to send the access_token on every request.
Furthermore, if you want to get an authenticated access_token, you have to get it by a request with de parameter "grant_type=password".
With this access_token, your server will recognize the user in each request.
Something like:
PROVIDER_HOST/oauth/v2/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=password&username=USERNAME&password=PASSWORD
(source: OAuth2 Explained: Part 3 - Using OAuth2 With Your Bare Hands)