Behat appends additional url when redirecting - symfony

I'm using Symfony 3.4 with FOSUserBundle and Behat for testing.
Config & code:
Behat config:
extensions:
Behat\MinkExtension:
sessions:
default:
symfony2: ~
javascript:
selenium2: ~
browser_name: firefox
show_auto: false
base_url: 'http://my-virutalhost.test'
Behat\Symfony2Extension:
kernel:
env: "acceptance"
debug: "true"
Scenario: I execute enpoint address with wrong redirect code
When I go to the url "/redirect/code1code2"
Then I should be redirected to url "http://some-page-here.com"
/**
* #When /^I go to the url "([^"]+)"$/
*/
public function iGoToTheUrl($url) {
$this->lastResponse = $this->getSession()->visit($url);
$this->getSession()->getDriver()->getContent();
//var_dump($url, $this->getSession()->getDriver()->getCurrentUrl());
}
/**
* Checks, that current page PATH matches regular expression.
*
* #Then /^(?:|I )should be redirected to (?P<pattern>"(?:[^"]|\\")*")$/
*/
public function iAmRedirectedToUrl($pattern) {
$this->assertSession()->addressMatches($this->fixStepArgument($pattern));
}
Problem:
Somehow Behat appends to my redirect url http://some-page-here.com /login from my app, which creates link: http://some-page-here.com/login. I don't know why it creates such address for redirect.
-- EDIT --
When I check the content of page $this->getSession()->getDriver()->getContent() I see code of the login page
-- Edit --
/login - it's my application login
I want to make redirect to
outside page, not in a page inside of my application and check if the final address is the address of the page from outside redirect
My security config:
access_control:
- { path: ^/redirect, role: IS_AUTHENTICATED_ANONYMOUSLY }

I would look closer at Firefox, because I don't think Behat is the culprit here.
From what I can make out, what is happening is:
Behat tells Firefox to navigate to 'http://my-virutalhost.test/redirect/code1code2'
This URL responds with a HTTP redirect to 'http://some-page-here.com/'
Firefox honours the HTTP redirect but for some reason appends /login to the URL.
I would look into the responses that Firefox is getting to ensure that the correct redirect url is returned.

Is your redirect ok ? If your content page show the /login, then When I go to the url "/redirect/code1code2" must send to this page.
As you use the MinkExtension, did you tried with the default Step When I go to '/redirect/code1code2' ?
Or have you access to the page if you do directly When I go to the url 'http://some-page-here.com' ?
And for the http://some-page-here.com/login stuff, It's strange... If your page is able to show you the /login content, then it must say it has access to http://my-virutalhost.test/login

Related

How to achieve an authentication level that allows me to pass "Full authentication is required to access this resource"

I am trying to debug a Resque setup in an (inherited) app, and so I found that there is a route for resque at /hidden/resque that would be nifty to access, but I am unable to access the route. I am wondering what I need to do ... When I try to access that route I get a HTTP 500 due to this error being thrown:
Symfony\Component\Security\Core\Exception\InsufficientAuthenticationException: Full authentication is required to access this resource.
I have tried accessing it both as a web page (after authenticating as an admin role on a different route) and using curl -H 'Authorization: Basic 9339034147964aebec6716c0110311d1' 'https://web.mysite/hidden/resque' -v. No go.
So what constitues "full authentication"? I am already logged in as an admin user on one of the other routes. Would I need to add anything more to the below config? This has not been setup by me, so I would not know if it ever worked.
app/config/routing.yml
ResqueBundle:
resource: "#ResqueBundle/Resources/config/routing.xml"
prefix: /hidden/resque
app/config/security.yml
access_control:
- { path: ^/hidden, roles: ROLE_ADMIN }
According to the docs:
IS_AUTHENTICATED_FULLY: This is similar to IS_AUTHENTICATED_REMEMBERED, but stronger. Users who are logged in only because of a "remember me cookie" will have IS_AUTHENTICATED_REMEMBERED but will not have IS_AUTHENTICATED_FULLY.
How can I be "more logged in" than using a cookie? Should I send a basic auth header with username and password base64 encoded?
If you ask for full authentication.
I.E:
/**
* Requiring IS_AUTHENTICATED_FULLY
*
* #IsGranted("IS_AUTHENTICATED_FULLY", message="Nope, no access")
*/
Then when you are logging in with an user, your Authorization Checker must have granted you the IS_AUTHENTICATED_FULLY status in order to have access.
As explained in the docs:
IS_AUTHENTICATED_FULLY: This is similar to IS_AUTHENTICATED_REMEMBERED, but stronger. Users who are logged in only because of a "remember me cookie" will have IS_AUTHENTICATED_REMEMBERED but will not have IS_AUTHENTICATED_FULLY.
You will be completely Authenticated if you manually log in, and not via a cookie. If you are using a command that remembers your credentials, that might be the issue.
Check Doc nº3 to see whether your actual way of entering that route falls inside the IS_REMEMBERED status. Even maybe you end up prefering using the less restrictive IS_AUTHENTICATED_REMEMBERED
Check the different documentations here:
https://symfony.com/doc/3.4/security.html#checking-to-see-if-a-user-is-logged-in-is-authenticated-fully
https://symfony.com/doc/3.4/security.html#learn-more
https://symfony.com/doc/3.4/security/remember_me.html
https://symfony.com/doc/3.4/components/security/authorization.html#authorization-checker
https://github.com/symfony/symfony/blob/3.4/src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php

Symfony routes not working anymore

I have an application been working on for a while with a fully working login and creating new users functionalities, and out of no where i was trying to switch the user -to change the role- i wasnt able to login again. after some digging around the code i found out that 302 code status is being thrown after login and therefor the logging process stopped working.
i had this code in my SecurityController:
return new RedirectResponse('/sys-admin/');
and changing that code to this :
return $this->forward('AppBundle:SystemAdmin:index', array());
make it work and i am logged in again but now all my routes stopped working, i mean in my views there are buttons something like :
<a href="{{ path('system_admin_client') }}"
class="btn pmd-btn-flat btn-default">Go!</a>
when i click the button i am logged out and redirected to the login page and in the network tab in any browser i can see that the route sys-admin/client have status code 302 since i was logged out.
running bin/console debug:router shows me all my routes are there and for this example running bin/console router:match /sys-admin/client also shows me a match with the controller and every information.
this is how my routes looks like:
app_system_admin:
prefix: /sys-admin
resource: "#AppBundle/Resources/config/routing/sys_admin.yml"
sys_admin.yml
system_admin_client:
path: /client
defaults: { _controller: AppBundle:SystemAdmin:index}
I cant figure out to know what went wrong! any help will be appreciated. Thanks!
more info: i am using Symfony 4.0.4 and if i tried to do something like forwarding on any route its working but the redirecting is not.
The 302 HTTP status code is for a redirection, it's not an error.
It was normal since you returned a RedirectResponse.
In my opinion the problem doesn't come from the redirection.
You should put it back and check the user-switching function (or the user itself).
If you do that, don't hardcode the redirection path. Use a Symfony method to generate it, like:
return $this->redirectToRoute('system_admin_index');
I found the solution after a lot of investigating. I am using docker to make the whole app running and for some reason php-fpm logs showed no errors but the error was the php session is being broken because of no access for the user, changing to root user on docker fixed this issue since root had access.

when refreshing the page it showing error 404 page not found

i get the same error even when i enter the URL with absolute path
But with Routing it is working fine
{ path: 'login' , component: LoginComponent },
{ path: 'home' , component: HomeComponent},
It's not generally an issue with angular, this issue occurs if your API uses the same port and when you refresh the page the request will go as Get: Login since your API does not have the matching valid param it will throw 404.
Hence that is displayed in the browser

Angular 2 Routes with .do extension

In my angular2 application i have two components (profile / projects) so my routes are like
{ path: 'profile', component: ProfileComponent },
{ path: 'projects', component: ProjectsComponent }
and i need to integrate angular 2 in existing struts application where all urls are having .do as url extension
so i have updated my routes to
{ path: 'profile.do', component: ProfileComponent },
{ path: 'projects.do', component: ProjectsComponent }
when i launch my application directly with localhost:3000/profile.do i am getting Cannot GET /profile.do error
where as when launch application using localhost:3000/ and click hyper link my profile it works
Any suggestion or solution to access my application with localhost:3000/profile.do url
When you hit localhost:3000/profile.do it goes directly to server and tries to resolve the resource, if appropriate redirects are not set on server side you will get errors saying resource not found, Angular routing kicks only after the default page is loaded, this is why it works when the page is already loaded and you hit hyperlink.
Set appropriate redirects on server side.
Hope this helps!!

FOSUser mail is translated but confirmation_url isn't

I found an easy way of adding a locale to my Symfony routes, as described here: Locale switch in login of FOSUserBundle
Some relevant settings in my project:
config
framework:
translator: { fallback: "%locale%" }
default_locale: nl
services
fosmailer: #fos_user.mailer.twig_swift
routing
fos_user_register:
resource: "#FOSUserBundle/Resources/config/routing/registration.xml"
prefix: /{_locale}/registreren
I'm trying to get FOSUser to send a confirmation mail in the newly created users' browserlanguage.
For this I'm saving the locate found by javascript in my database.
Then, I'm setting my request to that locale and send the confirmation mail manually like this:
$request->setLocale($locale); //($locale = 'en_US')
$mailer = $this->get('fosmailer');
$mailer->sendConfirmationEmailMessage($user);
My email template contains a bunch of {{ 'foobar' | trans}} tags, which work perfectly fine. But I'm also using the {{confirmationUrl}} which is generated by FOSUser.
In an English mail this confirmation url will still show up as:
/nl/registreren/confirm/1234..
Any ideas why my mail is localized but my url isn't?
The URL address is not translated, because localization of URL addresses is not part of standard Symfony2 installation.
In order to localize URL addresses you need to use some bundle which solves this issue, for example BeSimpleI18nRoutingBundle or you can create your own solution.

Resources