I am trying to configure HWIOAuth bundle to use dynamic client id. I have a service that can figure out what variable value to use depending on some request conditions.
Here's an expression in my HWI configuration, but can't seem to get it work:
hwi_oauth:
firewall_names:
- main
resource_owners:
auth:
client_id: "#=service('host.configmgr').GetClientIdParameter()"
client_secret: '%client_secret%'
The issue us with #=service('host.configmgr').GetClientIdParameter(). Can that even execute evaluate? The service is properly executes an used by another class somewhere else with success.
The %client_secret% parameter replacement works fine.
For more context, this part of the configuration lives in a dedicated file that is included in config.yml via { resource: hwiconfig.yml }
After some research looks like expressions are only supported for service definitions. This functionality is not supported for configurations outside services like the HWI bundle config.
Related
I have two firewalls in my Symfony (5.4) application.
What I want is to create a login link for another firewall (where the login_link is configured) while logged in into the other firewall.
Currently the system doesn’t allow that (No Symfony\Bundle\SecurityBundle\LoginLink\LoginLinkHandler found for this firewall. Did you forget to add a "login_link" key under your "admin_area" firewall?)
Is there a way to tell the login link creator to create the link for a specific firewall? (I didn’t see it in the implementation so I don’t really know).
UPDATE 2022-06-10: Beginning with Symfony 6.1, just use the new Autowire-Attribute like this:
public function myLoginLinkAction(
User $myUser,
#[Autowire(service: 'security.authenticator.login_link_handler.my_other_firewall')] LoginLinkHandlerInterface $myOtherFirewallLoginLinkHandler,
): Response
{
// …
$loginLinkDetails = $myOtherFirewallLoginLinkHandler->createLoginLink($myUser);
// …
}
For older Symfony versions:
The solution is to inject the concrete link handler service for my other firewall using an alias defined in security.yaml (where the other firewall that we want to build login links for is named "my_other_firewall"):
services:
# define a concrete alias for the login link handler of the
# my_other_firewall firewall to avoid the FirewallAwareLoginLinkHandler
# that always uses the current request's firewall
Symfony\Component\Security\Http\LoginLink\LoginLinkHandlerInterface $myOtherFirewallLoginLinkHandler: '#security.authenticator.login_link_handler.my_other_firewall'
Then, when I inject the LoginLinkHandlerInterface to my login link building controller, I use the defined parameter name $myOtherFirewallLoginLinkHandler and get the correct LoginLinkHandler injected instead of the FirewallAwareLoginLinkHandler that only exists to use the LoginLinkHandler defined for the firewall of the current request.
This solves the problem the documented way to use concrete implementations, when more than one implements a certain interface.
I need to get the list of available channels from monolog configuration file , whene i try to inject these parameters into my custom service like this
logger:
class: App\Services\Logger
arguments:
$channels: '%monolog.channels%'
i got
You have requested a non-existent parameter "monolog.channels".
is odd that symfony don't provide a simple way to access all configurations (even for other bundles like monolog )
is their a way to do this or am i missing something ?
I want to write a script that send notification mails to users and execute it every hour and I want it to match the server name that host the symfony site. I've already tried with $_SERVER but it's not defined and the solution on this post but there is no request with the console so it's does work.
Since there is no traditional 'web request/response' thing in console command, all URLs you generate with {{ path('...') }} in twig or $this->generateUrl('...') or similar controllers/services´, will be probablyhttp://localhost/...
To fix that, simply add: (if you're on symfony 5.1+)
# config/packages/routing.yaml
framework:
router:
# but you should move it to your .env file and user two differen env-variables for host and scheme
default_uri: 'https://you-site-hostname.com/'
or if you are using older version, put
router.request_context.scheme and router.request_context.host to you parameters. Like
# config/services.yaml
parameters:
router.request_context.scheme: 'https'
asset.request_context.host: 'you-site-hostname.com'
Take a look here: https://symfony.com/doc/current/routing.html#generating-urls-in-commands
And here (my personal advice) https://symfonycasts.com/screencast/mailer/route-context
I'm hoping someone can provide some ideas here. I'm playing around with some of the sample apps for the spring cloud gateway and going through the docs but I'm not seeing any way to route to self or do a global ignore. The idea here is that there are some paths that ALWAYS need to point to self, like for the actuator, and other that may need a global block (maybe for security reasons like you've found a severe vulnerability and need to disable access to a specific resource). Right now from what I can tell there is no way to do this, but I hope I'm wrong!
I've set up the app with the actuator running on port 8081 and the server on 8080.
I've got two simple rules:
- id: local_test_1
uri: http://localhost:80
order: 9000
predicates:
- Path=/echo
# =====================================
- id: local_test_2
uri: ${test.uri}
order: 10000
predicates:
- Path=/**
But the universal /** makes sure that any call to localhost:8081/actuator/* also gets routed to the uri. How can I exempt the management port from routing rules so the server itself will deal with the request?
I thought a default filter like - Path!=${management.server.port}/* might work, but it seems that != isn't supported.
I ran into this same problem when using a default route, but also needing to serve a custom post-logout page from the classpath. The default route would handle the request instead of the gateway itself. Without the default route the logout.html was served correctly.
I ended up moving the default route to a Java bean and used the fluent API like this:
#Bean
public RouteLocator customRouteLocator(RouteLocatorBuilder builder) {
return builder.routes()
.route("default", r -> r
.order(Ordered.LOWEST_PRECEDENCE)
.path("/**")
.and().not(p -> p.path("/logout.html", "/logout.css"))
.uri("http://localhost:8080")
)
.build();
}
If someone knows of a way to do negation in the .yml configuration files that would be ideal, but I have yet to find an example of that in any docs.
You can use no://op as value for uri:.
The only disadvantage, that I see, is that any endpoint, which is not supposed to be found (like /actuator/foo) would still return 200 OK.
- id: local_test_1
uri: http://localhost:80
order: 9000
predicates:
- Path=/echo
# =====================================
- id: local_test_2
uri: ${test.uri}
order: 10000
predicates:
- Path=/**
Try add two space before - Path, the problem may be you config is not working.
maybe you can use - Path=/** and - setStatus=404 for its filter and for actuator route - Path=/actuator/** and - setStatus=ACCEPTED don't forget to uri: no://op for both
I am applying this tutorial into symfony 2.4, I've finished the setup in the config.yml and everything, I managed to visit the admin/google/analytics page, but the problem is when I tried to authenticate with the parameters I've created in the config.yml file, it is searching for the scope, here is the parameters.
happy_r_google_analytics:
host: www.example.com
profile_id: MyProfileId
tracker_id: UA-TRACKER-ID
token_file_path: %kernel.root_dir%/var/storage
happy_r_google_api:
application_name: Project Default Service Account
oauth2_client_id: OAuthClientID
oauth2_client_secret: OAuthClientSecret
oauth2_redirect_uri: http://www.example.com/app_local.php/admin/google/analytics/oauth2callback
developer_key: DevelopperKey
site_name: http://www.example.com
I think there's no problem here, I've got no idea where I can set the scope so the google Api client can set it to https://www.googleapis.com/auth/analytics.readonly
You need to define a scope. If you use Google Auth, check Authorization scopes for it.
You must do something like:
$googleClient = new \Google_Client();
$googleClient->setScopes(array(
'https://www.googleapis.com/auth/plus.me',
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile',
));