Symfony logs out every few mins and ignores lifetime - symfony

just recently I noticed that Symfony logs me out from my application when idle for a few mins. It's odd because when I first refresh the screen it looks like I'm still logged in however when I refresh the second time it redirects to the login form. To prevent that I added the "lifetime" parameter however it seems to be ignored. Can you please provide the best practice to troubleshoot this issue?
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
default_target_path: /
# if you are using Symfony < 2.8, use the following config instead:
# csrf_provider: form.csrf_provider
logout: true
anonymous: true
remember_me:
secret: '%secret%'
lifetime: 604800 # 1 week in seconds
path: /
# by default, the feature is enabled by checking a
# checkbox in the login form (see below), uncomment the
# following line to always enable it.
#always_remember_me: true

Related

Symfony 6 social login remember me not working

I have updated my project to Symfony 6, and now my google login is not working as before. The remember me token is not working if I close the browser. In 5.4, I had written my security.yaml like this :
google:
pattern: ^/connect/google
guard:
authenticators:
- App\Security\GoogleAuthenticator
logout:
path: app_logout
target: home
remember_me:
secret: "%env(GOOGLE_CLIENT_SECRET)%"
lifetime: 604800
always_remember_me: true
but now the cli tell me I need to change "guard". If I use custom_authenticator option, there are a lot of errors because I'm using SocialAuthenticator as you can see here : https://codeshare.io/Od84jx If I remove the google part from security.yaml I don't have error, and register and login are working, but not remember me token.
I finally succeeded, I share my solution for those who have the same problem.
So in symfony 5.4 to symfony 6.1, you need to use OAuth2Authenticator instead of SocialAuthenticator. You can follow the doc to write your GoogleAuthenticator : https://github.com/knpuniversity/oauth2-client-bundle#step-1-using-the-new-oauth2authenticator-class
Then you only need to add it in your custom_authenticator section in the security.yaml file. For example :
main:
switch_user: true
lazy: true
provider: app_user_provider
custom_authenticator:
- App\Security\LoginAuthenticator
- App\Security\GoogleAuthenticator
And then it will work if you already have your controller. (https://github.com/knpuniversity/oauth2-client-bundle#step-3-use-the-client-service)

API-platform, protected root, trying to get client-generator working

I have an api-platform project. The roots are all protected by a login.
http://localhost:8888/docs does show the API documentation.
I kept getting 401 on the client generator, so, I made the following changes to security.yml
api:
pattern: ^/
security: false
provider: db_provider
stateless: true
anonymous: true
# guard:
# authenticators:
# - lexik_jwt_authentication.jwt_token_authenticator
That however generated a strange error:
generate-api-platform-client --generator vue http://localhost:8888 /src --resource legal_types
Error: Unable to find the URL for "http://localhost:8888/docs.jsonld#Entrypoint/user".
at _loop (/Users/xxx/.config/yarn/global/node_modules/#api-platform/api-doc-parser/lib/hydra/parseHydraDocumentation.js:437:17)
at fetchEntrypointAndDocs.then._promise2.default.reject.api._Api2.default.resources (/Users/xxx/.config/yarn/global/node_modules/#api-platform/api-doc-parser/lib/hydra/parseHydraDocumentation.js:459:20)
at <anonymous>
at process._tickCallback (internal/process/next_tick.js:188:7)
pattern: ^/ matches nothing.
If you want to match anything you should go with ^.*$ but if you need all application to be under a secured firewall but only docs to be accessible in anonymous way, just put as first rule this pattern: ^docs and place everything else (/.*$) under secured firewall.

How to use multiple firewalls in symfony 2.8 for same pattern?

I have a symfony 2.8 application that will be used as a REST API back end
I would like to add security to all end points matching ^/api
I would like to be able to use 3 different authentication method for ^/api
I am using uma/psr7-hmac-bundle, friendsofsymfony/oauth-server-bundle, APIKey authentication.
I defined 3 different firewalls and everything works for each firewalls if I remove the other two.
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
oauth_token:
pattern: ^/oauth/v2/token
security: false
oauth_authorize:
pattern: ^/oauth/v2/auth
security: false
api_key:
pattern: ^/api
stateless: true
simple_preauth:
authenticator: api_key_authenticator
provider: api_key_user_provider
oauth_api:
pattern: ^/api
stateless: true
fos_oauth: true
provider: oauth_user
hmac_api:
pattern: ^/api
stateless: true
hmac:
apikey_header: 'X-Custom-Header-Key'
provider: hmac_user
How can I use all 3 firewalls together (chain them)? (hmac_api, oauth_api, api_key)
I looked into Guards but I am not sure how to define/implement Authenticators for HMAC and oAuth.
I looked into firewall context but because it is stateless it won't work.
Basically how can I chain multiple firewalls for same pattern? or how can I define one firewall with 3 different authenticators with considering that I am using third part bundles like friendsofsymfony/oauth-server-bundle, uma/psr7-hmac-bundle?
Use
guard:
authenticators:
for chaining authenticators for your firewall
That's what I have in my app
api:
pattern: ^/api
guard:
authenticators:
- bor.api_bundle.session_authenticator
- lexik_jwt_authentication.jwt_token_authenticator
- sergei_k_security.token_authenticator
entry_point: lexik_jwt_authentication.jwt_token_authenticator
docs - http://symfony.com/doc/current/security/multiple_guard_authenticators.html

symfony2.3 bad credentials in production mode OVH

i know the question is repeated but the scenario that i'm going to describe is (very) strange :
register a new user
update the profile
reconnect but bad credentials
the bundle works normally in dev mode, but stack in prod mode
using fosuser_bundle
security:
encoders:
"Application\Sonata\UserBundle\Entity\User":
algorithm: sha512
encode_as_base64: false
iterations: 1
firewalls :
main:
pattern: .*
context: user
form_login:
provider: fos_userbundle
login_path: /login
use_forward: false
check_path: /login_check
csrf_provider: form.csrf_provider
use_referer: true
all was perfectly working a month ago
Please let me help if you need some codes, Thanks
i found the solution, i was wondering why it works on dev mode and not in prod mode ? the solution was with the configuration of ovh in .ovhconfig tha should replace version of php from 5.4 => 5.5
; pour plus d'informations sur ce fichier:
; http://www.ovh.com/fr/g1175.format_du_point_ovhconfig
app.engine=php
app.engine.version=5.5
;apc.enabled = 1
http.firewall=none
environment=production

Unrecognized options "csrf_provider" under "security.firewalls.form_login"

I'm trying to install the FOSUserBundle following the tutorial here
When I'm at the 7th step I try to update the database schema for ORM running
php app/console doctrine:schema:update --force
but appears the error
InvalidConfigurationException: Unrecognized options "csrf_provider" under "security.firewalls.form_login"
Here's my firewall:
firewalls:
main:
pattern:
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
What can I do? I don't set a pattern because, if I set something like
pattern: ^/
the following error appears:
InvalidTypeException: Invalid type for path "security.firewalls.pattern". Expected array, but got string
UPDATE:
The csrf_protection was enable but, for some reason that I don't understand, didn't work. I tried to "reset" it, disabling and enabling, and now it works.
In my project I enable it with
csrf_protection: ~
You need to enable csrf protection.
You can do that by adding a key to the config.yml
framework:
csrf_protection:
enabled: true
in security.yml
for sloving this problem you just need to comment this command :
csrf_token_generator: security.csrf.token_manager
and enable this comment instead :
csrf_provider: form.csrf_provider
There can be 3 main reasons for this problem:
You have configured FOSU from cookbook from symfony.com, which now is outdated for FOSU 2.0+. Solution:
csrf_token_generator Instead of
csrf_provider
in security.yml
You have not enabled csrf in config.yml
framework:
csrf_protection:
enabled: true
You didn't update AppKernel.php with:
new FOS\UserBundle\FOSUserBundle(),
Maybe all at once. Good luck :)

Resources