I entered my website homepage after weekend and I see myself logged in in homepage and homepage is not for logged in users! Usually it works correctly and I do not know what happened, if I logout and login again it is working fine again.
There are few problems with it:
I entered my homepage as logged in user even tho I clearly state in controller:
if ($this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
return $this->redirectToRoute('authorization');
}
So I should be redirected to page authorization, but I am not.
I can see "HOME" link in navigation, but in my menu builder code I check if user IS_AUTHENTICATED_FULLY before displaying it:
if ($securityContext->getToken()) {
if(!$securityContext->isGranted('IS_AUTHENTICATED_FULLY')) {
$menu->addChild('HOME', array(
'route' => 'homepage',
'attributes' => array(
'class' => 'nav-li'
)
));
}
}
It seems that sometimes IS_AUTHENTICATED_FULLY is not working as the way to check if the user is logged in.
P.S. I did login to website on friday using form with remember_me, not sure if few days span has something to do with it.
Here are my firewalls (I have multiple login forms in different pages):
firewalls:
about:
pattern: ^/about
anonymous: ~
provider: main
context: primary_auth
form_login:
login_path: /about
check_path: /about/login_check
default_target_path: /authorization
logout:
path: /logout
target: homepage
remember_me:
secret: '%secret%'
lifetime: 31536000
programs:
pattern: ^/programs
anonymous: ~
provider: main
context: primary_auth
form_login:
login_path: /programs
check_path: /programs/login_check
default_target_path: /authorization
logout:
path: /logout
target: homepage
remember_me:
secret: '%secret%'
lifetime: 31536000
contacts:
pattern: ^/contacts
anonymous: ~
provider: main
context: primary_auth
form_login:
login_path: /contacts
check_path: /contacts/login_check
default_target_path: /authorization
logout:
path: /logout
target: homepage
remember_me:
secret: '%secret%'
lifetime: 31536000
main:
pattern: ^
anonymous: ~
provider: main
context: primary_auth
form_login:
login_path: /
check_path: /login_check
default_target_path: /authorization
logout:
path: /logout
target: homepage
remember_me:
secret: '%secret%'
lifetime: 31536000
oauth:
resource_owners:
trainee_facebook: /login/check-facebook
trainee_linkedin: /login/check-trainee-linkedin
trainee_xing: /login/check-trainee-xing
company_linkedin: /login/check-company-linkedin
company_xing: /login/check-company-xing
university_linkedin: /login/check-university-linkedin
university_xing: /login/check-university-xing
login_path: /
use_forward: false
failure_path: /failure-path
default_target_path: /authorization
oauth_user_provider:
service: my_custom_user_provider
UPDATE
Suddenly instead of IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED is working fine and I do not understand why! Is there any explanation why would user lose IS_AUTHENTICATED_FULLY role by the time?
Your session probably expired, and you were authenticated automatically again using the "remember me" functionality.
As described in the docs (http://symfony.com/doc/current/security.html#checking-to-see-if-a-user-is-logged-in-is-authenticated-fully), users authenticated by the "remember me" functionality will not have the role IS_AUTHENTICATED_FULLY.
In this case, you should check for the role IS_AUTHENTICATED_REMEMBERED, which also is granted to users who are authenticated "fully".
I do understand the naming is confusing, but you could think of the role IS_AUTHENTICATED_REMEMBERED as "is authenticated fully or by remember me".
Related
I am using FOSUSerBundle with two different Entities for different Users like
DefaultUser and AdminUser
Therefore I have the following in security.yaml
providers:
user:
entity:
class: AppBundle:User
property: 'email'
admin:
entity:
class: AppBundle:Admin
property: 'email'
and firewall is set like this:
admin:
pattern: ^/admin
anonymous: ~
provider: admin
form_login:
login_path: /admin/login
csrf_token_generator: security.csrf.token_manager
default_target_path: /admin
check_path: admin_login_check
logout_on_user_change: true
logout:
path: /admin/logout
target: /admin
invalidate_session: false
access_denied_handler: AppBundle\Security\AccessDeniedHandler
context: application
main:
pattern: ^/
provider: user
logout_on_user_change: true
form_login:
# csrf_token_generatlor: security.csrf.token_manager
login_path: /login
default_target_path: /user
check_path: fos_user_security_check
logout:
path: user_logout
target: user_login
invalidate_session: false
context: application
anonymous: ~
access_denied_handler: AppBundle\Security\AccessDeniedHandler
How to get FOSUserBundle work, so I can use username or Email ?
Normally it is set by
id: fos_user.user_provider.username_email
but this cannot used in this configuration.
It's been a long time since I worked with the fos_userbundle, but from what I see in my code, you'll need to update your security.yml file to make use of it:
security:
providers:
fos_userbundle_admin: appbundle.service.providing.admin_user
And in that service (which extends FOS\UserBundle\Security\UserProvider), you'll want to override the findUser($username) method. There, you can use the provided username.
I suppose (untested) you can create another provider (fos_userbundle_user) and use that one for users in your firewall.
Hopefully this makes sense.. It's working here, but that was in a symfony 2.8 app. FOS_UserBundle has changed a fair bit since then.
I'm using FOS UserBundle in my Symfony 3.3 Project and I have two firewalls , because Admins and Users connect from different login forms (with different URLs).
I would like to restrict access to admin dashboard only if the account used for logging is granted to ADMIN_ROLE.
That is, if I try to authenticate with a simple user account, I get the message "Bad credentials".
Is there a way to tell a firewall to only allow users of a certain role to connect ?
my security.yml firewalls section :
firewalls:
admin:
pattern: ^/admin
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
login_path: /admin
check_path: /admin/login_check
default_target_path: /admin
success_handler: app.security.adminauthentication_handler
failure_handler: app.security.adminauthentication_handler
logout:
path: /admin/logout
target: /admin
anonymous: true
context: application
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
success_handler: app.security.authentication_handler
failure_handler: app.security.authentication_handler
logout: true
anonymous: true
Please note that I'm using AJAX for both login forms.
Thanks
just add this in your security.yml under security like this :
> security :
access_control :
- { path: ^/mysite/dashboard/, role: ROLE_ADMIN }
You have to define access_control
I am clicking my logout button which is supposed to log me out. I did everything according to documentary but still I receive the following error
Unable to find the controller for path "/logout". The route is wrongly configured.
Here is my security.yml
firewalls:
main:
anonymous: ~
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/
form_login:
login_path: /login
check_path: /login_check
default_target_path: /
logout:
path: /logout
target: /
invalidate_session: false
And I of course added
logout:
path: /logout
to the routing.yml
What is wrong with my logout?
Are you sure that you add the logout route in your files routing? try this in your console, and you should see the next:
app/console debug:router
...
login ANY ANY ANY /login
login_check ANY ANY ANY /login_check
logout ANY ANY ANY /logout
...
if you can't see this, maybe you does not added the path in routing correctly.
Adding such function solved the problem:
/**
* #Route("/logout", name="logout")
*/
public function logingOut() {
$this->get('security.token_storage')->setToken(null);
$this->get('request')->getSession()->invalidate();
return $this->redirect($this->generateUrl('index_page'));
}
So, I have this security:
providers:
fos_userbundle:
id: hwi_oauth.user.provider.fosub_bridge
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
anonymous: true
logout: true
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /login
check_path: /login_check
oauth:
resource_owners:
battlenet: "/login/check-battle-net"
login_path: /login
use_forward: false
failure_path: /login
oauth_user_provider:
service: hwi_oauth.user.provider.fosub_bridge
logout:
path: /logout
target: /
remember_me:
key: "%secret%"
lifetime: 31536000 # 365 days in seconds
path: /
domain: ~ # Defaults to the current domain from $_SERVER
and Im using HWIOauth bundle. Now I want to implement classic loggin from fos user bundle near this. Is there some simple way? ;)
ok, it was simple... just from console:
app/console fos:user:create
then make a route, form and view etc. for FOSUserBundle\SecurityController::loginAction and..
thats it ;) its working very well, without any change to security.yml
My application need 2 firewalls, one for Admin and the other for User. In my security.yml I config:
admin:
pattern: ^/admin
provider: fos_userbundle
form_login:
login_path: /admin/login
use_forward: false
check_path: /admin/login_check
failure_path: null
default_target_path: /admin/dashboard
always_use_default_target_path: true
logout:
path: /admin/logout
target: /admin
anonymous: ~
# defaut login area for standard users
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout:
path: /logout
anonymous: ~
I don't know whether this config is correct. Everything's OK when I login from main area, but when I login from admin, it's redirect me to the home path instead of default_target_path. I try to change provider to a custom provider (eg in_memory) to re-check the admin firewall, but I still login by user from fos_userbundle provider. Can you help me?
i think it's because there is a main pattern
main:
pattern: ^/
it control even the ^/admin
try to replace ^/ with ^/home or ^/main it will work on bothe
Try removing anonymous and using access control instead. In theory Symfony2 will automatically redirect users from admin back, even if they are using the same login screen.
The security in Symfony2 is cascading (so /admin will also appear under main)
e.g.
# defaut login area for standard users
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout:
path: /logout
admin:
pattern: ^/admin
provider: fos_userbundle
form_login:
use_forward: false
failure_path: null
target: /admin/dashboard
always_use_default_target_path: true
logout:
target: /admin
access_control:
- { path: ^/, roles: [IS_AUTHENTICATED_ANONYMOUSLY, ROLE_USER] }
- { path: ^/admin, roles: [ROLE_ADMIN] }
you'll likely need different ROLES specified.
I changed main firewall pattern to ^/(?!admin), everything's ok now. Thanks for your help!
main:
pattern: ^/(?!admin)
provider: default_provider
anonymous: ~
admin:
pattern: ^/admin
provider: admin_provider
anonymous: ~