FOSUserBundle - You must activate the logout in your security firewall configuration - symfony

I am using Symfony 2.8.2 with FOSUserBundle. When I'm trying to logout, I got the following error:
You must activate the logout in your security firewall configuration
Here's my security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/login
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
anonymous: true
logout:
path: /logout
target: /login
access_control:
- { path: ^/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/, role: ROLE_USER }
I've also tried to set logout: true but nothing changed.
P.S. I'm not using Sonata, just FOSUserBundle.
What's the reason I'm getting this error?

It seems like you have wrong pattern for main firewall.
Setting pattern: ^/login makes this firewall valid only for matching URLs which is only /login URL.
Also, logout URL has to be inside firewall's secured area.

you must add in your security.yml
firewalls:
secured_area:
logout:
path: /logout
target: /
and in your routing.yml
logout:
path: /logout

Related

How to correctly logout with FOSUserBundle in Symfony2

can someone tell me what are the steps i have to do so that i can logout from my backoffice
i'm using symfony2 and fosuser bundle
here's my security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
default_target_path: /admin
# if you are using Symfony < 2.8, use the following config instead:
# csrf_provider: form.csrf_provider
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
i've tried to add
logout:
path: /logout
target: /login
and
logout:
path: /logout
target: /
anonymous: true
but not working
what to do ?
Logout function is inbuilt within the FOSUserBundle.
You can check this buy running
php app/console route:debug | grep logout
and it should display
Name Method Scheme Host Path
fos_user_security_logout GET ANY ANY /logout
If you wish to override the FOSUserBundle's routes this answer is very helpful: https://stackoverflow.com/a/19608870/5760411
Or the documentation: http://symfony.com/doc/current/bundles/FOSUserBundle/overriding_controllers.html
You forgot to add route definition.
In routing.yml:
logout:
path: /logout

FOSUserBundle access control for admin section allows anonymous users

I'm trying to make the admin section only accessible for admin users using FOSUserBundle.
However if I go to the admin url (www.foo.local/app_dev.php/admin) without authentication, it allows me access.
In the Symfony debug toolbar it shows Logged in as anon.
I have configured the FOSUserBundle following the official documentation
Here is the security.yml config:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
I don't know why it doesn't ask for the ROLE_ADMIN in order to allow access to the admin section, any ideas?
I guess that's because your rule says
- { path: ^/admin/, role: ROLE_ADMIN }
which means
www.foo.local/app_dev.php/admin/one
www.foo.local/app_dev.php/admin/two
Notice the '/' after admin
where
www.foo.local/app_dev.php/admin
won't satisfy the rule because it's missing the '/' at the end
try to change the rule to be
- { path: ^/admin, role: ROLE_ADMIN }

FOSUserbundle access control

Hi i got an problem with my access control in symfony 2.
I want to secure the whole site except of the "/" route cause there is the login. So every route else, for example "/hello" must be secured and redirect to / if there is no user logged in.
In my security config i got this configuration:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /
logout: true
anonymous: ~
access_control:
- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/.*, roles: ROLE_ADMIN }
What am I doing wrong?
This should work:
access_control:
- { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_ADMIN }
for more info:
http://symfony.com/doc/master/book/security.html

FOSUserbundle security setting

I am using FOSUserbundle
my security setting is like this so,if you access under /member
without login,you are transferred to Top page.
I want to add another behaivor.
If You access on toppage when you are logging in,you are transffered /member/profile
How can I make it?
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
main:
pattern: ^/
anonymous: ~
form_login:
check_path: /login_check
login_path: /login
provider: fos_userbundle
logout:
path: /logout
target: /
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/member, role: ROLE_USER }
there are many solutions to your problem :
In the toppage controller you can redirect the user if he is logged in.
Or
You can use an event listener on kernel.request which as the responsibility to set the response if the current route is toppage and the user is logged in.
edit:
To redirect in controller: return $this->redirect($this->generateUrl('routename'))
see: http://symfony.com/doc/current/book/controller.html#redirecting
Hope it's helpful.
Best regard.

FOS UserBundle access controll doesn't work

I have FOS UserBundle installed in my symfony2 project. Login/logout works, only problem is, the system doesn't redirect/close parts that i want closed.
The whole site should only be accessable by loged in users.
Yet i can call any route.
I filled in the data in the access control section of my security yml, yet it doesn't work. I can call mydomain/de_CH/anything/i/want/ and access that content.
This is my security.yml:
security:
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
encoders:
FOS\UserBundle\Model\UserInterface: sha512
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
check_path: fos_user_security_check
csrf_provider: form.csrf_provider
logout:
path: fos_user_security_logout
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/my-admin/, role: ROLE_ADMIN }
- { path: ^/$, role: ROLE_USER }
#- { path: ^/$, role: ROLE_USER }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
Change
- { path: ^/$, role: ROLE_USER }
to
- { path: ^/.*, role: ROLE_USER }
This is because, first regex tell you allow ROLE_USER to path with that pattern /
So, patterns like /foo /foo/bar and so on aren't catched from your firewall.
Second pattern cover the latter case
Remove the anonymous: true part and put /login to it's own firewall so users can log in.
The anonymous part allowed anonymous user to access that firewall.
firewalls:
login_firewall:
pattern: ^/login$
anonymous: ~
main:
pattern: ^/
form_login:
# ...
logout:
path: fos_user_security_logout
EDIT: Since we denied anonymous users access to the page, we need to create separate firewall for /login otherwise they wouldn't be able to log in.
See section "Avoid Common Pitfalls" in the official documentation:
http://symfony.com/doc/current/book/security.html for more info on the subject.

Resources