I have application which base on logging users by FOSOAuthServerBundle and I want to test actions in this application.
So... In Sf2 are special config file for testing environment, config_test.yml and I've put this code:
security:
firewalls:
default:
anonymous: ~
In theory it should solve my problem, because this firewall allows anyone access any action. I've put it in config_test.yml, so it should work only then I'm testing application. Good solution, I was thinking.
But Sf threw this error:
You are not allowed to define new elements for path "security.firewalls". Please define all elements for this path in one config file.
My questions is:
How can I allow access actions without logging while testing application by PHPUnit?
You can't add/define new elements but you can modify them.
In config_test.yml instead default firewall use name of your real firewall used in security.yml.
And better will be using http_basic: ~ instead anonymous: ~ so your tests will can behave like real authenticated user.
Nice cookbook here: http://symfony.com/doc/2.8/cookbook/testing/http_authentication.html
Related
The error is just a basic one. A class does not exist, and the error is actually very right. The class indeed does not exist. We're now working on Multi-Tenancy for this project, and there is where it currently gives up. This is the error;
Class "App\Entity\User" does not exist
It is a ReflectionException. For this we did a few things.
We have the following folder structure for our Symfony API-Platform instance;
- Controller
- Messenger
- Entity
--- Main
--- Tenant
- Repository
- ....
And I bet that here is where the problem lies. The User Entity is not App\Entity\User. The Class is in the Main folder, so is named App\Entity\Main\User. However, when trying to use the app, it will always return in an HTTP 500, with the error message given above. It tries to find the class, which isn't there.
So, this is a bit different. We needed to change the provider for the authentication as stated in the Symfony Documentation. We did this by modifying the security.yaml as stated in the documentation.
providers:
database_users:
entity:
class: App\Entity\Main\User
property: email
However, it still tries to use the other Entity. We've search the project, and there is absolutely no reference. We've emptied the cache and rebuild the docker-container, all to no avail. It still is looking for the class, which is not there, but in another folder inside there.
Are we missing something? The error Stack Trace is that it appears in the autoload_runtime.php, but even when dumping and regenerating this, it has no avail.
Firewall from security.yaml
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
# this firewall applies to all URLs
pattern: ^/
lazy: true
# The user provider to use.
provider: database_users
I am trying to configure HWIOAuth bundle to use dynamic client id. I have a service that can figure out what variable value to use depending on some request conditions.
Here's an expression in my HWI configuration, but can't seem to get it work:
hwi_oauth:
firewall_names:
- main
resource_owners:
auth:
client_id: "#=service('host.configmgr').GetClientIdParameter()"
client_secret: '%client_secret%'
The issue us with #=service('host.configmgr').GetClientIdParameter(). Can that even execute evaluate? The service is properly executes an used by another class somewhere else with success.
The %client_secret% parameter replacement works fine.
For more context, this part of the configuration lives in a dedicated file that is included in config.yml via { resource: hwiconfig.yml }
After some research looks like expressions are only supported for service definitions. This functionality is not supported for configurations outside services like the HWI bundle config.
I am using multiple users providers in my project.
My security.yml looks like this :
security:
...
firewalls:
usertype1:
pattern: ^/root/usertype1_area
provider: type1_provider
usertype2
pattern: ^/root
provider: type2_provider
...
Everything is working fine and I can't login with wrong user types at the right pattern, except that I noticed that if I throw an exception in one of my providers, say type1_provider , and try to log in with the /root/login path (which should use only type2_provider), Symfony is going through type1_provider as well as type2_provider, and I get an exception.
The same is also true with /root/usertype1_area/login when I throw at type2_provider.
This is a problem to me because I want to be able to access type2 login when the type1_provider is shut down.
Any guesses ? Is this normal behavior ?
EDIT : As pointed out by Alexander Keil, it was not clear in my question what I was trying to do
One of my providers relies on a 3d party service, and I want it to throw when this service is down, but I still want to be able to access the other login, which is not supposed to rely on the provider that is throwing. Is there a way I can achieve this ?
You can use the method "supportsClass" in your provider. Return false if the current user class does not support the loaded provider. See Symfony\Component\Security\Core\User\UserProviderInterface
I have set up the new LDAP system with symfony 2.8+
LDAP but I have a problem with the role. It is stated in the documentation that
# app/config/security.yml
security:
# ...
providers:
app_users:
ldap:
service: app.ldap
base_dn: dc=example,dc=com
search_dn: CN=My User,OU=Users,DC=example,DC=com
search_password: p455w0rd
filter: (sAMAccountName={username})
**default_roles: ROLE_USER**
But I don't know, how it works. I would like to get the user from my LDAP and then give them roles. Is it possible with the new LDAP Sytem within symfony ?
I previously used IMAG/LdapBundle but you can't set your own roles because of a bug never patched which prevent modifications from beiing saved...
It currently is not really possible in the Symfony LDAP component (as of the most current, 3.1). See this open issue.
However, I maintain a bundle that allows this as you can define roles that map to specific LDAP groups: https://github.com/ldaptools/ldaptools-bundle. Dunno if that will help you, but I tried to give it a lot of different configuration options.
I'm having difficulties to fully understand the concept of the client creation explained here.
I followed the post to set up the OAuthBundle, and tried to make the changes needed to comply with FOSUser. Though I'm not sure it's perfect.
My situation
My Website is a RESTFul API, which return json or xml only. My frontend will be in AngularJS
I combined FOSUser, FOSRest and FOSOAuth, it's possible I'm having errors in the configuration.
The Problem
I finished setting up the first part of the article up to the doctrine:schema:update command. Now I'm supposed to create a client.
How can I set the security for parts of the ^/api for differents ROLES ?
example:
Anonymous users can access POST /api/users but not GET /api/users.
Only users with ROLE_ADMIN can access DELETE /api/users/{id}
For testing I'm using Postman (that support OAuth1 & 2, along with other means of auth).
Using expressions in security.yml
In order to secure certain routes by a conditional combination of (request)-method AND (user)-role ...
... you can make use of Expressions in your security.yml.
More information can be found in the documentation chapter Securing by an Expression.
Example
Only users with role ROLE_ADMIN shall be allowed to access /api/users/{id} using a DELETE request:
# app/config/security.yml
security:
# ...
access_control:
- path: "^/api/users/\d+$"
allow_if: "'DELETE' == request.getMethod() and has_role('ROLE_ADMIN')"
Regex explanation
^ begins with
\d+ one or more digits (= user id)
$ string end