I have a project where I log in with the auth and from time to time it's an error and it is not possible to connect. And I would have something to show me this error, so I can do the treatment and return a message to the User.
When he does not connect it automaiticamente back to the root, and that this ta treaty on security:
oauth:
resource_owners:
facebook: "/security/login/check-facebook"
google: "/security/login/check-google"
linkedin: "/security/login/check-linkedin"
login_path: /
failure_path: /
default_target_path: /security/connected
check_path: /security/login_check
oauth_user_provider:
service: web_key_user_provider
Mainly to get treatment when the authentication page facebook or google me return one bad_request = 400
as I would for the Routa to put in failure_path, to catch because it failed?
You have to implement an EventListener which is called when the onAuthenticationFailure event is fired, and set it as failure_handler in your HWIOAuth configuration.
See this great answer on another similar issue :
How to disable redirection after login_check in Symfony 2
Hopes this helps you.
Related
I'm configuring the Symfony firewall to handle a login form. The trick is that the check route must use the PUT method, not POST.
This is the part of my firewall configuration that is related to my problem:
firewalls:
main:
pattern: ^/
anonymous: true
provider: customer
form_login:
login_path: api_user_login
check_path: api_user_login_connect
As you can see, I don't use paths but routes instead. Mainly because I need to specify the method for the check_path (PUT in my case)
Here is my api_user_login_connect route:
api_user_login_connect:
path: /users
defaults: { _controller: ApiBundle:Login:connect }
methods: [PUT]
Symfony issues an error when I try to access /users, saying that there is no route for /users (in GET I assume). So I understand that the firewall won't let me use the PUT method for the check_path route, or that it doesn't read the whole route from the configuration, but just the path that is defined in the route.
How can I tell Symfony firewall to check credentials using a PUT request?
We found the answer before I posted this question, here it is...
For the firewall to accept login check on methods other than GET, you must this option: post_only: false. It's true by default.
firewalls:
main:
pattern: ^/
anonymous: true
provider: customer
post_only: false
How can I redirect automaticaly an user when it enters a restricted page to /register-as-guest?
My wrong solution: in security.yml I set
firewalls:
default:
form_login:
login_path: /register-as-guest
This works, but when user enters wrong credentials at login it is redirected to /register-as-guest ( login_path ) but should be redirected to /login.
You're on the right track :)
Just a little more configuration is needed, as you can see in the docs
If you want explicit behavior to happen on login success/failure, you should use these config settings under the firewall:
firewall:
default:
...
form_login:
...
# login success redirecting options
always_use_default_target_path: false
default_target_path: / # use this if you want a standard page to be shown on login success
target_path_parameter: _target_path
use_referer: false # set this to true to redirect back to the previously attempted page
# login failure redirecting options
failure_path: /foo
failure_forward: false # this is what you need
failure_path_parameter: _failure_path
failure_handler: some.service.id
success_handler: some.service.id
Hope this helps :)
Just use the FOSUserBundle, everything you need is included there then you don't have to implement it on your own, also it is very well documented it is very is to integrate into a project
One of three things caused this and I am not sure which of the 3 it was. So I will mention all 3 in the hope it will help others save time.
Initially I changed database user credentials within parameters.yml
This wasn't working as the user in question couldn't log in from localhost. That said, I used the site to test the connection, which might have upset the cookie.
I had some cache folder permissions issues due to a missing image. So I had to clear the cache and adjust some permissions as you do every time.
Finally, I changed the paths for security.yml
form_login:
login_path: /login
check_path: /login_check
logout:
path: /logout
to:
form_login:
login_path: /account/login
check_path: /account/login_check
logout:
path: /account/logout
Along with the appropriate changes in routing.yml
The result was that my already logged in user not longer passed security credentials and if I tried to login in via a different user/browser, I was always faced with:
"Your session has timed out or you have disabled cookies"
Many many hours were spent following red herrings, checking security, login handling, redis etc.
Answer below.
I ultimately found the answer here:
Symfony authentication - can't get past login page in production (The answer by pleerock)
But wanted to link the error message in my subject line with this solution below:
security:
firewalls:
main:
form_login:
require_previous_session: false
This fixed the issue for browsers which hadn't been logged in prior to the problem.
For my browser which had already been logged in, I had to manually delete the session cookie to get things working again.
I think Adi's answer is not a solution, just work around.
i did realise
in config.yml there is cookie_domain parameter;
session:
save_path: ~
cookie_domain: %cookie_domain%
if you use a custom domain like test.myapp you should set here the same. When these both do not match this problem occurs.
It should appear as below;
cookie_domain: 'test.myapp'
your actual domain: test.myapp
i hope this helps you.
As I am currently working in a local development environment, I would like to change the redirect URI that the HWIOAuthBundle sends to any provider (e.g., Facebook). My aim is to use a service such as lvh.me or noip.com for the redirection back to my machine.
Is there a paarmeter that can be set to make that change?
Example:
Full request URL that my application is currently generating:
https://www.facebook.com/dialog/oauth?response_type=code&client_id=123456&scope=email&redirect_uri=http%3A%2F%2F**localhost**%2Fmyproject%2Fweb%2Fapp_dev.php%2Foauth%2Fcheck-facebook
I would like to change the redirect_uri parameter to something like
...&redirect_uri=http%3A%2F%2Flvh.me%2Fmyproject%2Fweb%2Fapp_dev.php%2Foauth%2Fcheck-facebook
or
...&redirect_uri=http%3A%2F%2Fmyalias.noip.me%2Fmyproject%2Fweb%2Fapp_dev.php%2Foauth%2Fcheck-facebook
In Security.yml, add the default_failure_path
oauth:
resource_owners:
facebook: '/login/check-facebook'
login_path: /login
failure_path: /login
default_target_path: /home
You can configure the default_target_path, to whatever you want
default_target_path: %home%
I have added this option in security.yml, under firewall settings :
use_referer: true
Now, I have created a link which is used for email confirmation. When I am in development mode, if i click on the link and not logged in to the application, I got to the login page and then after login the I go to email confirmation link. But in production mode this is not working after login It is redirecting me too the default target path.
Here is security.yml :
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
my-login:
login_path: /
check_path: /login_check
default_target_path: /default_root
provider: my_provide
use_referer: true
EDIT : some more information
I have created exception listener, which checks the response and redirects user to login page if he/she is not authenticated. Previously it was working only in production mode, i made it working in dev mode and now referer is not working in dev mode too.
Is there any way that I can by pass exception listener for this particular route.?
I found the answer myself.. :)
I just skipped that particular path from checking in exception listener.
$path = $event->getRequest()->getPathInfo();
if($this->container->get('security.context')->isGranted('IS_AUTHENTICATED_FULLY') == false) {
if($path == "my/path") {
// simply redirect to login page without clearing session and cookies
} else {
// clear session and redirect to login page so that referer does not contain any data
}
}