i try configure this bundle for authication with google api. I see documentation and search in google, but still can't configure.
Now i have this error :
The service "hwi_oauth.security.oauth_utils" has a dependency on a non-existent service "hwi_oauth.resource_ownermap.main".
Now i only want show in my default page link for google and when i click for it, i want get response from google and show it in var dump..
routing.yml:
hwi_oauth_redirect:
resource: "#HWIOAuthBundle/Resources/config/routing/redirect.xml"
prefix: /login
hwi_oauth_login:
resource: "#HWIOAuthBundle/Resources/config/routing/login.xml"
prefix: /login
google_login:
path: /login/check-google
config.yml
hwi_oauth:
connect:
account_connector: defaultbundle.oauth_provider
firewall_names: [secured_area]
resource_owners:
google:
type: google
client_id: ****
client_secret: ****
scope: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"
security.yml
secured_area:
pattern: ^/
anonymous: ~
oauth:
resource_owners:
google: "/login/check-google"
login_path: /login
use_forward: false
failure_path: /login
oauth_provider:
service: defaultbundle.oauth_provider
logout: true
anonymous: true
# access_control:
# - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
services.yml
defaultbundle.oauth_provider:
class: Public\defaultBundle\Auth\OAuthProvider
arguments: [#doctrine]
base.html
<a href="{{ path('hwi_oauth_service_redirect', {'service': 'google' }) }}">
<span>Google</span>
</a>
OAuthProvider.php
use HWI\Bundle\OAuthBundle\Security\Core\User\OAuthUserProvider;
use HWI\Bundle\OAuthBundle\OAuth\Response\UserResponseInterface;
use HWI\Bundle\OAuthBundle\Security\Core\User\OAuthAwareUserProviderInterface;
class OAuthProvider extends OAuthUserProvider
{
}
The firewall name in hwi_oauth configuration in config.yml (currently: main) is wrong.
It must match the firewall name(s) from the security.yml (currently: secured_area) that uses ouath.
hwi_ouath:
connect:
account_connector: defaultbundle.oauth_provider
firewall_name: secured_area # <---- here is the change (if using 0.3)
firewall_names: [secured_area] # <--- if using 0.4
...
Documentation:
Version 0.3
Version 0.4
Related
I have A site and B site. Both on HTTPS, both on different domains.
A site runs Symfony where I prepared a login page which I include via iframe on page B.
The logging process works correctly on any major browser except of Chrome with enabled flag #same-site-by-default-cookies (chrome://flags/#same-site-by-default-cookies). If I disable this flag on Chrome it works correctly as well.
Does anyone know what can I do to fix it? I probably need to set SameSite flag inside the Cookie to "None", but I have no idea which cookie it concerns and where to change it.
I am using:
Symfony 4.4.2
friendsofsymfony/user-bundle 2.1.2
PHP 7.2
My confings:
framework.yaml
framework:
secret: '%env(APP_SECRET)%'
translator: { fallbacks: [pl] }
form: { enabled: true }
validation: { enable_annotations: true }
default_locale: '%locale%'
csrf_protection: true
# Enables session support. Note that the session will ONLY be started if you read or write from it.
# Remove or comment this section to explicitly disable session support.
session:
handler_id: Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler
#esi: true
fragments: ~
http_method_override: true
php_errors:
log: true
security.yaml
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
switch_user: true
pattern: ^/
context: user
remember_me:
#key: "%secret%"
secret: "%secret%"
lifetime: 31536000 # 365 days in seconds
path: /
domain: ~ # Defaults to the current domain from $_SERVER
token_provider: Symfony\Bridge\Doctrine\Security\RememberMe\DoctrineTokenProvider
form_login:
provider: fos_userbundle
# csrf_token_generator: security.csrf.token_manager
# if you are using Symfony < 2.8, use the following config instead:
# csrf_provider: form.csrf_provider
always_use_default_target_path: true
default_target_path: /after-login
success_handler: authentication_handler
failure_handler: authentication_handler
oauth:
resource_owners:
facebook: "/loginSocial/check-facebook"
google: "/loginSocial/check-google"
login_path: /loginSocial
use_forward: false
failure_path: /loginSocial
oauth_user_provider:
service: fm_user_provider
always_use_default_target_path: true
default_target_path: /after-login
logout:
target: fmUserAfterLogout
success_handler: logout_handler
anonymous: true
framework.yaml
add option "cookie_samesite"
session:
cookie_samesite: none
Symfony Doc
I'm using SonataAdminBundle and I want my secured area to be under /admin, and I want to have a homepage on / that is a list of objects.
But when I go on / I'm automatically redirected to /admin/dashboard.
This works fine if my "homepage" is under another url (e.g : /homepage)
Here is my config.yml:
sonata_admin:
title: 'Versus'
title_logo: 'logo_title.png'
templates:
# other configuration options
search: '#SonataAdmin/Core/search.html.twig'
search_result_block: 'template/Admin/Search/block_search_result.html.twig'
edit: 'template/Admin/CRUD/edit.html.twig'
global_search:
empty_boxes: fade
sonata_block:
blocks:
# enable the SonataAdminBundle block
sonata.admin.block.admin_list:
contexts: [admin]
sonata.admin.block.search_result:
contexts: [admin]
fos_user:
db_driver: orm # other valid values are 'mongodb' and 'couchdb'
firewall_name: admin
user_class: AppBundle\Entity\User
from_email:
address: "%mailer_user%"
sender_name: "%mailer_user%"
Here is my security.yml :
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
# if you are using Symfony < 2.8, use the following config instead:
# csrf_provider: form.csrf_provider
logout: true
anonymous: true
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
And here is my routing.yml :
admin_area:
resource: '#SonataAdminBundle/Resources/config/routing/sonata_admin.xml'
prefix: /admin
_sonata_admin:
resource: .
type: sonata_admin
prefix: /admin
fos_user:
resource: "#FOSUserBundle/Resources/config/routing/all.xml"
front:
resource: "#AppBundle/Controller/*"
type: annotation
prefix: /
I don't know what is causing the redirection, and how I can prevent it.
I installed & configured LexikJWTAuthenticationBundle, it works fine but I've got a small problem.
I have include the Authorization button for put the JWT token, the problem is the only way I can have my token is to use this commands:
curl -X POST -H "Content-Type: application/json" http://localhost:8000/api/login_check -d '{"username":"johndoe","password":"test"}'
It send my the token and I put it in the API, OK.
First problem:
When I try this request with POSTMAN I get an error :
Unable to find the controller for path "/api/login_check".
The route is wrongly configured. (404 Not Found)
The request : localhost:8000/api/login_check?username=johndoe&password=test with POST method
So with curl it's working but not with POSTMAN, why ? Here is my security.yaml:
security:
encoders:
App\Entity\User:
algorithm: argon2i
providers:
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/api/login
stateless: true
anonymous: true
json_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
require_previous_session: false
register:
pattern: ^/api/register
stateless: true
anonymous: true
api:
pattern: ^/api
stateless: true
anonymous: true
provider: app_user_provider
main:
anonymous: true
access_control:
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_ANONYMOUSLY }
role_hierarchy:
ROLE_DELEGATION: [ROLE_USER]
ROLE_EXPORT: [ROLE_USER]
ROLE_USER_ADMIN: [ROLE_USER]
ROLE_LIST_ADMIN: [ROLE_USER]
ROLE_IMPORT: [ROLE_USER]
ROLE_MOBILE: [ROLE_USER]
ROLE_ADMIN: [ROLE_USER, ROLE_ALLOWED_TO_SWITCH]
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ALLOWED_TO_SWITCH]
Second problem, I'd like to add the login inside the Swagger.
Like this:
I have no idea how to doing this, tryed to add #ApiRessource() inside the LoginCheckController but it's doing nothing.
Need some help / tips, thanks by advance
The 404 message tells you there's either no route defining /api/login_check or there's a configuration problem with it and the route is not found
You should check and debug your routes first and see if this is already defined
login_check:
path: /login_check
You might also want to check this GitHub Issue
Later Edit:
After researching a bit more, I found a possible solution to your problem here on Stackoverflow
Just put your firewall login at first place, in your example above the dev.
I'm trying to manage a frontend and backend with different user's rol. Inside security.yml added this
security:
providers:
admin:
entity:
class: LoginBundle:Usuarios
property: mail
external:
entity:
class: LoginBundle:UsuariosExternos
property: mail
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: true
provider: admin
form_login:
login_path: /
logout:
path: logout
target: /
access_denied_url: /eu/
external:
anonymous: true
provider: external
form_login:
login_path: /
logout:
path: logoutExternalUser
target: /
With this codete firewall external is not working and when I log as a external (frontend) the logout path is /logout and not logoutExternalUser.
Also with this config if I write the path /admin it goes to / and not to /admin/login
We try to user a AccessDeniedHandlerInterface but we don't know how to get the user rol in that instance.
Any help?
You are missing patterns. That's why the firwalls are not fireing UP.
You should set pattern for which it listens.
Check, I updated code.
security:
providers:
admin:
entity:
class: LoginBundle:Usuarios # idk if you realized this correctly
property: mail
external:
entity:
class: LoginBundle:UsuariosExternos
property: mail
firewalls:
admin:
pattern: ^/admin # pattern in which this will activate
anonymous: true
provider: admin
form_login:
login_path: adminLogin # implement route
logout:
path: security_logout # should work and destroy session
target: /
access_denied_url: /eu/
external:
pattern: ^/external
anonymous: true
provider: external
form_login:
login_path: loginExternal # implement route
logout:
path: security_logout
target: /
I recommend you to check https://symfony.com/doc/3.4/security/guard_authentication.html
It's nice way to build any kind of auth you need, if default security doesn't work for you.
I am clicking my logout button which is supposed to log me out. I did everything according to documentary but still I receive the following error
Unable to find the controller for path "/logout". The route is wrongly configured.
Here is my security.yml
firewalls:
main:
anonymous: ~
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/
form_login:
login_path: /login
check_path: /login_check
default_target_path: /
logout:
path: /logout
target: /
invalidate_session: false
And I of course added
logout:
path: /logout
to the routing.yml
What is wrong with my logout?
Are you sure that you add the logout route in your files routing? try this in your console, and you should see the next:
app/console debug:router
...
login ANY ANY ANY /login
login_check ANY ANY ANY /login_check
logout ANY ANY ANY /logout
...
if you can't see this, maybe you does not added the path in routing correctly.
Adding such function solved the problem:
/**
* #Route("/logout", name="logout")
*/
public function logingOut() {
$this->get('security.token_storage')->setToken(null);
$this->get('request')->getSession()->invalidate();
return $this->redirect($this->generateUrl('index_page'));
}