I am trying configure HWIOauthBundle in my Symfony2 application with this link.
When I run app/console cache:clear, or composer install I get this message:
[Symfony\Component\DependencyInjection\Exception\ServiceNotFoundException]
The service "security.firewall.map.context.main" has a dependency on a non-
existent service "form.csrf_provider".
My security.yml file:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_USER
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
in_memory:
memory:
users:
restapi: { password: secretpw, roles: [ 'ROLE_API' ] }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /login
check_path: /login_check
oauth:
resource_owners:
facebook: "/login/check-facebook"
login_path: /login
failure_path: /login
oauth_user_provider:
service: my_user_provider
logout: true
anonymous: true
http_basic:
realm: "Demo REST API (username: restapi, password: secretpw)"
stateless: true
login:
pattern: ^/login$
security: false
remember_me:
key: "%secret%"
lifetime: 31536000 # 365 days in seconds
path: /
domain: ~ # Defaults to the current domain from $_SERVER
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
I was looking for this error in network, but I can't find good solution for me.
I can't look now to hwio bundle but looks like you doesn't have 'form.csrf_provider' provider regisrered like service. search in project if 'form.csrf_provider' exist.
Related
I'm working on a custom membership website which is based on the Symfony2. This website has two type of the bundles. FOSuserbundle and SamlBundle.
I integrated SamlBundle with FOSuserbundle. Single Sign-On system is working now, but FOSuserbundle login form is not working.
This is my security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface:
id: app.my_password_encoder
PDias\SamlBundle\Security\User\SamlUser: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
backend_samlservice:
id: saml.backend.fosuser.provider
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
require_previous_session: true
login_path: /login
check_path: /login_check
always_use_default_target_path: false
default_target_path: /
use_forward: true
use_referer: false
saml:
provider: backend_samlservice
direct_entry: false
login_path: /login-saml
check_path: /login-check-saml
default_target_path: /
always_use_default_target_path: true
logout:
path: /logout
target: /login
anonymous: true
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
remember_me:
key: '%secret%'
lifetime: 604800 # 1 week
path: /
domain: ~
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/sendemail, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^, role: ROLE_USER }
acl:
connection: default
Even if I was not using Single Sign-On, backend_samlservice will be executed.
When I use ID & Password to login to the website, I will be redirected to the login page.
Do I have to add something?
Thanks for your anwsers.
I've fixed this problem.
The point was SimpleSAML_Session. I had to clean up the session like this.
https://simplesamlphp.org/docs/stable/simplesamlphp-sp#section_6
$session = SimpleSAML_Session::getSessionFromRequest();
$session->cleanup();
I added this code on the SamlAuth.php(pdias/saml-bundle/PDias/SamlBundle/Saml). Then it started working.
When I try to login with wrong credentials it says "try again, wrong credentials", but after entering the correct credentials it gives error
No route found for "GET /" (from "http://localhost/bdayProj/web/app_dev.php/login"). Below is the configuration of my security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
in_memory:
memory: ~
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
logout: true
anonymous: true
# activate different ways to authenticate
# http_basic: ~
# http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate
# form_login: ~
# http://symfony.com/doc/current/cookbook/security/form_login_setup.html
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
And my routing.yml
app:
resource: "#AppBundle/Controller/"
type: annotation
fos_user:
resource: "#FOSUserBundle/Resources/config/routing/all.xml"
You have to specify the login path in your security file
This is an example :
firewalls:
main:
pattern: ^/
form_login:
login_path: fos_user_security_login
check_path: fos_user_security_check
provider: fos_userbundle
csrf_provider: security.csrf.token_manager
default_target_path: /
Hope it helps
I want to show 404 not found error when someone try to access route in web which doesn't exists.
I'm keep getting this exception in production environment:
Fatal error: Uncaught exception 'Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException' with message 'The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL.' in /<path>/app/cache/prod/classes.php:4626 Stack trace: #0 /<path>/app/cache/prod/classes.php(4364): Symfony\Component\Security\Core\Authorization\AuthorizationChecker->isGranted('ROLE_USER', NULL) #1 /<path>/vendor/symfony/symfony/src/Symfony/Bridge/Twig/Extension/SecurityExtension.php(41): Symfony\Component\Security\Core\SecurityContext->isGranted('ROLE_USER', NULL) #2 /<path>/app/cache/prod/twig/9e/5d/2e6e87b557efe952c1ff84648c04bdb5d6870549f95d79526f65c94696d2.php(149): Symfony\Bridge\Twig\Extension\SecurityExtension->isGranted('ROLE_USER') #3 /<path>/app/cache/prod/classes.php(6519): __TwigTemplate_9e5d2e6e87b557efe952c1ff84648c04bdb5d6870549f95d79526f65c94696d2->d in /<path>/app/cache/prod/classes.php on line 6530
this is pretty strange because in dev I'm getting NotFoundHttpException, so in production 404 page should be shown.
This is my security yml:
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: [ ROLE_USER, ROLE_SONATA_ADMIN ]
ROLE_SUPER_ADMIN: [ ROLE_ADMIN, ROLE_EDITOR ]
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
oauth_token:
pattern: ^/oauth/v2/token
security: false
oauth_authorize:
pattern: ^/oauth/v2/auth
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
use_forward: true
use_referer: true
check_path: fos_user_security_check
failure_path: front_homepage
default_target_path: /
always_use_default_target_path: false
failure_handler: app.authentication_handler
anonymous: true
api:
pattern: ^/v1
fos_oauth: true
stateless: true
anonymous: true # note that anonymous access is now enabled
main:
pattern: ^/*
oauth:
resource_owners:
facebook: "/login/check-facebook"
google: "/login/check-google"
login_path: fos_user_security_login
use_forward: true
use_referer: true
# failure_path: /login2
failure_handler: app.authentication_handler
provider: fos_userbundle
oauth_user_provider:
service: my_user_provider
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
use_forward: true
use_referer: true
check_path: fos_user_security_check
failure_path: front_homepage
default_target_path: /
always_use_default_target_path: false
failure_handler: app.authentication_handler
logout:
path: fos_user_security_logout
target: /
success_handler: app.authentication_handler
anonymous: true
remember_me:
key: "%secret%"
lifetime: 31536000 # 1 year in seconds
path: /.*
domain: ~
switch_user: { role: ROLE_ADMIN }
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
default:
anonymous: ~
access_control:
# Public dev tools
- { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Public login routes
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Private routes
- { path: ^/admin, role: ROLE_ADMIN }
- { path: ^/admin/efconnect, role: ROLE_ADMIN }
- { path: ^/admin/elfinder, role: ROLE_ADMIN }
- { path: ^/v1, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Rest of all domain
- { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
Hapenned to me, it's because of the provider:
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
When route is not found, the token isn't created and a 404 exception is thrown so your provider which is supposed to test the token fails and throw error.
I dig in bit and found that error is actually thrown by twig.
I was using is_granted('ROLE_USER') in layout which 404 error page extending. I had to check if user is defined and not empty before checking permissions.
This is related to 2.1 upgrade change:
https://github.com/symfony/symfony/blob/2.8/UPGRADE-2.1.md#security
I need to read the value of one parameter of the security.yml file from inside the application.
I tried the following to get the list of all the parameters
$parameters=$this->container->getParameterBag()->all();
Which gives me an interesting list of parameters but I don't see the ones related to security.yml (despite the fact that security.yml is imported properly in the config.yml)
imports:
- { resource: parameters.yml }
- { resource: security.yml }
- { resource: services.yml }
Here is the security.yml. I want to read the value of remember_me lifetime.
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
check_path: /login_check
login_path: /login
always_use_default_target_path: false
default_target_path: /main
provider: fos_userbundle
csrf_provider: form.csrf_provider
remember_me:
key: '%secret%'
lifetime: 60
path: /
domain: ~
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
Thank you!
Make remember_me.lifetime a parameter:
#parameters.yml
parameters:
remember_me.lifetime: 60
And in your security config, use the parameter's value as following:
#security.yml
security:
firewalls:
....
main:
remember_me:
key: '%secret%'
lifetime: '%remember_me.lifetime%'
You'll be then able to access this parameters from the bag or inject it into any service.
I'm trying to use FOSOAuthServerBundle.
From my ios application, I correctly get the token from /oauth/v2/token, I can see in my database the entry in AccessToken and RefreshToken with the correct user_id.
Opening the _profile, I can see I'm authenticated but I'm logged in as anonymous... why this is happening?
When trying to access /secured/api/me, I'm redirected to /login path...
Can somebody help me?
Here my security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_USER
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
oauth_token:
pattern: ^/oauth/v2/token
security: false
oauth_authorize:
pattern: ^/oauth/v2/auth
# form_login:
# provider: fos_userbundle
# check_path: /oauth/v2/auth_login_check
# login_path: /oauth/v2/auth_login
anonymous: true
api:
pattern: ^/api
fos_oauth: true
stateless: true
anonymous: true
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /login
check_path: /login_check
oauth:
resource_owners:
facebook: "/login/check-facebook"
google: "/login/check-google"
login_path: /login
use_forward: false
failure_path: /login
oauth_user_provider:
#this is my custom user provider, created from FOSUBUserProvider - will manage the
#automatic user registration on your site, with data from the provider (facebook. google, etc.)
service: my_user_provider
logout: true
anonymous: true
login:
pattern: ^/login$
security: false
remember_me:
key: "%secret%"
lifetime: 31536000 # 365 days in seconds
path: /
domain: ~ # Defaults to the current domain from $_SERVER
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/oauth/v2/auth, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/secured, role: [ IS_AUTHENTICATED_FULLY ] }
.
I think you have in your security.yml, under the firewall 'api ' :
//...
api :
// ...
stateless : true
// ...
You have to send the access_token on every request.
Furthermore, if you want to get an authenticated access_token, you have to get it by a request with de parameter "grant_type=password".
With this access_token, your server will recognize the user in each request.
Something like:
PROVIDER_HOST/oauth/v2/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=password&username=USERNAME&password=PASSWORD
(source: OAuth2 Explained: Part 3 - Using OAuth2 With Your Bare Hands)