I am working on a Symfony2 Application that uses multiple databases. I followed this guide: https://stackoverflow.com/a/24585284/5244717 so now all my routes have a prefix with the database name from where the application should get its data.
But now I need to be able to login, I tried using the FOSUserbundle, but I cannot get FOSUserbundle to work with the company prefix. I added this to the config/routing.yml
fos_user_security:
resource: "#FOSUserBundle/Resources/config/routing/security.xml"
prefix: /{_site}
defaults:
_site: default
Now when I go to http://localhost/company/login it shows me the login form, but when I login it gives me this error:
You must configure the check path to be handled by the firewall using form_login in your security firewall configuration.
I have no idea how to fix this and if the FOSUserbundle will even work with what I am trying to do here. Having used Symfony2 only for week is not really helping. I've been searching the internet for a good solution to using multiple databases in 1 symfony bundle but so far have had little success. Each company should get a separate database with the same structure, but this seems to be an impossible thing to code in Symfony2(or any other framework).
Any help is very much appreciated!
Your options but not limited to
1). have multiple firewalls
2). use of subdomains instead of slugs in url
i could be wrong but i believe symfony does not allow parameters to be set in a route for a login page
Related
I would like to implement the SimpleSamlPHP bundle in my symfony project But, I'm having some issues with the redirect after the login.
Let me explain a little:
I have loaded "simplesamlphp/simplesamlphp" in my composer. So, the bundle sits in the vendor directory.
Then I wrote my own bundle where I configured the simplesaml, made controllers with login actions,...
Everything works (in the sense that I effectively have a button that redirects to the Idp (I configured) and does its thing). But then I get redirected to: http://BASEURL/module.php/saml/sp/saml2-acs.php/IDENTIFIER, which it does not find, because the files are in the vendor bundle.
When reading the documentation carefully, I saw that the baseUrl should point to the simplesaml package. But, because that package is in the vendor, I can't do that.
Is there a way to still use the simpleSAMLphp bundle or do I need to look for a symfony bundle to use simpleSAML?
Thank you.
I highly recommend you to give a try to :
https://www.lightsaml.com
I've tried to do a simple IDP / SP service and it works pretty well and straightforward. Along that I find the website examples also well written so you can start with a base.
If still want to use simplesaml search for "simplesamlphp-bundle" in packagist.org there is at least 3 packages that bundlify this and can help you out to set it up.
I'm very new to symfony, but I'm sure it will help me to develop faster.
So here are my basic problem. I want to develop a application, that can be used by multiple clients. They will all have its own url. Something like this:
http://example.com/customer1
http://example.com/customer2
I see, that this is very easily done by editing the routing.yml - thats very cool stuff
app:
resource: "#AppBundle/Controller/"
prefix: /{customer}/
type: annotation
In the AppBundle, I can build the whole app within the controllers and symfony offer me the framework to do. It will have some editing routes, admin routes and much more.
But what if the any user call http://example.com/unkownCustomer/someSite
If a someSite route is defined it will cause a problem, just because there is no valid customer. Sure I can handle it, on each Action, but that isn't very smart. I was thinking about extending the Controller class from symfony, to add some base funktionality for example extended the render method to add some basic stuff like customer settings for example the customer name to add it automaticaly in the parameters array for twig, that I don't have to do it explicit in every controller. I think some security features also have to be implemented more generally, that one authenticated user that have a role don't have this role on other customer sites or is not authenticated.
But how I can inject some code before I run the action functionality targeting the route? And the big question - what should be the right way to do? Do have to change my mind doing this thing in symfony?
PS: Sorry for my poor english - hope you will understand my problem.
I learned a lot in the last 2 days - and that video completly answer my question in a very good way doing it in a it think right way!
https://knpuniversity.com/screencast/question-answer-day/symfony2-dynamic-subdomains
Is there any plugin that works this way? I've found KnpRadBundle, but i got working project and adjusting it to a new framework would be very long and unnessesary. Do anybody knows such a plugin?
In KnpRadBundle it's exactly this function: https://github.com/KnpLabs/KnpRadBundle/wiki/csrf-protected-links
PS. I'm using Symfony 2.2
I had the exact same problem and found this pull request which solves it.
Using the csrf_token('your_intention') function you can generate a CSRF token in your Twig template. Later you can check the token using the form.csrf_provider service as described in the pull request.
I'm developing a website for the organisation I work for. Our main site is www.mainsite.com, but we have a few sub sites that "inherit" (each site accesses the same data and controllers, just look different) the main website. For example sub1.mainsite.com, sub2.mainsite.com etc.
I've started writing the code for the main website, and using the new subdomain/hosts routing feature of Symfony 2.2 I hoped to be able to programatically change the look of the website depending on the subdomain.
If I add host: "{site}.mainsite.com" to one of my routes, I can successfully get {site} in my controller. However, if there is no subdomain, the route isn't matched. This could be solved by adding a new route with no host option, but that would mean I double my routes, and I really don't want to have to do that.
In essence, all I really need is to be able to change the look of the website and the menu it uses based on a subdomain (or no subdomain).
Does anyone know how I can do this?
An example route:
news:
pattern: /news/{page}
host: "{site}.mainsite.com"
defaults: { _controller: MainSiteNewsBundle:News:index, page: 1, site:main }
requirements:
page: \d+
site: sub1|sub2
Also, as an aside, if I could get this to work, could I apply this rule site-wide without having to modify every one of my routes?
A couple of questions have had answers suggesting making use of mod_auth_tkt to allow Plone 4 (Plone and Asp.Net Integration, Use Plone's authentication mechanism to login to other sites.) to authenticate other web applications, and since I have a couple of CGIs that already jump through hoops to authenticate via Plone, this seems ideal for my purpose. However, I can't seem to find much documentation about using mod_auth_tkt in general, and absolutely none about using it with Plone.
I have the following problems.
mod_auth_tkt expects a shared "secret". mod_auth_tkt's examples show Apache getting this from a config file. Plone doesn't share its secrets - so how does Apache know that a given Plone cookie is a valid auth_tkt?
what url would one use in the Apache config TKTAuthLoginURL? [I'm not sure that's vital, as, at the moment, I'm only really interested in ensuring that something is invoked from inside plone, rather than directly as a cgi]
Apache expects the ticket cookie to be named via TKTAuthCookieName (default 'auth_tkt'). What does Plone call it? __ac?
The documentation on using mod_auth_tkt is a man page distributed with the source.
In answer to your specific questions:
In /Plone/acl_users/session. On the Manage secrets tab set a shared secret. (This is described in the documentation for setting up a shared secret with an IIS login form.) You should set the same secret in the Apache config with the TKTAuthSecret directive.
For Plone 4.0 (or Plone 3.x with plone.session 3.x) use /Plone/login_form. For Plone 4.1 use /Plone/login, assuming that the Plone site is hosted at /Plone. Use /login_form or /login if it is hosted at the root.
Plone uses _ac by default, so use TKTAuthCookieName "_ac". (The cookie name Plone uses is set in the acl_users session settings and cookie authentication settings.)
You might have to set TKTAuthBackArgName "came_from", though I think Plone will fallback to the referrer url so it may work without. And you will need to check the "Use mod_auth_tkt compatible hashing algorithm" option on the preferences tab of acl_users/session.
It turns out that there seems to be a conflict with pas.plugins.sqlalchemy. I've been investigating PPS, and while it doesn't seem that there should be any crossover, the site I was testing had PPS installed. When I switched to a site without PPS, setting the "secret" and the mod_auth_tkt flag had the desired effect. Since I seem to have fallen into the maintenance role for pas.plugins.sqlalchemy, I guess it's my problem :-)
Domo arigato, Mr. Rowe-boto!