I have loop redirect after logout
My security.yml
# app/config/security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: security.csrf.token_manager # Use form.csrf_provider instead for Symfony <2.4
# login_path: /login111
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/accaunt, role: ROLE_USER }
- { path: ^/accaunt/, role: ROLE_USER }
- { path: ^/, roles: IS_AUTHENTICATED_FULLY }
- { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
If I'm replace in config.yml handler_id: session.handler.pdo
into handler_id: ~
All good
As the name suggests, when an anonymous user try to access page A which needs an admin role, symfony redirects to the login page, login page of your seems to be also aking for a role user, and hence the error
I think your problem is a typo?! the ^/login$ in your access_control?
Related
I know that my title is not very clear. I explain me, I create a security:
security:
encoders:
Bundles\UserBundle\Entity\user: sha512
role_hierarchy:
ROLE_MENAGE: [ROLE_USER]
ROLE_EMPLOYE: [ROLE_ADMIN]
ROLE_GERANT: [ROLE_SUPER_ADMIN]
ROLE_INTERCOMMUNAL: [ROLE_GERANT]
providers:
main:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
anonymous: true
provider: main
form_login:
login_path: fos_user_security_login
check_path: fos_user_security_check
logout:
path: fos_user_security_logout
target: /login
remember_me:
key: %secret%
access_control:
- { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, roles: ROLE_MENAGE }
- { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_MENAGE }
- { path: ^/EncoderDechet, roles: ROLE_EMPLOYE }
- { path: ^/VoirConteneurs, roles: ROLE_GERANT }
- { path: ^/GenererFacture, roles: ROLE_INTERCOMMUNAL }
- { path: ^/Statistique, roles: ROLE_GERANT }
Like you can see in this SECURITY.YML I define a role hierarchy. When I log In with a User who have : ROLE_EMPLOYE as role, I have can have access to /register. But this path must have as role : EMPLOYE, and it give me an 403 : access denied.
Can you explain me where I made a mistake ?
Your role hierarchy looks wrong.
It should be
ROLE_B: ROLE_A
ROLE_C: ROLE_B
ROLE_D: ROLE_C
So something like
ROLE_MENAGE: ROLE_USER
ROLE_EMPLOYE: ROLE_MENAGE
ROLE_GERANT: ROLE_EMPLOYE
ROLE_INTERCOMMUNAL: ROLE_GERANT
Which would give you 5 roles going: USER < MENAGE < EMPLOYE < GERANT < INTERCOMMUNAL
If you do need ROLE_ADMIN & ROLE_SUPER_ADMIN just add them in there where you need them.
Here is what I use on my current project for example
ROLE_INFLUENCER: ROLE_USER
ROLE_COMPANY: ROLE_INFLUENCER
ROLE_COMPANY_ADMIN: ROLE_COMPANY
ROLE_SITE_ADMIN: ROLE_COMPANY_ADMIN
ROLE_SUPER_ADMIN: ROLE_SITE_ADMIN
I have problem with the access control , I have access to some route as /Acceuil even if I am not logged in !!
This is normally the problem in the security.yml
security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: [ROLE_ADMIN ,ROLE_USER]
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
check_path: fos_user_security_check
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
default_target_path: /acceuil
# if you are using Symfony < 2.8, use the following config instead:
# csrf_provider: form.csrf_provider
logout:
target: /login
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register/etudiant, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register/entreprise, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/acceuil/, role: ROLE_USER }
- { path: ^/gestion/, role: ROLE_ADMIN }
can you help me please ?
I am using Symfony 2.8.2 with FOSUserBundle. When I'm trying to logout, I got the following error:
You must activate the logout in your security firewall configuration
Here's my security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/login
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
anonymous: true
logout:
path: /logout
target: /login
access_control:
- { path: ^/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/, role: ROLE_USER }
I've also tried to set logout: true but nothing changed.
P.S. I'm not using Sonata, just FOSUserBundle.
What's the reason I'm getting this error?
It seems like you have wrong pattern for main firewall.
Setting pattern: ^/login makes this firewall valid only for matching URLs which is only /login URL.
Also, logout URL has to be inside firewall's secured area.
you must add in your security.yml
firewalls:
secured_area:
logout:
path: /logout
target: /
and in your routing.yml
logout:
path: /logout
After promoting a user for role ROLE_ADMIN via php app/console fos:user:promote xyz ROLE_ADMIN and php app/console fos:user:promote xyz --super the corresponding 'role' field in the database shows:
a:2:{i:0;s:10:"ROLE_ADMIN";i:1;s:16:"ROLE_SUPER_ADMIN";}
Both roles are added in app/config/security.yml, but after logging in as xyz I cannot access the desired page(403) and using the Symfonys toolbar the profiler/Security shows: Roles [ROLE_USER].
The other bundle related tasks like logging in/out, register/confirm via email, reset password etc. work properly. How can I force the bundle (or Symfony?) to read the roles from db or why does it not read them?
my security.yml:
# app/config/security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
default_target_path: article_index
logout:
path: /logout
target: article_index
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/article/new, role: ROLE_USER }
- { path: ^/article/create, role: ROLE_USER }
- { path: ^/comment/new, role: ROLE_USER }
acl:
connection: default
I have installed FOSUserBundle and I am using it in my project. Its login page redirects to an unknown path /_wdt/50366043f414d. I changed the default_target_path under form_login in security.yml file, but it did not take effect.
How can I change the target path of the login page in FOSUserBundle?
I must set the always_use_default_target_path to true, as shown in
symfony documentation
#app/config/security.yml
firewalls:
main:
pattern: ^/
form_login:
login_path: /login
default_target_path: /my/desired/path
always_use_default_target_path: true
I had the same issue, and the reason I was having this problem was because Symfony was trying to load the Web Debug Toolbar (hence the "_wdt" bit in the error), which has its own routes that are called at the end of the page load. In my case, I had configured my security.yml like so:
app/config/security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/css, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/js, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_USER }
This means that if the user is trying to open a page for anything behind the root "/", he is required to be logged in.
The way I fixed the problem was by adding the "_wdt" part and allowing it for anonymous users:
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/css, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/js, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_USER }
This may be an old issue but instead of changing the access_control the current Symfony2 config features an extra firewall for the debug toolbar:
# Disabling the security for the web debug toolbar, the profiler and Assetic.
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false