In my project, I allow only one user to manage the content of the website. This user will be added using the command line at first.
Now, I want to get the registration action inaccessible and I don't know how?
Till now, I just put the ROLE_ADMIN in the access control for the route register to avoid that visitors can go throw it.
Any tips?
Take a look at the routing configuration imported from
vendor/friendsofsymfony/user-bundle/Resources/config/routing/all.xml
If you want just the basic security actions, just import
#FOSUserBundle/Resources/config/routing/security.xml
instead of
#FOSUserBundle/Resources/config/routing/all.xml
This way you can simply select which components (security, profile, resetting, change_password) you want to use or event import only specific routes from those components.
There are many ways to solve this issue. You can simply remove fos_user_registration_register route from routing.yml. Or use more complicated solution: set up event listener to FOS\UserBundle\FOSUserEvents::REGISTRATION_INITIALIZE event and redirect user to login page.
services.xml
<service id="app.registration.listener" class="AppBundle\EventListener\RegistrationListener">
<tag name="kernel.event_subscriber" />
<argument type="service" id="router" />
</service>
RegistrationListener.php
<?php
namespace AppBundle\EventListener;
use FOS\UserBundle\Event\GetResponseUserEvent;
use FOS\UserBundle\FOSUserEvents;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
class RegistrationListener implements EventSubscriberInterface
{
/**
* #var UrlGeneratorInterface
*/
private $router;
/**
* #param UrlGeneratorInterface $router
*/
public function __construct(UrlGeneratorInterface $router) {
$this->router = $router;
}
public static function getSubscribedEvents()
{
return [
FOSUserEvents::REGISTRATION_INITIALIZE => 'onRegistrationInitialize',
];
}
public function onRegistrationInitialize(GetResponseUserEvent $event)
{
$url = $this->router->generate('fos_user_security_login');
$response = new RedirectResponse($url);
$event->setResponse($response);
}
}
You can just change app/config/security.yml:
- { path: ^/register, role: ROLE_ADMIN }
Change from the default (IS_AUTHENTICATED_ANONYMOUSLY) to ROLE_ADMIN and it will stop allowing anonymous users from getting to the /register form.
Another simple solution (the one I used) is to overwrite the registerAction() default FOSUserBundle controller method:
namespace Acme\UserBundle\Controller;
use FOS\UserBundle\Controller\RegistrationController as FOSRegistrationController;
use Symfony\Component\HttpFoundation\Request;
class RegistrationController extends FOSRegistrationController
{
public function registerAction(Request $request)
{
return $this->redirectToRoute('getStarted', array(), 301);
}
}
Doing this will leave active other routes, as the confirmation page.
I simply overwrote the register action and redirect the user to my first registration page (getStarted).
If you use the JMSSecurityExtraBundle you can use the denyAll directive like so:
- { path: ^/register, access: denyAll }
This is how I solve this issue...
First you have to define your listener in the services.yml file:
services:
registrationListner:
class: App\YourBundle\Listener\RegistrationListener
arguments: [#service_container]
tags:
- { name: kernel.event_listener, event: kernel.request, method: onKernelRequest}
Then create your class RegistrationListener:
<?php
namespace App\YourBundle\Listener;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
class RegistrationListener
{
private $router;
public function __construct(ContainerInterface $container){
$this->router = $container->get('router');
}
public function onKernelRequest(GetResponseEvent $event)
{
$route = $event->getRequest()->attributes->get('_route');
if ($route == 'fos_user_registration_register') {
//here we're gonna to redirect to you_route for example, I guess in the most cases it will be the index...
$event->setResponse(new RedirectResponse($this->router->generate('your_route')));
}
}
}
Hope it helps.
You can try to change your routing.yml
fos_user_registration_register:
path: /register{trailingSlash}
defaults: { _controller: AcmeBundle:Default:register, trailingSlash : "/" }
requirements: { trailingSlash : "[/]{0,1}" }
And in your DefaultController
public function registerAction(Request $request)
{
return $this->redirectToRoute('404OrWhatYouWant');
}
Related
I'm working on a Symfony 2.7 project and I'd like to redirect users on a specific page if their session expires.
I created a Listener that checks roles and routes and if a user is trying to access an authenticated route without being authenticated i redirect to the specific page.
This is not working for the moment because the default redirection to homepage has an higher priority.
This is the listener:
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
use Symfony\Component\Routing\Router;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
use Symfony\Component\Security\Core\Authorization\AuthorizationChecker;
class UserDisconnectionListener
{
protected $router;
protected $security;
protected $tokenStorage;
public function __construct(Router $router, AuthorizationChecker $security, TokenStorage $tokenStorage)
{
$this->router = $router;
$this->security = $security;
$this->tokenStorage = $tokenStorage;
}
public function onKernelRequest(GetResponseEvent $event)
{
$request = $event->getRequest();
$loggedRoutes = ['user_account', 'user_index', '...'];
$url = '';
if($this->tokenStorage->getToken() !== null) {
if(!$this->security->isGranted('IS_AUTHENTICATED_OPENID')) {
if (in_array($request->get('_route'), $loggedRoutes)) {
$url = $this->router->generate('disconnection_route');
}
}
if(strlen($url) > 0) {
$response = new RedirectResponse($url);
$event->setResponse($response);
}
}
}
}
app.userroute.listener:
class: app\UserBundle\Listener\UserDisconnectionListener
arguments: ['#router.default', #security.authorization_checker, #security.token_storage]
scope: request
tags:
- { name: kernel.event_listener, event: kernel.request, method: onKernelRequest }
Is there a better way to do it ?
I tried to use priority tag but i don't which priority set.
I tried to log and when i tried to access 'user_index' route my listerner log said that i was already redirected on the homepage 'general_index' route.
PS: I'm using FOSUserBundle coupled with an OpenID Bundle.
tags:
- { name: kernel.event_listener, priority: -256, event: kernel.request, method: onKernelRequest }
https://symfony.com/doc/2.7/event_dispatcher.html check the symfony documentation for events, and search for priority
This tag option specify to symfony in which order he haves to call listeners.
It isn't the best way to 'hardcode' the list of authenticated routes, if you forget to add one your code won't work. You should try to retrieve dynamically the authenticated routes
How can I trigger redirect to a specific router in event listener?
There are many examples but I couldn't find one for "GetResponseForExceptionEvent". For exampe, when I pass #roter as an argument $this->router.... doesn't seem to be working so on.
I checked these but I probably missed something:
Show a specific route instead of error page (404) - Symfony2
symfony2: hook into NotFoundHttpException for redirection
Symfony2 redirect for event listener?
Symfony2: Getting Route in Page Load Event Listener
Redirect if the user is logged in
service.yml
services:
kernel.listener.kernel_request:
class: Booking\AdminBundle\EventListener\ErrorRedirect
tags:
- { name: kernel.event_listener, event: kernel.exception, method: onKernelException }
Event listener:
namespace Booking\AdminBundle\EventListener;
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
class ErrorRedirect
{
public function onKernelException(GetResponseForExceptionEvent $event)
{
$exception = $event->getException();
if ($exception instanceof NotFoundHttpException) {
// redirect to '/' router or '/error'
//$event->setResponse(...........);
}
}
}
You have 2 options:
Use an Event Listener
Use a route that matches all the routes that don't exist and trigger an action in a controller.
Let me know if that works.
Option 1
Note: Have a look at Symfony2 redirect for event listener
1 Pass the router to your event listener:
kernel.listener.kernel_request:
class: Booking\AdminBundle\EventListener\ErrorRedirect
arguments:
router: "#router"
tags:
- { name: kernel.event_listener, event: kernel.exception, method: onKernelException }
2 Use the router within the listener to redirect users:
namespace Booking\AdminBundle\EventListener;
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Bundle\FrameworkBundle\Routing\Router;
class ErrorRedirect
{
/**
* Holds Symfony2 router
*
*#var Router
*/
protected $router;
/**
* #param Router
*/
public function __construct(Router $router)
{
$this->router = $router;
}
public function onKernelException(GetResponseForExceptionEvent $event)
{
$exception = $event->getException();
if ($exception instanceof NotFoundHttpException) {
/** Choose your router here */
$route = 'route_name';
if ($route === $event->getRequest()->get('_route')) {
return;
}
$url = $this->router->generate($route);
$response = new RedirectResponse($url);
$event->setResponse($response);
}
}
}
Option 2
You can create a special route that will match all routes that don't exist; You can then handle the redirect the way you want within the controller of your choice, here PageNotFoundController:
1 At the end of app/config/routing.yml
pageNotFound:
pattern: /{path}
defaults: { _controller: AcmeDemoBundle:PageNotFound:pageNotFound, path: '' }
requirements:
path: .*
2
<?php
namespace Acme\DemoBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
class PageNotFoundController extends Controller
{
public function pageNotFoundAction()
{
// redirect the way you want
}
}
I was wondering what would be the best method to redirect a user who is ALREADY LOGGED IN if they try and access the registration page.
I would prefer a method that does not require me overriding the registration controller simply to implement a login check & redirect.
I looked at the registration initialization event but I don't know how to initiate the redirect since there doesn't seem to be a way to set the event response via the UserEvent class.
Thanks
I use something like the following..
namespace Acme\UserBundle\EventSubscriber;
use FOS\UserBundle\Event\GetResponseUserEvent;
use FOS\UserBundle\FOSUserEvents;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Security\Core\SecurityContextInterface;
class FOSUserSubscriber implements EventSubscriberInterface
{
protected $router;
protected $securityContext;
public function __construct(
UrlGeneratorInterface $router,
SecurityContextInterface $securityContext
)
{
$this->router = $router;
$this->securityContext = $securityContext;
}
public static function getSubscribedEvents()
{
return array(
FOSUserEvents::REGISTRATION_INITIALIZE => 'forwardToRouteIfUser',
);
}
public function forwardToRouteIfUser(GetResponseUserEvent $event)
{
if (!$this->securityContext->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
return;
}
$url = $this->router->generate('acme_the_route_to_redirect_to');
$response = new RedirectResponse($url);
$event->setResponse($response);
}
}
With
parameters:
acme_user.subscriber.fos_user.class:
Acme\UserBundle\EventSubscriber\FOSUserSubscriber
services:
acme_user.subscriber.fos_user:
class: %acme_user.subscriber.fos_user.class%
arguments:
- #router
- #security.context
tags:
- { name: kernel.event_subscriber
First time I'm posting a message in this forum, which I use regularly. I use FOSUserbundle in my Symfony2 application to manage users. I activated the sending of the email confirmation when users create an account by the following thing:
fos_user:
registration:
confirmation:
enabled: true
It works very well: the email is sent successfully. I am redirected to the page /check-email that says that this email has been sent. However, I would like to change the redirection : I would like to be redirected to my index page and not to /check-email. So I did my research and I knew he had to go through the FOSUserBundle events (list here).
What I did :
class RegistrationListener implements EventSubscriberInterface {
private $router;
public function __construct(UrlGeneratorInterface $router) {
$this->router = $router;
}
public static function getSubscribedEvents() {
return array(
FOSUserEvents::REGISTRATION_CONFIRM => 'onRegistrationConfirm');
}
public function onRegistrationConfirm(FormEvent $event) {
$url = $this->router->generate('listeArticlesAccueil');
$event->setResponse(new RedirectResponse($url));
}
}
and services.yml
services:
listener_user.registration_listener:
class: My\Soft\UserBundle\EventListener\RegistrationListener
arguments: [#router]
tags:
- { name: kernel.event_subscriber }
The problem is that every time I am redirected to the page /check-email. I therefore told me that it was probably the wrong event. So I also tried REGISTRATION_SUCCESS. But nothing changes. So either I have not used the right event, or I'm doing something wrong.
In either case, I hope you can help me !
Thanks a lot and sorry for my bad english ;)
I know that this question has been posted a long time ago, but i found a solution and I would like to share it to others that have the same issue.
In this case, the event that you should use is REGISTRATION_SUCCESS.
You have to prioritize the listener REGISTRATION_SUCCESS to be called before FOS\UserBundle\EventListener\EmailConfirmationListener::onRegistrationSuccess like this:
public static function getSubscribedEvents()
{
return [
FOSUserEvents::REGISTRATION_SUCCESS => [
['onRegistrationSuccess', -10],
],
];
}
If you don't do it, EmailConfirmationListener will be called earlier and you will be redirected to fos_user_registration_check_email route.
Here is what I did:
class RedirectAfterRegistrationSubscriber implements EventSubscriberInterface
{
private $router;
public function __construct(RouterInterface $router)
{
$this->router = $router;
}
public function onRegistrationSuccess(FormEvent $event)
{
$event->stopPropagation();
$url = $this->router->generate('homepage');
$response = new RedirectResponse($url);
$event->setResponse($response);
}
public static function getSubscribedEvents()
{
return [
FOSUserEvents::REGISTRATION_SUCCESS => ['onRegistrationSuccess',-10],
];
}
}
And in app/services.yml:
app.redirect_after_registration_subscriber:
class: AppBundle\EventListener\RedirectAfterRegistrationSubscriber
arguments: ['#router']
tags:
- { name: kernel.event_subscriber }
I hope this helps.
I would bet on REGISTRATION_SUCCESS.
The doc (https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/FOSUserEvents.php) says
that this event allows to set the response.
REGISTRATION_CONFIRM only allows to access the user
Instead of that use REGISTRATION_CONFIRM.
Here is the complete code for the event listener:
/**
* Description of RegisterationConfirmListener
*
* #author imran
*/
use FOS\UserBundle\FOSUserEvents;
use FOS\UserBundle\Event\GetResponseUserEvent;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
/**
* Description of RegisterationConfirmListener
*
* #author imran
*/
use FOS\UserBundle\FOSUserEvents;
use FOS\UserBundle\Event\GetResponseUserEvent;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
/**
* Listener responsible to change the redirection at the end of the password resetting
*/
class RegisterationConfirmListener implements EventSubscriberInterface {
private $router;
public function __construct(UrlGeneratorInterface $router) {
$this->router = $router;
}
public static function getSubscribedEvents() {
return [
FOSUserEvents::REGISTRATION_CONFIRM => 'onRegisterationConfirm',
];
}
public function onRegisterationConfirm(GetResponseUserEvent $event) {
$url = $this->router->generate('home');
$event->setResponse(new RedirectResponse($url));
}
}
For Services.yml:
app_user.registeration_confirmed:
class: Wishlocker\AppBundle\EventListener\RegisterationConfirmListener
arguments: [ #router ]
tags:
- { name: kernel.event_subscriber }
After the user did reset his password using the password reset of FOSUserBundle, by default he is redirected to the FOSUserProfile.
I want to redirect to a different route.
Is this possible and if yes, how?
It can be done by creating a resetting subscriber:
namespace Acme\UserBundle\EventListener;
use FOS\UserBundle\FOSUserEvents;
use FOS\UserBundle\Event\FormEvent;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
/**
* Listener responsible to change the redirection at the end of the password resetting
*/
class PasswordResettingListener implements EventSubscriberInterface {
private $router;
public function __construct(UrlGeneratorInterface $router) {
$this->router = $router;
}
public static function getSubscribedEvents() {
return [
FOSUserEvents::RESETTING_RESET_SUCCESS => 'onPasswordResettingSuccess',
];
}
public function onPasswordResettingSuccess(FormEvent $event) {
$url = $this->router->generate('homepage');
$event->setResponse(new RedirectResponse($url));
}
}
And then registering it as a service with kernel.event_subscriber tag:
# src/Acme/UserBundle/Resources/config/services.yml
services:
acme_user.password_resetting:
class: Acme\UserBundle\EventListener\PasswordResettingListener
arguments: [ #router ]
tags:
- { name: kernel.event_subscriber }
In case you are not using the FOS user profile view, there is an ugly yet simple way:
Add in your app/config/routing.yml:
fos_user_profile_show:
path: /yourpath