Sorry if this question has been asked many times but I didn't found any solution on the Web.
So, I just have installed FOSUserBundle and I've created 2 users on my application with the console. The problem is they don't have any role.
So in on controller, I get the user Entity and y set his role but when I try to access to a page restricted for admin, it says access denied. Moreover, the roles has no changed on the databse.
My code in the controller :
$user = $this->container->get('security.context')->getToken()->getUser();
$user->setRoles('ROLE_ADMIN');
if (!$this->get('security.context')->isGranted('ROLE_ADMIN')){
throw new AccessDniedException('Access Denied !');
}
Anyone have an idea ?
Thanks in advance !
It is a very bad practice to set a user role in your controller if you want to keep them away from the controller in the first place. I hope you use this line of code for testing only.
The FOSUserBundle provides a number of command line utilities to help manage your application's users.
The one you need is:
$ php app/console fos:user:promote testuser ROLE_ADMIN
Replace testuser with your username.
Did you also define your roles in your firewall?
Related
I just need to authorize custom user. Without any froms, tokens and etc. I have user entity in my DB.
User class is already configuren it fos_user.yaml:
fos_user:
db_driver: orm
firewall_name: main
from_email:
address: '***#*******.**'
sender_name: '**.****.**'
user_class: App\Entity\User
Is it possible? Somethong like
Authurizer::authorize($userEntity)
Thanks.
Authorization in Symfony done Tokens. To be logged in Symfony's World you'll need to set a Token.
One of the common use cases is "auto login" right after registration.
Take a look at this article -> https://ourcodeworld.com/articles/read/459/how-to-authenticate-login-manually-an-user-in-a-controller-with-or-without-fosuserbundle-on-symfony-3
especially for that part
$token = new UsernamePasswordToken($user, null, 'main', $user->getRoles());
$this->get('security.token_storage')->setToken($token);
BUT also take a look at symfony's impersonalizaiton => https://symfony.com/doc/current/security/impersonating_user.html
It basically allows you to switch users without filling out forms and knowing users' credentials
Custom Commands for FOSUserBundle are
fos:user:activate
fos:user:change-password
fos:user:create
fos:user:deactivate
fos:user:demote
fos:user:promote
There is no such way to authorize directly as you want it.
You can create a custom command in symfony which accepts username and authenticates a user. Here is a way to create such a command : https://symfony.com/doc/current/console.html
Thanks you, guys! I found the solution here!
How to programmatically login/authenticate a user?
Sorry for wrong or stupid question.
I am using multiple users providers in my project.
My security.yml looks like this :
security:
...
firewalls:
usertype1:
pattern: ^/root/usertype1_area
provider: type1_provider
usertype2
pattern: ^/root
provider: type2_provider
...
Everything is working fine and I can't login with wrong user types at the right pattern, except that I noticed that if I throw an exception in one of my providers, say type1_provider , and try to log in with the /root/login path (which should use only type2_provider), Symfony is going through type1_provider as well as type2_provider, and I get an exception.
The same is also true with /root/usertype1_area/login when I throw at type2_provider.
This is a problem to me because I want to be able to access type2 login when the type1_provider is shut down.
Any guesses ? Is this normal behavior ?
EDIT : As pointed out by Alexander Keil, it was not clear in my question what I was trying to do
One of my providers relies on a 3d party service, and I want it to throw when this service is down, but I still want to be able to access the other login, which is not supposed to rely on the provider that is throwing. Is there a way I can achieve this ?
You can use the method "supportsClass" in your provider. Return false if the current user class does not support the loaded provider. See Symfony\Component\Security\Core\User\UserProviderInterface
I am using FOSUserBundle for handling my users. For them I have 2 roles ROLE_CUSTOMER and ROLE_MANUFACTURER. The problem is that I need to be able switch these roles when I am logged in. Is it possible? I have read this documentation:
http://symfony.com/doc/current/cookbook/security/impersonating_user.html
There is said how I can switch user to other user without relog, but nothing about role switching.
Maybe someone has any code examples or something? I have read too lot documentations which are hard to understand.
Look at my answer here - Symfony 2.3: How do I refresh the authenticated user from the database?
The key is you need to reset a token after you switched roles.
Something like this:
$loggedInUser = $this->get('security.context')->getToken()->getUser();
$loggedInUser->removeRole('ROLE_ABC');
$loggedInUser->addRole('ROLE_XYZ');
$token = new \Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken(
$loggedInUser,
null,
'main',
$loggedInUser->getRoles()
);
$this->container->get('security.context')->setToken($token);
Could you please advice me how to check user status upon login?
I have added a new field named user_flag in wp_users table to control user status. user_flag has value of active or deactivate.
I want to check this field's value when user logs in.
if value is active, then user can proceed login,
but if value is deactivate, then user can not login, and a message will be displayed to notify user that his account is deactivated and he need to contact admin to re-activate account for him to be able to login.
I looked at wp-login.php file but had no idea where to write code to check above logic, could you please advice me where to check user_flag at login time?
Thank you so much.
Stop trying to modify core code and learn to use the pluggable architecture. Also stop modifying the core database tables. You can store additional fields for users in the usermeta table with add_user_meta and retrieve them with get_user_meta. If you start modifying core code and database tables, you will never be able to upgrade wordpress.
To answer your question, use something like the following in functions.php
add_filter('wp_authenticate_user', function($user) {
if (get_user_meta($user->ID, 'user_flag', true) == 'active') {
return $user;
}
return new WP_Error('Account Not Active...');
}, 10, 2);
See https://codex.wordpress.org/Plugin_API/Filter_Reference/wp_authenticate_user
I am using sfDoctrineGuard 5.x and I have configured my module credentials in security.yml like this:
all:
is_secure: true
credentials: [ admin ]
and my app/backend/config/security.yml:
default:
is_secure: true
I have tested using:
$this->getUser()->hasPermission('vendor'): returned true
$this->getUser()->hasPermission('admin'): returned false
so I guess the users are inheriting credentials right. But still users with other credentials can access the module!
I have 3 types of group admin, client and vendor and similar permissions: admin, client and vendor!
And users having 'client' or 'vendor' credentials can access the module ignoring the credentials defined in the security.yml after login !
What could be the problem? Can anyone give me some direction?
oh, I am using sfForkedApplyPlugin for registration and profile editing process, which I don't think causing the issue, as I am testing with predefined fixture data.
I figured out the problem just now!
It was the *is_super_admin* field in *sf_guard_user* table which was set to 1 for all my dummy users in fixture.yml :) !
That's why every users were getting access to all modules bypassing the credentials!