The isssue I am trying to address is to automatically redirect my application to the user entered url after login. Since I have a centralized authentication server I cant user 'HTTP_REFERER' as it always returns null when am being transferred to the authentication server.
My solution is to use the security.yml in my application server to pass the redirection url as url parameter. I have implemented that as follows,
parameters.php
$container->setParameter('referer', $_SERVER['REQUEST_URI']);
security.yml
secured_area:
pattern: ^/
stateless: true
form_login:
login_path: %accounts_host%/signin?referer=%referer%
simple_preauth:
authenticator: app.security.authenticator
But my issue is that the referer parameter in security.yml is always static. It always gives the first application url I type in. Lets say if i type www.appserver.com/product/1, the next time if I type in www.appserver.com/product/200 the referer will always return www.appserver.com/product/1 in the authenitcation server.
However, If I do a print_r($_SERVER['REQUEST_URI']); exit(); in the parameters.php the value changes for my each request.
I was at this for quite some time and I am very lost at this point. Any help on getting this referer value dynamically on the security.yml would be really appreciated. thanks :)
Related
So, all my routings looks like this
login: /studio/{uuid}/login
logout: /studio/uuid/logout
programs: /studio/{uuid}/programs
levels: /studio/{uuid}
and everytime I access the link via {{ url('login|orwhathever') }} I have to pass uuid. Because all my links will contain uuid I would like to automatize that.
Of course, previously I did not have uuid in the URL and it was just stored in the session if I needed it. But I recently noticed a problem when session expires it supposed to generate login url but it contains uuid parameter and because this parameter is NULL it will throw an error.
So either it must be fixed by providing {uuid} to each url or
somehow pass uuid to Symfony logout method in security.yml
frontoffice_area:
pattern: ^/
anonymous: ~
simple_form:
authenticator: security.user_authenticator
login_path: login #this needs uuid from somewhere
check_path: validate
One of three things caused this and I am not sure which of the 3 it was. So I will mention all 3 in the hope it will help others save time.
Initially I changed database user credentials within parameters.yml
This wasn't working as the user in question couldn't log in from localhost. That said, I used the site to test the connection, which might have upset the cookie.
I had some cache folder permissions issues due to a missing image. So I had to clear the cache and adjust some permissions as you do every time.
Finally, I changed the paths for security.yml
form_login:
login_path: /login
check_path: /login_check
logout:
path: /logout
to:
form_login:
login_path: /account/login
check_path: /account/login_check
logout:
path: /account/logout
Along with the appropriate changes in routing.yml
The result was that my already logged in user not longer passed security credentials and if I tried to login in via a different user/browser, I was always faced with:
"Your session has timed out or you have disabled cookies"
Many many hours were spent following red herrings, checking security, login handling, redis etc.
Answer below.
I ultimately found the answer here:
Symfony authentication - can't get past login page in production (The answer by pleerock)
But wanted to link the error message in my subject line with this solution below:
security:
firewalls:
main:
form_login:
require_previous_session: false
This fixed the issue for browsers which hadn't been logged in prior to the problem.
For my browser which had already been logged in, I had to manually delete the session cookie to get things working again.
I think Adi's answer is not a solution, just work around.
i did realise
in config.yml there is cookie_domain parameter;
session:
save_path: ~
cookie_domain: %cookie_domain%
if you use a custom domain like test.myapp you should set here the same. When these both do not match this problem occurs.
It should appear as below;
cookie_domain: 'test.myapp'
your actual domain: test.myapp
i hope this helps you.
As I am currently working in a local development environment, I would like to change the redirect URI that the HWIOAuthBundle sends to any provider (e.g., Facebook). My aim is to use a service such as lvh.me or noip.com for the redirection back to my machine.
Is there a paarmeter that can be set to make that change?
Example:
Full request URL that my application is currently generating:
https://www.facebook.com/dialog/oauth?response_type=code&client_id=123456&scope=email&redirect_uri=http%3A%2F%2F**localhost**%2Fmyproject%2Fweb%2Fapp_dev.php%2Foauth%2Fcheck-facebook
I would like to change the redirect_uri parameter to something like
...&redirect_uri=http%3A%2F%2Flvh.me%2Fmyproject%2Fweb%2Fapp_dev.php%2Foauth%2Fcheck-facebook
or
...&redirect_uri=http%3A%2F%2Fmyalias.noip.me%2Fmyproject%2Fweb%2Fapp_dev.php%2Foauth%2Fcheck-facebook
In Security.yml, add the default_failure_path
oauth:
resource_owners:
facebook: '/login/check-facebook'
login_path: /login
failure_path: /login
default_target_path: /home
You can configure the default_target_path, to whatever you want
default_target_path: %home%
I have added this option in security.yml, under firewall settings :
use_referer: true
Now, I have created a link which is used for email confirmation. When I am in development mode, if i click on the link and not logged in to the application, I got to the login page and then after login the I go to email confirmation link. But in production mode this is not working after login It is redirecting me too the default target path.
Here is security.yml :
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
my-login:
login_path: /
check_path: /login_check
default_target_path: /default_root
provider: my_provide
use_referer: true
EDIT : some more information
I have created exception listener, which checks the response and redirects user to login page if he/she is not authenticated. Previously it was working only in production mode, i made it working in dev mode and now referer is not working in dev mode too.
Is there any way that I can by pass exception listener for this particular route.?
I found the answer myself.. :)
I just skipped that particular path from checking in exception listener.
$path = $event->getRequest()->getPathInfo();
if($this->container->get('security.context')->isGranted('IS_AUTHENTICATED_FULLY') == false) {
if($path == "my/path") {
// simply redirect to login page without clearing session and cookies
} else {
// clear session and redirect to login page so that referer does not contain any data
}
}
I am working on symfony 2.3 project having the following routing code
just2_frontend_logincheck:
pattern: /login_check
It doesn't have
defaults:{ _controller: testBundle:User:login }
But it is working. But I don't know how the routing is working. Is it possible? Please advice me about the routing.
The check_path route/path is used by your firewall to catch login requests.
This route's action is never really accessed. It's the route/url your login form posts to and the request should be processed by your firewall's provider service.
If the check_path route's action is being executed there is something wrong with the firewall (the request is not processed by your firewall).
As you can see here FOSUserBundle"s check_path is routed to SecurityController::checkAction and just throws a RuntimeException.
The configuration of the check_path can be found in app/config/security.yml under security.firewalls.<firewallname>.form_login.check_path.
It can either be a pattern like /login_check or as in your case a route name i.e. just2_frontend_logincheck but there is no underlying action.
security:
providers:
your_provider_name: your_provider_service # authentication provider
# ...
firewalls: # Required
your_firewall_name:
# ...
provider: your_provider_name
form_login:
check_path: /login_check # submit the login form here
# in your case a route name:
# just2_frontend_logincheck
Under the hood symfony calls the authenticate() method of the service your_provider_service to check the credentials provided.
You can find the class used as the provider-service using:
app/console debug:container --show-private your_provider_service