How can I redirect automaticaly an user when it enters a restricted page to /register-as-guest?
My wrong solution: in security.yml I set
firewalls:
default:
form_login:
login_path: /register-as-guest
This works, but when user enters wrong credentials at login it is redirected to /register-as-guest ( login_path ) but should be redirected to /login.
You're on the right track :)
Just a little more configuration is needed, as you can see in the docs
If you want explicit behavior to happen on login success/failure, you should use these config settings under the firewall:
firewall:
default:
...
form_login:
...
# login success redirecting options
always_use_default_target_path: false
default_target_path: / # use this if you want a standard page to be shown on login success
target_path_parameter: _target_path
use_referer: false # set this to true to redirect back to the previously attempted page
# login failure redirecting options
failure_path: /foo
failure_forward: false # this is what you need
failure_path_parameter: _failure_path
failure_handler: some.service.id
success_handler: some.service.id
Hope this helps :)
Just use the FOSUserBundle, everything you need is included there then you don't have to implement it on your own, also it is very well documented it is very is to integrate into a project
Related
I'm working on Symfony5.
I want, in some cases, to logout the user, redirecting him to the login page and displaying on this page the reasons why he has been logged out.
To achieve that, I use a classic "logout" redirect route, which then automatically redirect to the login page.
I tried to put data in the user's session, but the session is cleared on logout so it's empty when it get to the login page.
Here is an extract of my controller function launching the logout process :
//... some code to put data in the session
return $this->redirectToRoute('app_logout');
And an extract of my security.yml :
main:
anonymous: true
lazy: true
provider: app_user_provider
logout:
path: app_logout
target: app_login
guard:
authenticators:
- App\Security\LoginFormAuthenticator
Do you have any idea how I can do this ? Ideally it would be forcing Symfony to let the data in the session but maybe there are some other ways.
Thanks in advance.
I have a site with multiple subdomains. I would like to log users that have certain rights to one of the sub domain only when he's already authenticated on the 'main' site. Let's say that my main domain is www.domain.com, i have sub1.domain.com, sub2.domain.com, sub3.domain.com.
When a user is authenticated on domain.com, i would like to be able to redirect him to sub2.domain.com without asking him to re-authenticate. But it should not be authenticate to sub1.domain.com or sub3.domain.com.
I have read about setting the cookie_domain in the config.xml but in this case the user will be logged for all subdomains.
Is that possible ?
Thanks !
Edit for more info
I'm working with Symfony 2.7 and i have tried both solution in the security.yml : one main shared firewall and one per sub domain (See below).
But i have not configured the session cookie_domain in config.yml to '.domain.com' as i don't want to log the user in all the subdomains.
firewalls:
main:
pattern: ^/
host: %main_domain%
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout:
path: /logout
target: /login
anonymous: true
context: main_context
sub1:
pattern: ^/
host: %sub1_domain%
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout:
path: /logout
target: /login
anonymous: true
context: main_context
sub2:
pattern: ^/
host: %sub2_domain%
....
It is possible in multiple ways. Since you log in in your main domain, you need some way to specify which user has access to which sub domain. Using different roles seems like a reasonable approach for this. So, for example a user who has access to subdomain1 will also have a role like ROLE_USER_SUB1.
With this set up, you can modify your security.yaml and use the access_control settings to restrict access to certain roles based on the domain, using additional matching options
security:
access_control:
...
- { path: ^/, roles: ROLE_USER_SUB1, host: sub1\..* }
- { path: ^/, roles: ROLE_USER_SUB2, host: sub2\..* }
You might have to tweak this to your needs and you also have to be careful to have the correct ordering of the routes, as the first matching rule will be used.
Another possible solution is to use a simple event listener that is triggered on each request at the kernel.request (be careful to check the priority, as you probably need to put your listener after the firewall listener) or kernel.controller event and then use the access decision manager or Symfony\Component\Security\Core\Security to check whether the user is (a) logged in and (b) has the correct role set, see https://symfony.com/doc/current/security/securing_services.html
I have a project where I log in with the auth and from time to time it's an error and it is not possible to connect. And I would have something to show me this error, so I can do the treatment and return a message to the User.
When he does not connect it automaiticamente back to the root, and that this ta treaty on security:
oauth:
resource_owners:
facebook: "/security/login/check-facebook"
google: "/security/login/check-google"
linkedin: "/security/login/check-linkedin"
login_path: /
failure_path: /
default_target_path: /security/connected
check_path: /security/login_check
oauth_user_provider:
service: web_key_user_provider
Mainly to get treatment when the authentication page facebook or google me return one bad_request = 400
as I would for the Routa to put in failure_path, to catch because it failed?
You have to implement an EventListener which is called when the onAuthenticationFailure event is fired, and set it as failure_handler in your HWIOAuth configuration.
See this great answer on another similar issue :
How to disable redirection after login_check in Symfony 2
Hopes this helps you.
As I am currently working in a local development environment, I would like to change the redirect URI that the HWIOAuthBundle sends to any provider (e.g., Facebook). My aim is to use a service such as lvh.me or noip.com for the redirection back to my machine.
Is there a paarmeter that can be set to make that change?
Example:
Full request URL that my application is currently generating:
https://www.facebook.com/dialog/oauth?response_type=code&client_id=123456&scope=email&redirect_uri=http%3A%2F%2F**localhost**%2Fmyproject%2Fweb%2Fapp_dev.php%2Foauth%2Fcheck-facebook
I would like to change the redirect_uri parameter to something like
...&redirect_uri=http%3A%2F%2Flvh.me%2Fmyproject%2Fweb%2Fapp_dev.php%2Foauth%2Fcheck-facebook
or
...&redirect_uri=http%3A%2F%2Fmyalias.noip.me%2Fmyproject%2Fweb%2Fapp_dev.php%2Foauth%2Fcheck-facebook
In Security.yml, add the default_failure_path
oauth:
resource_owners:
facebook: '/login/check-facebook'
login_path: /login
failure_path: /login
default_target_path: /home
You can configure the default_target_path, to whatever you want
default_target_path: %home%
I have added this option in security.yml, under firewall settings :
use_referer: true
Now, I have created a link which is used for email confirmation. When I am in development mode, if i click on the link and not logged in to the application, I got to the login page and then after login the I go to email confirmation link. But in production mode this is not working after login It is redirecting me too the default target path.
Here is security.yml :
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
my-login:
login_path: /
check_path: /login_check
default_target_path: /default_root
provider: my_provide
use_referer: true
EDIT : some more information
I have created exception listener, which checks the response and redirects user to login page if he/she is not authenticated. Previously it was working only in production mode, i made it working in dev mode and now referer is not working in dev mode too.
Is there any way that I can by pass exception listener for this particular route.?
I found the answer myself.. :)
I just skipped that particular path from checking in exception listener.
$path = $event->getRequest()->getPathInfo();
if($this->container->get('security.context')->isGranted('IS_AUTHENTICATED_FULLY') == false) {
if($path == "my/path") {
// simply redirect to login page without clearing session and cookies
} else {
// clear session and redirect to login page so that referer does not contain any data
}
}