I have followed this article and implemented OAuth2 with Github, After successful authentication, I am getting below error.
Unable to find the controller for path "/secure_area/login/check-github". Maybe you forgot to add the matching route in your routing configuration?
config.yml
hwi_oauth:
# name of the firewall in which this bundle is active, this setting MUST be set
firewall_name: secure_area
connect:
confirmation: true
#account_connector: hwi_oauth.user.provider.fosub_bridge
#registration_form_handler: hwi_oauth.registration.form.handler.fosub_bridge
#registration_form: fos_user.registration.form
resource_owners:
github:
type: github
client_id: a8b7e3e35e46271d10a5
client_secret: 6abca3ded9a19d9e2bf52b42f017d23a745bd540
scope: "user:email"
fosub:
# try 30 times to check if a username is available (foo, foo1, foo2 etc)
username_iterations: 30
# mapping between resource owners (see below) and properties
properties:
github: githubID
security.yml
# app/config/security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
secure_area:
pattern: ^/secure_area
oauth:
failure_path: /secure_area/connect
login_path: /secure_area/connect
check_path: /secure_area/connect
provider: fos_userbundle
resource_owners:
github: "/secure_area/login/check-github"
oauth_user_provider:
service: hwi_oauth.user.provider.fosub_bridge
anonymous: true
logout:
path: /secure_area/logout
target: /secure_area/connect #where to go after logout
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/secure_area/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/secure_area/connect, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/secure_area, roles: ROLE_USER }
What do you have in your routing configuration. Do you have a route setup for hwi_github_login?
Another route named hwi_github_login was also added which is same as the callback url given during creation of Github application. This is the url which will be intercepted by the firewall to check authentication.
Your routing.yml should have:
hwi_oauth_redirect:
resource: "#HWIOAuthBundle/Resources/config/routing/redirect.xml"
prefix: /secure_area/connect
hwi_oauth_login:
resource: "#HWIOAuthBundle/Resources/config/routing/login.xml"
prefix: /secure_area/connect
hwi_oauth_connect:
resource: "#HWIOAuthBundle/Resources/config/routing/connect.xml"
prefix: /secure_area/connect
hwi_github_login:
pattern: /secure_area/login/check-github
Related
I have a small problem on the redirection when the access of the page is refused to the user when the latter does not have the right role.
Instead of being redirected to the index, it is redirected to the login page, although in my code I put: access_denied_url: /
For example I try to access the next page with the wrong role:
- {path: ^/dashboard, role: ROLE_SONATA_ADMIN}
I would like him to redirect me to the index, instead of the login page
My security.yml:
# To get started with security, check out the documentation:
# https://symfony.com/doc/current/security.html
security:
access_denied_url: /
role_hierarchy:
ROLE_ADMIN: [ROLE_USER, ROLE_SONATA_ADMIN]
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
SONATA:
- ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT # if you are using acl then this line must be commented
# https://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded
providers:
in_memory:
memory: ~
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
admin:
pattern: ^/
form_login:
provider: fos_userbundle
login_path: /login
use_forward: false
check_path: /login_check
failure_path: /login
default_target_path: /dashboard
remember_me: false
logout:
path: /logout
target: /
invalidate_session: true # the authenticated session will be unavailable afterwards
anonymous: true
encoders:
FOS\UserBundle\Model\UserInterface: sha512
acl:
connection: default
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/*, role: ROLE_SUPER_ADMIN }
- { path: ^/admin/dashboard, role: ROLE_SUPER_ADMIN }
- { path: ^/dashboard, role: ROLE_SONATA_ADMIN }
My rounting.yml :
mybundle:
resource: "#MyBundle/Controller/"
type: annotation
prefix: /
#app:
# resource: '#AppBundle/Controller/'
# type: annotation
admin_area:
resource: "#SonataAdminBundle/Resources/config/routing/sonata_admin.xml"
prefix: /admin
sonata_user_security:
resource: "#SonataUserBundle/Resources/config/routing/sonata_security_1.xml"
sonata_user_resetting:
resource: "#SonataUserBundle/Resources/config/routing/sonata_resetting_1.xml"
prefix: /resetting
sonata_user_profile:
resource: "#SonataUserBundle/Resources/config/routing/sonata_profile_1.xml"
prefix: /profile
sonata_user_register:
resource: "#SonataUserBundle/Resources/config/routing/sonata_registration_1.xml"
prefix: /register
sonata_user_change_password:
resource: "#SonataUserBundle/Resources/config/routing/sonata_change_password_1.xml"
prefix: /profile
_sonata_admin:
resource: .
type: sonata_admin
prefix: /admin
sonata_user_admin_security:
resource: '#SonataUserBundle/Resources/config/routing/admin_security.xml'
prefix: /admin
sonata_user_admin_resetting:
resource: '#SonataUserBundle/Resources/config/routing/admin_resetting.xml'
prefix: /admin/resetting
fos_user_group:
resource: "#FOSUserBundle/Resources/config/routing/group.xml"
prefix: /group
Thank you
I'm trying to use LexikJWTAuthenticationBundle with FOSUserBundle on my Symfony 2.7 application.
Basically, the FOSUserBundle config works fine: I properly load my fixtures and if I try to login via the login form it succeeds.
Getting the token from the login_check also works. Then I put the Authorization header with "Bearer " in the header and try to access to another page. It always result with a 401 response.
Has anyone any leads about what could be the problem or how to proceed to debug?
Here's my config:
# app/config/config.yml
# DunglasJsonLdApi
dunglas_json_ld_api:
title: %api_name%
description: %api_description%
default:
order: DESC
# FOSUserBundle
fos_user:
db_driver: orm
firewall_name: api
user_class: ApiBundle\Bundles\UserBundle\Entity\User
# LewikJWTAuthentificationBundle
lexik_jwt_authentication:
private_key_path: %kernel.root_dir%/config/jwt/private.pem
public_key_path: %kernel.root_dir%/config/jwt/public.pem
pass_phrase: %jwt_pass_phrase%
token_ttl: 86400
# app/config/routing.yml
# DunglasJsonLdBundle
api_doc:
resource: #DunglasJsonLdApiBundle/Resources/config/routing.xml
prefix: /api
api:
resource: .
type: json-ld
prefix: /api
# FOSUserBundle
fos_user_security_login:
path: /login
defaults: { _controller: FOSUserBundle:Security:login }
fos_user_security_check:
path: /api/login_check
defaults: { _controller: FOSUserBundle:Security:check }
fos_user_security_logout:
path: /logout
defaults: { _controller: FOSUserBundle:Security:logout }
# app/config/security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_CA: ROLE_USER
ROLE_SUPER_ADMIN: [ ROLE_CA, ROLE_ALLOWED_TO_SWITCH ]
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt|error)|css|images|js)/
security: false
login:
pattern: ^/login|^/api/login
provider: fos_userbundle
stateless: true
anonymous: true
form_login:
login_path: fos_user_security_login
check_path: fos_user_security_check
username_parameter: username
password_parameter: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
require_previous_session: false
api:
pattern: ^/api
provider: fos_userbundle
stateless: true
anonymous: true
lexik_jwt:
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: IS_AUTHENTICATED_FULLY }
Complete application available here.
It seems it works fine now. I did not change anything since the time I posted my question and before posting I rebooted my machine, restarted MySQL, nginx, PHP5-FPM and deleted Symfony cache, so I really fail to understand what happen...
I need to read the value of one parameter of the security.yml file from inside the application.
I tried the following to get the list of all the parameters
$parameters=$this->container->getParameterBag()->all();
Which gives me an interesting list of parameters but I don't see the ones related to security.yml (despite the fact that security.yml is imported properly in the config.yml)
imports:
- { resource: parameters.yml }
- { resource: security.yml }
- { resource: services.yml }
Here is the security.yml. I want to read the value of remember_me lifetime.
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
check_path: /login_check
login_path: /login
always_use_default_target_path: false
default_target_path: /main
provider: fos_userbundle
csrf_provider: form.csrf_provider
remember_me:
key: '%secret%'
lifetime: 60
path: /
domain: ~
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
Thank you!
Make remember_me.lifetime a parameter:
#parameters.yml
parameters:
remember_me.lifetime: 60
And in your security config, use the parameter's value as following:
#security.yml
security:
firewalls:
....
main:
remember_me:
key: '%secret%'
lifetime: '%remember_me.lifetime%'
You'll be then able to access this parameters from the bag or inject it into any service.
So here I have, my totally configured fos&face environment. I took step by step tutorial within these two bundles, checked hundred of times, ane nothing....
What is a problem? My fosBundle works great (have my own model class and my own facebook provider). The problem appears, when I try to login via facebook by clicking the famous blue button. I click, sth is opening, then close -> and error (in redirection).
that action /check_login is returning anything. I haven't done anything with that action (took step by step, like I said) and in config there is no word mentioning editing routing /check_login.
After all, facebookBundle doesn't work at all for me, because the lack of this action.
Can sb help me out?
Some config info:
fosbundle: ~2.0#dev
facebookbundle: dev-master
security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
chain_provider:
chain:
providers: [fos_userbundle, my_fos_facebook_provider]
fos_userbundle:
id: user_provider
my_fos_facebook_provider:
id: my.facebook.user # see "Example Custom User Provider using the FOS\UserBundle" chapter further down
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
public:
pattern: ^/.*
fos_facebook:
app_url: "http://www.facebook.com/apps/application.php?id=myAppId"
server_url: "http://l.local/app_dev.php/"
login_path: /login
check_path: /login_check
default_target_path: /
provider: my_fos_facebook_provider
anonymous: true
logout: true
# redirect_to_facebook_login: false
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/secured/.*, role: IS_AUTHENTICATED_FULLY }
- { path: ^/facebook/, role: [ROLE_FACEBOOK] }
- { path: ^/.*, role: [IS_AUTHENTICATED_ANONYMOUSLY] }
config.yml
....
fos_user:
db_driver: propel # other valid values are 'mongodb', 'couchdb' and 'propel'
firewall_name: main
user_class: Back\UserBundle\Model\User
fos_facebook:
alias: <name>
app_id: <myNumber>
secret: <myNumber>
cookie: true
permissions: [email]
routing.yml
fos_facebook_channel:
resource: "#FOSFacebookBundle/Resources/config/routing.xml"
fos_user_security:
resource: "#FOSUserBundle/Resources/config/routing/security.xml"
fos_user_profile:
resource: "#FOSUserBundle/Resources/config/routing/profile.xml"
prefix: /profile
fos_user_register:
resource: "#FOSUserBundle/Resources/config/routing/registration.xml"
prefix: /register
fos_user_resetting:
resource: "#FOSUserBundle/Resources/config/routing/resetting.xml"
prefix: /resetting
fos_user_change_password:
resource: "#FOSUserBundle/Resources/config/routing/change_password.xml"
prefix: /profile
_imagine:
resource: .
type: imagine
_security_check:
pattern: /login_check
_security_logout:
pattern: /logout
Hope, these info are enough.
Thanks.
Register the FB provider as a service. In the main config.yml or in the bundle services.yml
services:
my.facebook.user:
class: Demo\UserBundle\Security\User\Provider\FacebookProvider
arguments:
facebook: "#fos_facebook.api"
userManager: "#fos_user.user_manager"
validator: "#validator"
In your security.yml change the check_path parameter for facebook to something different.
check_path: /login_facebook_check
And in the routing.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
chain_provider:
chain:
providers: fos_user_bundle,my_fos_facebook_provider
fos_user_bundle:
id: fos_user.user_provider.username
my_fos_facebook_provider:
id: my.facebook.user
firewalls:
main:
pattern: ^/
form_login:
provider: fos_user_bundle
csrf_provider: form.csrf_provider
login_path: /login
check_path: /login_check
fos_facebook:
app_url: " xxx "
server_url: "xxx"
check_path: /login_fb_check
default_target_path: /
provider: my_fos_facebook_provider
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
And my full routing.yml
demo_user:
resource: "#DemoUserBundle/Controller/"
type: annotation
prefix: /
_security_check:
pattern: /login_fb_check
_security_logout:
pattern: /logout
fos_user_security:
resource: "#FOSUserBundle/Resources/config/routing/security.xml"
fos_user_profile:
resource: "#FOSUserBundle/Resources/config/routing/profile.xml"
prefix: /profile
fos_user_register:
resource: "#FOSUserBundle/Resources/config/routing/registration.xml"
prefix: /register
fos_user_resetting:
resource: "#FOSUserBundle/Resources/config/routing/resetting.xml"
prefix: /resetting
fos_user_change_password:
resource: "#FOSUserBundle/Resources/config/routing/change_password.xml"
prefix: /profile
I'm trying to get locale switching to work in the login screen of my application. In order to do that I have links on my login page that point to site.com/ (the default locale) and site.com/en (the second locale I support). As soon as I've logged in, the switching works like a charm. However if I'm not yet authenticated the login always goes back to the default locale. My understanding was that if I use the named routes from FOSUserBundle then it's should be able to handle the locales automatically, but I can't get it to work.
My app/config/security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: fos_user_security_login
check_path: fos_user_security_check
logout: true
anonymous: true
access_control:
- { path: ^/_wdt, roles: IS_AUTHENTICATED_ANONYMOUSLY } # allow wdt for debugging
- { path: ^/_profiler/, role: IS_AUTHENTICATED_ANONYMOUSLY } # allow profiler for debugging
- { path: ^/bundles/, role: IS_AUTHENTICATED_ANONYMOUSLY } # allow assets to be loaded anonymously
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, role: ROLE_ADMIN }
- { path: ^/, role: ROLE_USER }
My app/config/routing.yml
# FOS User bundle
fos_user_security:
resource: "#FOSUserBundle/Resources/config/routing/security.xml"
fos_user_profile:
resource: "#FOSUserBundle/Resources/config/routing/profile.xml"
prefix: /profile
#fos_user_register:
# resource: "#FOSUserBundle/Resources/config/routing/registration.xml"
# prefix: /register
fos_user_resetting:
resource: "#FOSUserBundle/Resources/config/routing/resetting.xml"
prefix: /resetting
fos_user_change_password:
resource: "#FOSUserBundle/Resources/config/routing/change_password.xml"
prefix: /profile
Any pointers much appreciated as I've been stuck with this for a couple of days now
The solution ended up being to prefix the locale to the route imports of FOSUserBundle:
# FOS User bundle
fos_user_security:
resource: "#FOSUserBundle/Resources/config/routing/security.xml"
prefix: /{_locale}
fos_user_profile:
resource: "#FOSUserBundle/Resources/config/routing/profile.xml"
prefix: /{_locale}/profile
fos_user_register:
resource: "#FOSUserBundle/Resources/config/routing/registration.xml"
prefix: /{_locale}/register
fos_user_resetting:
resource: "#FOSUserBundle/Resources/config/routing/resetting.xml"
prefix: /{_locale}/resetting
fos_user_change_password:
resource: "#FOSUserBundle/Resources/config/routing/change_password.xml"
prefix: /{_locale}/profile
And also change the firewall to allow locales in the anonymous routes and configure the logout_path:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: fos_user_security_login
check_path: fos_user_security_check
logout:
path: fos_user_security_logout
anonymous: true
access_control:
- { path: ^/_wdt, roles: IS_AUTHENTICATED_ANONYMOUSLY } # allow wdt for debugging
- { path: ^/_profiler/, role: IS_AUTHENTICATED_ANONYMOUSLY } # allow profiler for debugging
- { path: ^/bundles/, role: IS_AUTHENTICATED_ANONYMOUSLY } # allow assets to be loaded anonymously
- { path: ^/[a-z]+/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/[a-z]+/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/[a-z]+/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, role: ROLE_ADMIN }
- { path: ^/, role: ROLE_USER } # this must be the last match, as url patterns are checked in the order they appear
Using the JMSI18nRoutingBundle would probably be better in the long term, but it did not work as a drop in solution when I tried it and the budget for this project did not allow me to start figuring out why not, so that will be left for a future update.
I don't know how you're handling the locale detection/switch but with JMSI18nRoutingBundle you can do as below.
Add the required bundles to composer.json:
"require": {
...
"jms/i18n-routing-bundle": "1.1.*",
"jms/translation-bundle": "1.1.*",
"friendsofsymfony/user-bundle": "1.3.*"
},
Configure the bundles:
jms_i18n_routing:
default_locale: en
locales: [en, fr, it, sp]
strategy: prefix
Bootstrap the bundles:
$bundles = array(
...
new JMS\I18nRoutingBundle\JMSI18nRoutingBundle(),
new FOS\UserBundle\FOSUserBundle(),
);
Modify existing routes to prefix them with the desired locale:
access_control:
# Routes are prefixed by ther user locale.
- { path: ^/[^/]+/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/[^/]+/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/[^/]+/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/[^/]+/admin, role: ROLE_ADMIN }
- { path: ^/[^/]+/, role: ROLE_USER }
Now it should work!
My solution:
You have to redefine the fos_user routes for the be_simple_i18n type format.
(I chose the yaml version):
In app/config/routing.yml
[...]
#register the path to the file with the be_simple_i18n type fos_user routes
fos_user:
resource: "config/routing/fos_user_i18n.yml"
type: be_simple_i18n
my_yaml_i18n_routes:
resource: "config/routing/i18n.yml"
type: be_simple_i18n
In app/Resources/config/routing/fos_user_i18n.yml:
#you have to make entries for all the fos_user routes here!
#you can find them all in vendor/friendsofsymfony/user-bundle/Resources/routing
fos_user_security_login:
locales: { en: "/login", de: "/anmelden" }
defaults: { _controller: FOSUserBundle:Security:login }
fos_user_security_check:
locales: { en: "/login_check", de: "/login_pruefung" }
defaults: { _controller: FOSUserBundle:Security:check }
#...
In app/config/security.yml
firewalls:
[...]
main:
pattern: ^/
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
check_path: fos_user_security_check
csrf_provider: security.csrf.token_manager # Use form.csrf_provider instead for Symfony <2.4
logout:
path: fos_user_security_logout
target: #where_no_one_has_gone_before
[...]
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/anmelden$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/registrieren, role: IS_AUTHENTICATED_ANONYMOUSLY }
[...]
I have been struggling a bit with this issue. I wanted to have the pure login (no URL in the session) to be redirected to the proper localized page.
I could find the answer in the Symfony documentation:
# app/config/security.yml
security:
# ...
firewalls:
main:
form_login:
# ...
default_target_path: index [ or your named route ]