I'm using FOS/Userbundle for login process of my application.
This application is the back-end part of my work. The front end one can be on another server.
Login works correctly when user is authenticated. My problem is when user is not recognized. In this case, Symfony redirects response to an url of my back-end when I want it to go back to my front-end url. I have not found neither in Symfony doc nor various forums elements for progress on this issue.
Thank you for your help.
Caplande
Normally you can configure, in security.yml , the firewall which is used by fosUserBundle, and tell it to redirect in case of success but also in case of error.
The idea is, in case of error to redirect the user to an action on your app which is not under your fosuserbundle firewall rules.
This action should finally redirect the non authenticated user to your frontend url.
here is an example :
in your security.yml,
security:
firewalls:
main:
form_login:
failure_path: YOUR_REDIRECTING_PATH
failure_forward: true
you needto finish, to make a route readable anonimously in you app to redirect to your frontend app.
for more information : https://symfony2-document.readthedocs.org/en/latest/cookbook/security/form_login.html
Hope this helps
Related
I have 2 user roles in my application: admin and member. After a successful login, an admin user must be redirected to /admin and member must be redirected to /catalog.
Is this possible with Symfony and the FOSUserBundle?
Yes, you can modify the login behaviour. It's nothing FOSUserBundle specific, it's a Symfony feature: https://symfony.com/doc/current/security/form_login.html#always-redirect-to-the-default-page
Another solution is a custom login authentication success handler. You can find an example here: https://gist.github.com/chalasr/69ad35c11e38b8cc717f
I am having trouble figuring out how to structure my application.
It is currently a web application built using normal controllers, twig views etc. and using FOS user bundle for authentication. In this application it is possible to create entities that should be seen as a "mobile user"
Now I need an API for a mobile app where the "mobile users" should log in, but I cannot figure out how this authentication should be constructed.
Should I create a user in the user table along with the web app users? Is it possible to require a user to have a specific role to log in on the normal login page?
Or should I add a username and password column to the "mobile user" entity, and make a custom login for the api. But how is this accomplish? I am thinking of using angularjs in the mobile app if this has any impact on how to solve this issue.
One of possible solutions would be using FOSOAuthServerBundle
In this scenario you can have the same place you keep your users for both web app and mobile app. Users can authenticate using the same credentials in web and mobile app - but authentication for mobile app can be done through ajax call.
Thanks to oAuth you don't keep login/password stored at your mobile app.
Bundle itself is written in a way that integrates with Symfony in perfect way.
To access different resources using different security you just configure different firewalls:
security.yml
security:
firewalls:
oauth_token:
pattern: ^/oauth/v2/token
security: false
api:
pattern: ^/api
fos_oauth: true
stateless: true
web_secured:
pattern: ^/
stateless: true
your_security_factory: true
Check these resources for more info:
FOSOAuthServerBundle documentation
step-by-step tutorial
You dont have to use a different user provider but you will need to configure a different firewall in security.yml:
firewalls:
api_firewall:
pattern: "^/api/"
form_login:
check_path: /api/login_check
login_path: /api/login
Then you can still show your users a login form. Using angular, have it post to the check_path. Symfony uses cookies to store authentication information so you may have to configure angular to accept and pass those on subsequent request.
If you dont want to do that you could use an API key and write a custom authenticator implementing SimplePreAuthenticatorInterface
I want to check whether a user is logged before calling most of the methods in my web application. I don't know how to do that. I want something like before_filter in Ruby On Rails. I have checked the before filter in the symfony2 documentation but it does not help me. I need a real life example for the login.
This is the link I have checked. http://symfony.com/doc/current/cookbook/event_dispatcher/before_after_filters.html
There are a number of ways to handle access control in Symfony. The most basic is with URL matching, which is handy when you want to restrict access to a URL like /admin and anything that follows. This is configured in security.yml.
# app/config/security.yml
security:
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
This page shows the different ways to secure your application:
http://symfony.com/doc/current/book/security.html#access-control
There is even a way to secure any service even if it's not a controller:
http://symfony.com/doc/current/cookbook/security/securing_services.html
I know we can set the failure path for form_login;
form_login:
provider: fos_userbundle
failure_path: /register
default_target_path: /home
how can i set the same structure for profile edit and password change. (profile/edit)
AFAIK, No its not possible.
form_login is handled by symfony2 not by fos_userbundle
By specifying form_login, you have told the Symfony2 framework that
any time a request is made to this firewall that leads to the user
needing to authenticate himself, the user will be redirected to a form
where he will be able to enter his credentials. It should come as no
surprise then that you have specified the user provider service we
declared earlier as the provider for the firewall to use as part of
the authentication process.
Since symfony2 take care of security context token population, if has given way to others to set failure path.
But for your case, its completely in your control, then why you need
that setting?
I suggest you to read more about security
Im using the normal user authentication system proposed on the symfony documentation:
form_login:
login_path: /login
check_path: /login_check
As you know you write the controller for /login and then send the form data to /login_check that is handle by the framework. Sometimes my users comes with a sort of gift code so the write /login?code=12345678, given the fact that I wrote the login controller i can parse this code, but one i send the login data to /login_check I lost control of this code because as i said the script behind /login_check is not writen by me. I need to send the code because if the login is complete ideally i take the get data and store it.
I think you have to create a new Bundle, extending SecurityBundle and then you just need to override login_check action... Official documentation is here It seems a bit heavy for a gift code.
Why don't you store the gift code in session (if it exists) ? Anyway, if login fails, the user can't access to the site part it may be used. And why not to wait it's been used to invalidate it ?
Your approach is not good. Read this to understand how it's work: http://blog.logicexception.com/2011/10/symfony2-securitybundle-and.html
You need to create your own user provider.