I'm trying to install the FOSUserBundle following the tutorial here
When I'm at the 7th step I try to update the database schema for ORM running
php app/console doctrine:schema:update --force
but appears the error
InvalidConfigurationException: Unrecognized options "csrf_provider" under "security.firewalls.form_login"
Here's my firewall:
firewalls:
main:
pattern:
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
What can I do? I don't set a pattern because, if I set something like
pattern: ^/
the following error appears:
InvalidTypeException: Invalid type for path "security.firewalls.pattern". Expected array, but got string
UPDATE:
The csrf_protection was enable but, for some reason that I don't understand, didn't work. I tried to "reset" it, disabling and enabling, and now it works.
In my project I enable it with
csrf_protection: ~
You need to enable csrf protection.
You can do that by adding a key to the config.yml
framework:
csrf_protection:
enabled: true
in security.yml
for sloving this problem you just need to comment this command :
csrf_token_generator: security.csrf.token_manager
and enable this comment instead :
csrf_provider: form.csrf_provider
There can be 3 main reasons for this problem:
You have configured FOSU from cookbook from symfony.com, which now is outdated for FOSU 2.0+. Solution:
csrf_token_generator Instead of
csrf_provider
in security.yml
You have not enabled csrf in config.yml
framework:
csrf_protection:
enabled: true
You didn't update AppKernel.php with:
new FOS\UserBundle\FOSUserBundle(),
Maybe all at once. Good luck :)
Related
I have updated my project to Symfony 6, and now my google login is not working as before. The remember me token is not working if I close the browser. In 5.4, I had written my security.yaml like this :
google:
pattern: ^/connect/google
guard:
authenticators:
- App\Security\GoogleAuthenticator
logout:
path: app_logout
target: home
remember_me:
secret: "%env(GOOGLE_CLIENT_SECRET)%"
lifetime: 604800
always_remember_me: true
but now the cli tell me I need to change "guard". If I use custom_authenticator option, there are a lot of errors because I'm using SocialAuthenticator as you can see here : https://codeshare.io/Od84jx If I remove the google part from security.yaml I don't have error, and register and login are working, but not remember me token.
I finally succeeded, I share my solution for those who have the same problem.
So in symfony 5.4 to symfony 6.1, you need to use OAuth2Authenticator instead of SocialAuthenticator. You can follow the doc to write your GoogleAuthenticator : https://github.com/knpuniversity/oauth2-client-bundle#step-1-using-the-new-oauth2authenticator-class
Then you only need to add it in your custom_authenticator section in the security.yaml file. For example :
main:
switch_user: true
lazy: true
provider: app_user_provider
custom_authenticator:
- App\Security\LoginAuthenticator
- App\Security\GoogleAuthenticator
And then it will work if you already have your controller. (https://github.com/knpuniversity/oauth2-client-bundle#step-3-use-the-client-service)
I have an api-platform project. The roots are all protected by a login.
http://localhost:8888/docs does show the API documentation.
I kept getting 401 on the client generator, so, I made the following changes to security.yml
api:
pattern: ^/
security: false
provider: db_provider
stateless: true
anonymous: true
# guard:
# authenticators:
# - lexik_jwt_authentication.jwt_token_authenticator
That however generated a strange error:
generate-api-platform-client --generator vue http://localhost:8888 /src --resource legal_types
Error: Unable to find the URL for "http://localhost:8888/docs.jsonld#Entrypoint/user".
at _loop (/Users/xxx/.config/yarn/global/node_modules/#api-platform/api-doc-parser/lib/hydra/parseHydraDocumentation.js:437:17)
at fetchEntrypointAndDocs.then._promise2.default.reject.api._Api2.default.resources (/Users/xxx/.config/yarn/global/node_modules/#api-platform/api-doc-parser/lib/hydra/parseHydraDocumentation.js:459:20)
at <anonymous>
at process._tickCallback (internal/process/next_tick.js:188:7)
pattern: ^/ matches nothing.
If you want to match anything you should go with ^.*$ but if you need all application to be under a secured firewall but only docs to be accessible in anonymous way, just put as first rule this pattern: ^docs and place everything else (/.*$) under secured firewall.
i know the question is repeated but the scenario that i'm going to describe is (very) strange :
register a new user
update the profile
reconnect but bad credentials
the bundle works normally in dev mode, but stack in prod mode
using fosuser_bundle
security:
encoders:
"Application\Sonata\UserBundle\Entity\User":
algorithm: sha512
encode_as_base64: false
iterations: 1
firewalls :
main:
pattern: .*
context: user
form_login:
provider: fos_userbundle
login_path: /login
use_forward: false
check_path: /login_check
csrf_provider: form.csrf_provider
use_referer: true
all was perfectly working a month ago
Please let me help if you need some codes, Thanks
i found the solution, i was wondering why it works on dev mode and not in prod mode ? the solution was with the configuration of ovh in .ovhconfig tha should replace version of php from 5.4 => 5.5
; pour plus d'informations sur ce fichier:
; http://www.ovh.com/fr/g1175.format_du_point_ovhconfig
app.engine=php
app.engine.version=5.5
;apc.enabled = 1
http.firewall=none
environment=production
Trying to use both bundles with latest Symfony (V:2.7.2).
FOSOauth is set and works fine, but adding HWIOAuthBundle isn't so trivial. Following the instruction in native Read.me brought me to this:
The service "hwi_oauth.security.oauth_utils" has a dependency on a
non-existent service "hwi_oauth.resource_ownermap.api".
How to setup this two together?
It seems you haven't configured properly oauth section in the firewall (security.yml file) you want HWIOAuthBundle to work with.
For example, with Facebook:
// app/config/config.yml
hwi_oauth:
firewall_name: main
resource_owners:
facebook:
type: facebook
...
Then you need to configure main firewall
// app/config/security.yml
main:
pattern: ^/
oauth:
resource_owners:
facebook: "/login/check-facebook"
oauth_user_provider:
service: my_custom_oauth_user_provider
...
Don't forget to declare facebook login-check route
// app/config/routing.yml
facebook_login:
path: /login/check-facebook
and you also need to create a user provider (the bundle itself has some built-in providers that you can extend and modify) and register it as a service
// app/config/services.yml
my_custom_oauth_user_provider:
class: AppBundle\Security\OAuthUserProvider
As your question is how to setup HWIOAuthBundle with FOSOAuthServerBundle, there is a very complete guide of how to achieve this: A way to integrate FosUserBundle and HWIOAuthBundle
You need to add new firewall (e.g. secured_area) with authentication way "oauth".
For example:
security:
firewalls:
secured_area:
anonymous: ~
oauth:
resource_owners:
facebook: "/login/check-facebook"
google: "/login/check-google"
my_custom_provider: "/login/check-custom"
my_github: "/login/check-github"
login_path: /login
use_forward: false
failure_path: /login
oauth_user_provider:
service: my.oauth_aware.user_provider.service
You can find this info here
I try 10 times to find out how to install HWIOAuthBundle But there is no enough documentation,
I install the Bundle and I follow exactly the documentation in Git But it shows me this error:
InvalidConfigurationException: Unrecognized options "anonymous" under "security.firewalls.secured_area.oauth"
Somehow I didn't understand the Part A) 'Have a user provider that implements'.What should I do?Or where can I find easy documentation
A) Have a user provider that implements OAuthAwareUserProviderInterface
The bundle needs a service that is able to load users based on the user response of the oauth endpoint. If you have a custom service it should implement the interface: HWI\Bundle\OAuthBundle\Security\Core\User\OAuthAwareUserProviderInterface.
The HWIOAuthBundle also ships with three default implementations:
OAuthUserProvider (service name: hwi_oauth.user.provider) - doesn't persist users
EntityUserProvider (service name: hwi_oauth.user.provider.entity) - loads users from a database
FOSUserBundle integration (service name: hwi_oauth.user.provider.fosub_bridge). Checkout the documentation for integrating HWIOAuthBundle with FOSUserBundle for more information: (todo)
what should I do here ?
You should replace/comment out the line of the service:
oauth_user_provider:
service: my.oauth_aware.user_provider.service
and then replace by:
oauth_user_provider:
oauth: ~
Source: https://github.com/hwi/HWIOAuthBundle/issues/72
Go further:
https://gist.github.com/danvbe/4476697
http://m2mdas.github.io/blog/2013/11/21/integrate-hwioauthbundle-with-fosuserbundle/
Ahh, seems like a typo in docs, could you move that anonymous 4 spaces lower to something like:
# app/config/security.yml
security:
firewalls:
secured_area:
anonymous: ~
oauth:
resource_owners:
facebook: "/login/check-facebook"
login_path: /login
failure_path: /login
oauth_user_provider:
service: my.oauth_aware.user_provider.service
Easy fix for this is to define a service like this :
In security.yml keep this :
oauth_user_provider:
service: my.oauth_aware.user_provider.service
In services.yml put this :
services:
my.oauth_aware.user_provider.service:
class: HWI\Bundle\OAuthBundle\Security\Core\User\FOSUBUserProvider
arguments:
userManager: "#fos_user.user_manager"
properties: ["pass properties as array"]
Thats it !