I have added this option in security.yml, under firewall settings :
use_referer: true
Now, I have created a link which is used for email confirmation. When I am in development mode, if i click on the link and not logged in to the application, I got to the login page and then after login the I go to email confirmation link. But in production mode this is not working after login It is redirecting me too the default target path.
Here is security.yml :
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
my-login:
login_path: /
check_path: /login_check
default_target_path: /default_root
provider: my_provide
use_referer: true
EDIT : some more information
I have created exception listener, which checks the response and redirects user to login page if he/she is not authenticated. Previously it was working only in production mode, i made it working in dev mode and now referer is not working in dev mode too.
Is there any way that I can by pass exception listener for this particular route.?
I found the answer myself.. :)
I just skipped that particular path from checking in exception listener.
$path = $event->getRequest()->getPathInfo();
if($this->container->get('security.context')->isGranted('IS_AUTHENTICATED_FULLY') == false) {
if($path == "my/path") {
// simply redirect to login page without clearing session and cookies
} else {
// clear session and redirect to login page so that referer does not contain any data
}
}
Related
I'm working on Symfony5.
I want, in some cases, to logout the user, redirecting him to the login page and displaying on this page the reasons why he has been logged out.
To achieve that, I use a classic "logout" redirect route, which then automatically redirect to the login page.
I tried to put data in the user's session, but the session is cleared on logout so it's empty when it get to the login page.
Here is an extract of my controller function launching the logout process :
//... some code to put data in the session
return $this->redirectToRoute('app_logout');
And an extract of my security.yml :
main:
anonymous: true
lazy: true
provider: app_user_provider
logout:
path: app_logout
target: app_login
guard:
authenticators:
- App\Security\LoginFormAuthenticator
Do you have any idea how I can do this ? Ideally it would be forcing Symfony to let the data in the session but maybe there are some other ways.
Thanks in advance.
I have a project where I log in with the auth and from time to time it's an error and it is not possible to connect. And I would have something to show me this error, so I can do the treatment and return a message to the User.
When he does not connect it automaiticamente back to the root, and that this ta treaty on security:
oauth:
resource_owners:
facebook: "/security/login/check-facebook"
google: "/security/login/check-google"
linkedin: "/security/login/check-linkedin"
login_path: /
failure_path: /
default_target_path: /security/connected
check_path: /security/login_check
oauth_user_provider:
service: web_key_user_provider
Mainly to get treatment when the authentication page facebook or google me return one bad_request = 400
as I would for the Routa to put in failure_path, to catch because it failed?
You have to implement an EventListener which is called when the onAuthenticationFailure event is fired, and set it as failure_handler in your HWIOAuth configuration.
See this great answer on another similar issue :
How to disable redirection after login_check in Symfony 2
Hopes this helps you.
The isssue I am trying to address is to automatically redirect my application to the user entered url after login. Since I have a centralized authentication server I cant user 'HTTP_REFERER' as it always returns null when am being transferred to the authentication server.
My solution is to use the security.yml in my application server to pass the redirection url as url parameter. I have implemented that as follows,
parameters.php
$container->setParameter('referer', $_SERVER['REQUEST_URI']);
security.yml
secured_area:
pattern: ^/
stateless: true
form_login:
login_path: %accounts_host%/signin?referer=%referer%
simple_preauth:
authenticator: app.security.authenticator
But my issue is that the referer parameter in security.yml is always static. It always gives the first application url I type in. Lets say if i type www.appserver.com/product/1, the next time if I type in www.appserver.com/product/200 the referer will always return www.appserver.com/product/1 in the authenitcation server.
However, If I do a print_r($_SERVER['REQUEST_URI']); exit(); in the parameters.php the value changes for my each request.
I was at this for quite some time and I am very lost at this point. Any help on getting this referer value dynamically on the security.yml would be really appreciated. thanks :)
How can I redirect automaticaly an user when it enters a restricted page to /register-as-guest?
My wrong solution: in security.yml I set
firewalls:
default:
form_login:
login_path: /register-as-guest
This works, but when user enters wrong credentials at login it is redirected to /register-as-guest ( login_path ) but should be redirected to /login.
You're on the right track :)
Just a little more configuration is needed, as you can see in the docs
If you want explicit behavior to happen on login success/failure, you should use these config settings under the firewall:
firewall:
default:
...
form_login:
...
# login success redirecting options
always_use_default_target_path: false
default_target_path: / # use this if you want a standard page to be shown on login success
target_path_parameter: _target_path
use_referer: false # set this to true to redirect back to the previously attempted page
# login failure redirecting options
failure_path: /foo
failure_forward: false # this is what you need
failure_path_parameter: _failure_path
failure_handler: some.service.id
success_handler: some.service.id
Hope this helps :)
Just use the FOSUserBundle, everything you need is included there then you don't have to implement it on your own, also it is very well documented it is very is to integrate into a project
I'm looking at security in Symfony 2.0 and I have a problem I can't explain.
My security bundle is very simple for now.
I try to put everything working before putting real providers.
So, now, when I go on the site, It sends me on the login form as expected. I put the user and the password and then, instead of home page, i am send to "/.../app_dev.php/_wdt/511509b611682" (different number each time).
My user isn't marked as authenticated in the debug toolbar.
If i take off the end of the url, i arrive on homepage. My user seems to be identified and authenticated in the debug toolbar.
This arrives only in dev environment. In prod environment, it seems to work as expected.
Thanks for your help
Further to #artworkad's answer, you have to add the dev firewall before your main firewall, otherwise it will never match:
security:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
#...
When you log in using development environment you will be redirected to index_dev.php/_wdt/4e95412bc6871.
WDT aka web debug toolbar can be removed from the scope of the firewall via
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
Actually it is not related to SecurityBundle, anyways it is documented here https://github.com/FriendsOfSymfony/FOSUserBundle/issues/368
Also you can put this lines in access_control:
{ path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
{ path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
but I prefer keep my access_control for only my app routes.