I know we can set the failure path for form_login;
form_login:
provider: fos_userbundle
failure_path: /register
default_target_path: /home
how can i set the same structure for profile edit and password change. (profile/edit)
AFAIK, No its not possible.
form_login is handled by symfony2 not by fos_userbundle
By specifying form_login, you have told the Symfony2 framework that
any time a request is made to this firewall that leads to the user
needing to authenticate himself, the user will be redirected to a form
where he will be able to enter his credentials. It should come as no
surprise then that you have specified the user provider service we
declared earlier as the provider for the firewall to use as part of
the authentication process.
Since symfony2 take care of security context token population, if has given way to others to set failure path.
But for your case, its completely in your control, then why you need
that setting?
I suggest you to read more about security
Related
I am having trouble figuring out how to structure my application.
It is currently a web application built using normal controllers, twig views etc. and using FOS user bundle for authentication. In this application it is possible to create entities that should be seen as a "mobile user"
Now I need an API for a mobile app where the "mobile users" should log in, but I cannot figure out how this authentication should be constructed.
Should I create a user in the user table along with the web app users? Is it possible to require a user to have a specific role to log in on the normal login page?
Or should I add a username and password column to the "mobile user" entity, and make a custom login for the api. But how is this accomplish? I am thinking of using angularjs in the mobile app if this has any impact on how to solve this issue.
One of possible solutions would be using FOSOAuthServerBundle
In this scenario you can have the same place you keep your users for both web app and mobile app. Users can authenticate using the same credentials in web and mobile app - but authentication for mobile app can be done through ajax call.
Thanks to oAuth you don't keep login/password stored at your mobile app.
Bundle itself is written in a way that integrates with Symfony in perfect way.
To access different resources using different security you just configure different firewalls:
security.yml
security:
firewalls:
oauth_token:
pattern: ^/oauth/v2/token
security: false
api:
pattern: ^/api
fos_oauth: true
stateless: true
web_secured:
pattern: ^/
stateless: true
your_security_factory: true
Check these resources for more info:
FOSOAuthServerBundle documentation
step-by-step tutorial
You dont have to use a different user provider but you will need to configure a different firewall in security.yml:
firewalls:
api_firewall:
pattern: "^/api/"
form_login:
check_path: /api/login_check
login_path: /api/login
Then you can still show your users a login form. Using angular, have it post to the check_path. Symfony uses cookies to store authentication information so you may have to configure angular to accept and pass those on subsequent request.
If you dont want to do that you could use an API key and write a custom authenticator implementing SimplePreAuthenticatorInterface
I'm using FOS/Userbundle for login process of my application.
This application is the back-end part of my work. The front end one can be on another server.
Login works correctly when user is authenticated. My problem is when user is not recognized. In this case, Symfony redirects response to an url of my back-end when I want it to go back to my front-end url. I have not found neither in Symfony doc nor various forums elements for progress on this issue.
Thank you for your help.
Caplande
Normally you can configure, in security.yml , the firewall which is used by fosUserBundle, and tell it to redirect in case of success but also in case of error.
The idea is, in case of error to redirect the user to an action on your app which is not under your fosuserbundle firewall rules.
This action should finally redirect the non authenticated user to your frontend url.
here is an example :
in your security.yml,
security:
firewalls:
main:
form_login:
failure_path: YOUR_REDIRECTING_PATH
failure_forward: true
you needto finish, to make a route readable anonimously in you app to redirect to your frontend app.
for more information : https://symfony2-document.readthedocs.org/en/latest/cookbook/security/form_login.html
Hope this helps
I am trying to authenticate users with kerberos in Symfony2 but I'm a little lost on the way.
When the user is authenticated,the Apache server returns the $ _SERVER ['REMOTE_USER'] variable, giving me his username. I can recover this value :
$request = Request::createFromGlobals();
$user = $request->server->get('REMOTE_USER');
But how to tell Symfony to authenticate the user just with this value ? No password is required.
I hesitate between create a custom authentication provider or create a custom use provider.
What is the best way to do this please ?
Added a REMOTE_USER based listener to security firewalls
Several Apache security modules (auth_kerb, auth_cas, etc.) provide the username via an environment variable called REMOTE_USER. For that reason, Symfony 2.6 will include a new authentication listener based on this variable.
To use it in your application, simply define a firewall of the new remote_user type in your security configuration:
# app/config/security.yml
security:
firewalls:
secured_area:
pattern: ^/
remote_user:
provider: your_user_provider
Source: http://symfony.com/blog/new-in-symfony-2-6-security-component-improvements
Im trying to figure out where exactly to hook into the FOSUserBundle Login-process to check wether a user has the "deleted" flag and if its true, terminate the login-attempt returning an error.
Well, Authentication is handled by security component not by FOS User bundle.
For more information first read this doc
Short Summary here
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
When a user makes a request to a URL that's protected by a firewall,
the security system is activated. The job of the firewall is to
determine whether or not the user needs to be authenticated, and if he
does, to send a response back to the user initiating the authentication process.
SRC: http://symfony.com/doc/master/book/security.html#how-security-works-authentication-and-authorization
providers:
fos_userbundle:
id: fos_user.user_provider.username
Firewall needs a provider (which provider username & password). FOS user bundle has its own user provider.
Your problem
You can extend the user manager of fos user bundle and overwrite the logic to check more conditions.
You can see the sample here
https://stackoverflow.com/a/14985093/598424
Now How to check delete flag
The AdvancedUserInterface interface adds four extra methods to validate the account status:
isAccountNonExpired() checks whether the user's account has expired,
isAccountNonLocked() checks whether the user is locked,
isCredentialsNonExpired() checks whether the user's credentials (password) has expired,
isEnabled() checks whether the user is enabled.
How to create our own custom provider?
Im using the normal user authentication system proposed on the symfony documentation:
form_login:
login_path: /login
check_path: /login_check
As you know you write the controller for /login and then send the form data to /login_check that is handle by the framework. Sometimes my users comes with a sort of gift code so the write /login?code=12345678, given the fact that I wrote the login controller i can parse this code, but one i send the login data to /login_check I lost control of this code because as i said the script behind /login_check is not writen by me. I need to send the code because if the login is complete ideally i take the get data and store it.
I think you have to create a new Bundle, extending SecurityBundle and then you just need to override login_check action... Official documentation is here It seems a bit heavy for a gift code.
Why don't you store the gift code in session (if it exists) ? Anyway, if login fails, the user can't access to the site part it may be used. And why not to wait it's been used to invalidate it ?
Your approach is not good. Read this to understand how it's work: http://blog.logicexception.com/2011/10/symfony2-securitybundle-and.html
You need to create your own user provider.