I have installed FOSUserBundle and I am using it in my project. Its login page redirects to an unknown path /_wdt/50366043f414d. I changed the default_target_path under form_login in security.yml file, but it did not take effect.
How can I change the target path of the login page in FOSUserBundle?
I must set the always_use_default_target_path to true, as shown in
symfony documentation
#app/config/security.yml
firewalls:
main:
pattern: ^/
form_login:
login_path: /login
default_target_path: /my/desired/path
always_use_default_target_path: true
I had the same issue, and the reason I was having this problem was because Symfony was trying to load the Web Debug Toolbar (hence the "_wdt" bit in the error), which has its own routes that are called at the end of the page load. In my case, I had configured my security.yml like so:
app/config/security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/css, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/js, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_USER }
This means that if the user is trying to open a page for anything behind the root "/", he is required to be logged in.
The way I fixed the problem was by adding the "_wdt" part and allowing it for anonymous users:
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/css, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/js, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_USER }
This may be an old issue but instead of changing the access_control the current Symfony2 config features an extra firewall for the debug toolbar:
# Disabling the security for the web debug toolbar, the profiler and Assetic.
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
Related
I want to separate the admin login page and user login page. I did it this way with the codes I got from some sources, but I get an error.
// config/security.yaml
security:
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
encoders: ...
role_hierarchy: ...
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
...
admin:
pattern: /admin(.*)
form_login:
provider: fos_userbundle
login_path: /admin/login
check_path: /admin/login_check
default_target_path: /admin/
logout:
path: /admin/logout
target: /admin/login
anonymous: true
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
logout: true
anonymous: true
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
The routes.yaml file is as follows.
admin_login:
path: /admin/login
defaults: { _controller: App\UserBundle\Controller\SecurityController }
and The SecurityController file is as follows.
<?php
namespace App\UserBundle\Controller;
use FOS\UserBundle\Controller\SecurityController as BaseController;
class SecurityController extends BaseController
{
public function renderLogin(array $data)
{
$requestAttributes = $this->container->get('request')->attributes;
if ('admin_login' === $requestAttributes->get('_route')) {
$template = sprintf('admin/Security/login.html.twig');
} else {
$template = sprintf('#FOSUser/Security/login.html.twig');
}
return $this->container->get('templating')->renderResponse($template, $data);
}
}
I wrote this way, but when I enter the admin / login page, I get an error like the one below.
This page isn’t working
127.0.0.1 redirected you too many times.
ERR_TOO_MANY_REDIRECTS
How can I fix this error.
You are having too many redirect because symfony is reading top to bottom and /admin/ is written before /admin/login or /admin/login_check so it will match with this access control.
Access control (Symfony):
For each incoming request, Symfony checks each access_control entry to
find one that matches the current request. As soon as it finds a
matching access_control entry, it stops - only the first matching
access_control is used to enforce access.
So you need to put your /admin_login before your /admin
Update your access control with something like :
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
I know that my title is not very clear. I explain me, I create a security:
security:
encoders:
Bundles\UserBundle\Entity\user: sha512
role_hierarchy:
ROLE_MENAGE: [ROLE_USER]
ROLE_EMPLOYE: [ROLE_ADMIN]
ROLE_GERANT: [ROLE_SUPER_ADMIN]
ROLE_INTERCOMMUNAL: [ROLE_GERANT]
providers:
main:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
anonymous: true
provider: main
form_login:
login_path: fos_user_security_login
check_path: fos_user_security_check
logout:
path: fos_user_security_logout
target: /login
remember_me:
key: %secret%
access_control:
- { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, roles: ROLE_MENAGE }
- { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_MENAGE }
- { path: ^/EncoderDechet, roles: ROLE_EMPLOYE }
- { path: ^/VoirConteneurs, roles: ROLE_GERANT }
- { path: ^/GenererFacture, roles: ROLE_INTERCOMMUNAL }
- { path: ^/Statistique, roles: ROLE_GERANT }
Like you can see in this SECURITY.YML I define a role hierarchy. When I log In with a User who have : ROLE_EMPLOYE as role, I have can have access to /register. But this path must have as role : EMPLOYE, and it give me an 403 : access denied.
Can you explain me where I made a mistake ?
Your role hierarchy looks wrong.
It should be
ROLE_B: ROLE_A
ROLE_C: ROLE_B
ROLE_D: ROLE_C
So something like
ROLE_MENAGE: ROLE_USER
ROLE_EMPLOYE: ROLE_MENAGE
ROLE_GERANT: ROLE_EMPLOYE
ROLE_INTERCOMMUNAL: ROLE_GERANT
Which would give you 5 roles going: USER < MENAGE < EMPLOYE < GERANT < INTERCOMMUNAL
If you do need ROLE_ADMIN & ROLE_SUPER_ADMIN just add them in there where you need them.
Here is what I use on my current project for example
ROLE_INFLUENCER: ROLE_USER
ROLE_COMPANY: ROLE_INFLUENCER
ROLE_COMPANY_ADMIN: ROLE_COMPANY
ROLE_SITE_ADMIN: ROLE_COMPANY_ADMIN
ROLE_SUPER_ADMIN: ROLE_SITE_ADMIN
I am using Symfony 2.8.2 with FOSUserBundle. When I'm trying to logout, I got the following error:
You must activate the logout in your security firewall configuration
Here's my security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/login
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
anonymous: true
logout:
path: /logout
target: /login
access_control:
- { path: ^/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/, role: ROLE_USER }
I've also tried to set logout: true but nothing changed.
P.S. I'm not using Sonata, just FOSUserBundle.
What's the reason I'm getting this error?
It seems like you have wrong pattern for main firewall.
Setting pattern: ^/login makes this firewall valid only for matching URLs which is only /login URL.
Also, logout URL has to be inside firewall's secured area.
you must add in your security.yml
firewalls:
secured_area:
logout:
path: /logout
target: /
and in your routing.yml
logout:
path: /logout
I have loop redirect after logout
My security.yml
# app/config/security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: security.csrf.token_manager # Use form.csrf_provider instead for Symfony <2.4
# login_path: /login111
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/accaunt, role: ROLE_USER }
- { path: ^/accaunt/, role: ROLE_USER }
- { path: ^/, roles: IS_AUTHENTICATED_FULLY }
- { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
If I'm replace in config.yml handler_id: session.handler.pdo
into handler_id: ~
All good
As the name suggests, when an anonymous user try to access page A which needs an admin role, symfony redirects to the login page, login page of your seems to be also aking for a role user, and hence the error
I think your problem is a typo?! the ^/login$ in your access_control?
I'm trying to make the admin section only accessible for admin users using FOSUserBundle.
However if I go to the admin url (www.foo.local/app_dev.php/admin) without authentication, it allows me access.
In the Symfony debug toolbar it shows Logged in as anon.
I have configured the FOSUserBundle following the official documentation
Here is the security.yml config:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
I don't know why it doesn't ask for the ROLE_ADMIN in order to allow access to the admin section, any ideas?
I guess that's because your rule says
- { path: ^/admin/, role: ROLE_ADMIN }
which means
www.foo.local/app_dev.php/admin/one
www.foo.local/app_dev.php/admin/two
Notice the '/' after admin
where
www.foo.local/app_dev.php/admin
won't satisfy the rule because it's missing the '/' at the end
try to change the rule to be
- { path: ^/admin, role: ROLE_ADMIN }