Give me some clues to add a logoutlistener in security.yaml of symfony4
Error:
The service "security.logout_listener.main" has a dependency on a non-existent service "some.service.id".
In security.yaml
logout:
path: /logout
target: /login
invalidate_session: false
delete_cookies:
a: { path: null, domain: null }
b: { path: null, domain: null }
handlers: [some.service.id]
Add these commands
In security.yaml
logout:
path: /logout
target: /
invalidate_session: true
In controller
/**
* #Route("/logout", name="logout")
*/
public function logout()
{
}
In logout button
<a class="text-muted" href="{{ path('logout') }}">logout </a>
this link can help you , so just don't forget to add your to add controller to have route /logout, and after the firewall can handle automatically your logout when you add this route in your config parameter
Related
I had problems with tow login in Symfony 6. When I access to /admin/login I get the error "Class App\Controller\AuthenticationUtils does not exist"
here is my security.yaml
security:
encoders:
App\Entity\User:
algorithm: auto
App\Entity\AdminUser:
algorithm: auto
enable_authenticator_manager: true
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
App\Entity\User:
algorithm: auto
App\Entity\AdminUser:
algorithm: auto
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: email
admin_user_provider:
entity:
class: App\Entity\AdminUser
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
admin:
pattern: ^/admin
lazy: true
provider: admin_user_provider
custom_authenticator: App\Security\AdminLoginFormAuthenticator
logout:
path: admin_logout
# where to redirect after logout
# TODO target: app_any_route
main:
lazy: true
provider: app_user_provider
custom_authenticator: App\Security\LoginFormAuthenticator
logout:
path: app_logout
# where to redirect after logout
# TODO target: app_any_route
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#the-firewall
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
# TODO - { path: ^/admin, roles: ROLE_ADMIN }
# TODO - { path: ^/profile, roles: ROLE_USER }
And it is my AdminSecurityController.php
<?php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
class AdminSecurityController extends AbstractController
{
/**
* #Route("/admin/security", name="admin_security")
*/
public function index(): Response
{
return $this->render('admin_security/index.html.twig', [
'controller_name' => 'AdminSecurityController',
]);
}
/**
* #Route("/admin/login", name="admin_login")
*/
public function login(AuthenticationUtils $authenticationUtils): Response
{
// get the login error if there is one
// $error = $authenticationUtils->getLastAuthenticationError();
// // last username entered by the user
// $lastUsername = $authenticationUtils->getLastUsername();
return $this->render('admin_login/index.html.twig'); //, ['last_username' => $lastUsername, 'error' => $error]
}
/**
* #Route("/admin/logout", name="admin_logout")
*/
public function logout()
{
throw new \Exception('This method can be blank - it will be intercepted by the logout key on your firewall');
}
}
I attach some images with information about the error
I have no idea about the problem, hope you can help me!!
Thank you !!
You're missing your import of the
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
at the top of your controller
To check if a user have access to a controller depending on his role we usually do something like this in the top of the controller:
$this->denyAccessUnlessGranted('ROLE_ADMIN');
or use annotation:
/**
* #Security("has_role('ROLE_ADMIN')")
*/
And all protected controllers have such a check.
Is it possible to put this check in a route settings, e. g. this way or somehow similar:
protected_route:
path: /top_secret
defaults: { _controller: '...', roles: [ROLE_ADMIN] }
?
Yes you should look at this page:
http://symfony.com/doc/current/book/security.html#securing-url-patterns-access-control
# app/config/security.yml
security:
# ...
firewalls:
# ...
access_control:
# require ROLE_ADMIN for /admin*
- { path: ^/admin, roles: ROLE_ADMIN }
I would like to close my full site and only access to authenticated users, but I would like to keep some routes to public. Public routes would be:
/
/news
/registration
All otheres are locked.
I've made a firewall which looks like this:
firewalls:
user_login:
pattern: ^/
anonymous: ~
user_area:
pattern: ^/
form_login:
login_path: _main_index #this is a route to /
logout:
path: _main_logout #this is a route to /logout
target: _main_index #this is a route to /
invalidate_session: false
access_control:
- { path: ^/news, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/registration, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/user-panel, roles: ROLE_ACTIVE_USER } #is this neccessary?
Then when I'm logging in to a restricted area (/user-panel) it sais I need to fully authenticate myself.
I store my roles in security.yml, not in database.
I hope you can help me! Thank you very much!
EDIT:
My loginCheckAction looks like this::
$encodedPassword = $this->get('user.user_service')->generatePasswordHash($user, $request->request->get('_password'));
if ($user->getPassword() == $encodedPassword) {
$user->setLastLoginOn(new \DateTime());
$this->em->user($rocker);
$this->em->flush();
$token = new UsernamePasswordToken($user, $user->getPassword(), 'user_area', array($user->getRoles()));
$request->getSession()->set('_security_user_area', serialize($token));
return $this->redirect($this->generateUrl('_user_panel'));
}
You need to add an catch-all firewall that requires authentication, like this:
- { path: ^/, roles: ROLE_ACTIVE_USER }
That will make all pages that aren't explicitely listed to be accessible without authentication (i.e. with IS_AUTHENTICATED_ANONYMOUSLY) inaccessible. However, since you didn't list your homepage yet, you'll need to add that too.
- { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
Make sure to put it above the catch-all entry, as Symfony processes entries from top to bottom, and stops when it found a matching entry.
You need to allow anonymus token
user_area:
pattern: ^/
form_login:
login_path: _main_index #this is a route to /
logout:
path: _main_logout #this is a route to /logout
target: _main_index #this is a route to /
invalidate_session: false
anonymous: ~
Try this.
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/registration, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/news, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/(css|js), roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/(_wdt|_profiler), roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_ACTIVE_USER }
I think login_check is used internally by the symfony security system just like logout. This empty function should work.
/**
* #Route("/login_check", name="login_check")
*/
public function loginCheckAction()
{
}
If you want to redirect the user to the panel route after successful login you need to implement login event listener. Symfony documentation How to create an Event Listener.
Some resources for symfony loginlistener.
http://www.ens.ro/2012/03/14/symfony2-login-event-listener/
https://gist.github.com/smottt/1075753
First of all, one of the major problem was the multiple firewall on the same route.
Symfony uses /login route to login, /login_check to check credentials and /logout to log out by default. For me, all routes was good, except the login route, because I wanted to log in users from / route.
Because of this, I had to implement UserProviderInterface into my UserRepository like this: Authenticating Someone with a Custom Entity Provider - Symfony2 documentation
I just modified this on my way (I user email as username).
Logincheck and logout is working automatically, because I use the default routes.
And for all of this, you have to implement AdvancedUserInterface to Users entity!!
I am using Symfony-2 to implement my application.
I need my login and logout routes to have some placeholders, but I don't manage to define it well in routing.yml and security.yml files.
I want to have something like:
www.mysite.com/{client_slug}/panel
and under it other secured pages:
www.mysite.com/{client_slug}/panel/.*
When someone tries to navigate to one of these pages, he/she should be redirected to:
www.mysite.com/{client_slug}/login
and after clicking logout, user should be redirected to something like:
www.mysite.com/{client_slug}/goodbye
I tried several things (http://forum.symfony-project.org/viewtopic.php?f=23&t=37809) but at the moment the only thing I achieved was that in my login url the text {client_slug} appears:
www.mysite.com/my-cliend-slug/panel
redirects to
www.mysite.com/{client_slug}/login
security.yml
firewalls:
main:
pattern: /.*
form_login:
check_path: /login_check
login_path: _security_login
logout:
path: /logout
target: /goodbye
security: true
anonymous: true
routing.yml
_security_login:
pattern: /{_client_slug}/login
defaults: { _controller: MyAppBackendBundle:Security:login }
_security_check:
pattern: /login_check
_security_logout:
pattern: /logout
_admin_panel:
pattern: /{_client_slug}/panel
defaults: { _controller: MyAppBackendBundle:AdminPanel:index }
Any ideas?
I had the exact same problem. I've read everything from here (http://forum.symfony-project.org/viewtopic.php?f=23&t=37809) and for me it works with a few extra lines.
Here is my security.yml
login_area:
pattern: ^/[A-Za-z0-9\-\_]+/login$
anonymous: ~
secured_area:
pattern: ^/[A-Za-z0-9\-\_]+/.*
form_login:
login_path: login
check_path: login_check
logout:
path: logout
target: /
remember_me:
key: "%secret%"
lifetime: 31536000
path: /
domain: ~
The login and login_path definitions:
login:
pattern: /{_client}/login
defaults: { _controller: GNCApplicationBaseBundle:Security:login }
login_check:
pattern: /{_client}/login_check
And I made an EventListener, which will be called at the kernel.request event:
acme.system.client.listener:
class: Acme\System\ClientBundle\EventListener\ClientListener
arguments: [#router, #doctrine.orm.entity_manager]
tags:
- { name: kernel.event_listener, event: kernel.request, method: onKernelRequest, priority: 10 }
The important attribute is the priority. In the Symfony Documentation (http://symfony.com/doc/current/reference/dic_tags.html#kernel-event-listener) it shows that the RouterListener starts with a priority 32 and the Firewall at 8. So I choose to call my custom EventListener right before the Firewall and set the _client-attribute manually in the router-context:
public function onKernelRequest(GetResponseEvent $event) {
$clientIdentifier = $event->getRequest()->attributes->get('_client');
$this->router->getContext()->setParameter('_client', $clientIdentifier);
}
And it works well for me.
I'm currently using Symfony 2.2.0-RC3.
I am trying to authenticate against symfony2 firewall , here is my security config
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
users:
user: { password: user, roles: [ 'ROLE_USER' ] }
admin: { password: admin, roles: [ 'ROLE_ADMIN' ]}
#main:
#entity: { class: Surgeworks\CoreBundle\Entity\User, property: username}
firewalls:
public:
pattern: .*
security: false
anonymous: true
form_login:
check_path: /{_locale}/admin/logincheck
login:
pattern: ^/{_locale}/admin/login$
security: false
anonymous: ~
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
anonymous: ~
secured_area :
provider: in_memory
pattern: ^/{_locale}/admin/.*
form_login:
check_path: /{_locale}/admin/logincheck
login_path: /{_locale}/admin/login
logout:
path : /{_locale}/admin/logout
target : /{_locale}/admin/
remember_me:
key: aSecretKey
lifetime: 3600
path: /admin/
domain: ~ # Defaults to the current domain from $_SERVER
access_control:
- { path: ^/{_locale}/admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/{_locale}/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/ar/admin/logincheck, roles: ROLE_ADMIN }
- { path: ^/(ar|en|fr)/admin/, roles: ROLE_ADMIN }
and here is my routing in DaghoSiteBundle/Resources/config/routing.yml:
_admin:
pattern: /admin/
defaults: { _controller: DaghoSiteBundle:Login:login , _locale : ar }
requirements:
_locale: (ar|en|fr)
login:
pattern: /admin/login
defaults : { _controller: DaghoSiteBundle:Login:login , _locale : ar }
requirements:
_locale: (ar|en|fr)
logincheck:
pattern: /admin/logincheck
#defaults: { _controller: DaghoSiteBundle:Login:logincheck , _locale: ar }
#requirements:
#_locale: (ar|en|fr)
logout:
pattern: /admin/logout
I can't login through these setting ,
it always throw an exception
Unable to find the controller for path "/ar/admin/logincheck". Maybe
you forgot to add the matching route in your routing configuration
and even if had setup the route check_path page >> i would be able to view the check_path without being redirected to login page ..
/en/admin >> login page
/en/logincheck >> display the logincheck template (i.e /en/logincheck isn't behind firewall )
how to fix , or debug this issue , please advise
UPDATE:
sorry I might forget to write that i had prefixed my bundle with the {_locale} like this
in my routing.yml
DaghoSiteBundle:
resource: "#DaghoSiteBundle/Resources/config/routing.yml"
prefix: /{_locale}
requirements:
_locale: ar|en|fr
defaults: { _locale: ar }
I think you must change your route patterns to include your _locale parameter. Instead of, for example, pattern: /admin/logincheck you should use pattern: {_locale}/admin/logincheck
You can also debug your routes by using a console command app/console router:debug.
I am not 100% sure this fixes your problem, but I hope it helps you gather more info about your issue.
Why dont you try
logincheck:
pattern: /admin/login_check
#defaults: { _controller: DaghoSiteBundle:Login:logincheck , _locale: ar }
#requirements:
#_locale: (ar|en|fr)
This solved my problem, but my situation is simple and doesn't have the {_locale} functionality, but maybe it will help you anyway.
From the Security chapter of the Symf2 Book:
Common Pitfalls #3: Be sure /login_check is behind a firewall.
In your security.yml file it looks like your check_path route is /{_locale}/admin/logincheck, and your secured path is anything that's behind ^/{_locale}/admin/.*
so that seems to be good.
You might want to try removing the .* (do you really need it?)
and further down the file in the access control section you provide a specific entry to make sure the check_path requires authentication:
- { path: ^/ar/admin/logincheck, roles: ROLE_ADMIN }
Maybe try specifying this instead:
- { path: ^/{_locale}/admin/logincheck, roles: ROLE_ADMIN }
But actually, I was wondering, can you even use {placeholders} in the security.yml pattern values? I know you can in the routing file, but I'm not sure if the security yml works the same way? I don't see it being used in any examples in the main symf2 book in the security or routing chapters?