how to redirect after login with fos user? why my code can't work?
here my security.yml
main:
pattern: ^/
form_login:
provider: fos_userbundle
login_path: /login
check_path: /login_check
always_use_default_target_path: false
# default_target_path: /home
# target_path_parameter: _target_path
# use_referer: false
oauth:
failure_path: /login
login_path: /login
check_path: /login
provider: fos_userbundle
resource_owners:
facebook: "/login/check-facebook"
oauth_user_provider:
# service: hwi_oauth.user.provider.fosub_bridge
service: project_home_userprovider
anonymous: ~
logout:
path: /logout
target: /login
access_control:
- { path: ^/login$, roles: [IS_AUTHENTICATED_ANONYMOUSLY] }
- { path: ^/admin, roles: [ROLE_ADMIN] }
- { path: ^/murid, roles: [ROLE_MURID] }
here my routing
murid:
resource: "#muridBundle/Resources/config/routing.yml"
prefix: /
admin:
resource: "#adminBundle/Resources/config/routing.yml"
prefix: /admin
home:
resource: "#homeBundle/Resources/config/routing.yml"
prefix: /
fos_user_security:
resource: "#FOSUserBundle/Resources/config/routing/security.xml"
fos_user_profile:
resource: "#FOSUserBundle/Resources/config/routing/profile.xml"
prefix: /profile
fos_user_resetting:
resource: "#FOSUserBundle/Resources/config/routing/resetting.xml"
prefix: /resetting
fos_user_change_password:
resource: "#FOSUserBundle/Resources/config/routing/change_password.xml"
prefix: /profile
hwi_oauth_security:
resource: "#HWIOAuthBundle/Resources/config/routing/login.xml"
prefix: /login
hwi_oauth_connect:
resource: "#HWIOAuthBundle/Resources/config/routing/connect.xml"
prefix: /login
hwi_oauth_redirect:
resource: "#HWIOAuthBundle/Resources/config/routing/redirect.xml"
prefix: /login
facebook_login:
pattern: /login/check-facebook
after success login, its always direct to symfony homepage.. cant u help me?? how to redirect to another page with different ROLE?
you will find your solution at her
http://symfony.com/doc/current/cookbook/security/form_login.html
don't know why but i am not able to post code here so i am posting the URL where i found the answer :) hope it will be help full to you
You need to define the default_target_path. In case of using OAuth you should define it as well.
main:
form_login:
default_target_path: "/your-path"
oauth:
default_target_path: "/your-path"
If you want to change the default_target_path according to the role check this solution.
Related
example: I have this inside my firewalls
secured_area:
pattern: ^/
form_login:
check_path: /secured/login_check
login_path: /secured/login
logout:
path: /secured/logout
target: /
context: primary_auth
I would like to access to this pattern => ^/toto without login.
Please, help me ?
With this, anyone can access it.
#change with your path
security:
secured_area:
anonymous: ~
pattern: ^/
form_login:
check_path: /secured/login_check
login_path: /secured/login
logout:
path: /secured/logout
target: /
context: primary_auth
access_control:
- { path: /toto, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/ , roles: ROLE_USER }
Edit :
Don't forget your anonymous : ~ (let anonymous user use it (for toto))
and let authorization via your access_control
I am using 2 login forms, one for the user and one for Sonata Admin.
The problem is when the user attempts to login and fails, the re-direct goes to the Sonata Admin login route and does not stay on the user login route/page.
I've looked at the documentation and tried to use failure_path but it still defaults back to the Sonata Admin login route.
It seems Sonata Admin bundle is overriding the re-direct path. I tried changing the order in the security.yml so the user section comes up first but that still doesn't fix the problem.
How can I fix this?
security.yml
firewalls:
admin:
pattern: ^/
form_login:
check_path: /login_check
login_path: /login
logout:
path: /logout
target: index
anonymous: ~
user:
pattern: ^/user
form_login:
# always_use_default_target_path: true
# default_target_path: login_form
failure_path: /user/login
check_path: /user/login_check
login_path: /user/login
logout:
path: /user/logout
target: index
anonymous: ~
1) Create an authentication handler
<?php
namespace Company\Bundle\Handler;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Router;
class SecurityHandler implements AuthenticationSuccessHandlerInterface, AuthenticationFailureHandlerInterface
{
private $router;
public function __contruct(Router $router)
{
$this->router = $router;
}
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
// only an example, make your own logic here
$referer = $request->headers->get('referer');
if (empty($referer)) {
return new RedirectResponse($this->router->generate('homepage'));
} else {
return new RedirectResponse($referer);
}
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
// Edit it to meet your requeriments
$request->getSession()->set('login_error', $error);
return new \Symfony\Component\HttpFoundation\RedirectResponse($this->router->generate('login_route'));
}
}
2) Register it as service
# src/Company/Bundle/Resources/config/services.yml
security_handler:
class: Company\Bundle\Handler\SecurityHandler
arguments: [#router]
3) Config to use this service as handler for login success and login failure, also you can use it in the admin firewall
# app/config/security.yml
firewalls:
admin:
pattern: ^/
form_login:
check_path: /login_check
login_path: /login
success_handler: security_handler
failure_handler: security_handler
logout:
path: /logout
target: index
anonymous: ~
user:
pattern: ^/user
form_login:
# always_use_default_target_path: true
# default_target_path: login_form
failure_path: /user/login
check_path: /user/login_check
login_path: /user/login
success_handler: security_handler
failure_handler: security_handler
logout:
path: /user/logout
target: index
anonymous: ~
You should configure you configurations from specific to general, because of general configuration can match any specific one.. So, try to change the order of your firewalls like this:
firewalls:
user:
pattern: ^/user
form_login:
# always_use_default_target_path: true
# default_target_path: login_form
failure_path: /user/login
check_path: /user/login_check
login_path: /user/login
success_handler: security_handler
failure_handler: security_handler
logout:
path: /user/logout
target: index
anonymous: ~
admin:
pattern: ^/
form_login:
check_path: /login_check
login_path: /login
success_handler: security_handler
failure_handler: security_handler
logout:
path: /logout
target: index
anonymous: ~
I came across a similar problem, and this is my solution. I also created a custom authentication handler:
class LoginFailureHandler extends DefaultAuthenticationFailureHandler implements AuthenticationFailureHandlerInterface
{
public function __construct(HttpKernelInterface $httpKernel, HttpUtils $httpUtils, array $options, $logger = null)
{
parent::__construct($httpKernel, $httpUtils, $options, $logger);
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
$request->getSession()->set('_security.user_area.target_path', $request->get('redirect_url'));
return parent::onAuthenticationFailure($request, $exception);
}
}
I used the _security.user_area.target_path parameter for resetting the redirect_url if the authentication fails. Works perfectly!
OK I think I need hand holding..
This question is a follow on from the previous question:
Symfony2 img/LdapBundle Bad credentials error
I have split this out as its a different issue. I am getting two different issues relating to the security.yml file as described below.
I have my security.yml:
security:
firewalls:
login_firewall:
pattern: ^/login$
anonymous: ~
imag_ldap:
check_path: login_check
login_path: login
csrf_provider: form.csrf_provider
intention: authenticate
provider: ldap
logout:
path: /logout
target: /
restricted_area:
pattern: ^/
#anonymous: ~
providers:
ldap:
id: imag_ldap.security.user.provider
encoders:
IMAG\LdapBundle\User\LdapUser: plaintext
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: IS_AUTHENTICATED_FULLY }
but im getting the following error:
LogicException: No authentication listener registered for firewall "restricted_area".
SO i tried the following:
security:
firewalls:
login_firewall:
pattern: ^/login$
anonymous: ~
imag_ldap:
check_path: login_check
login_path: login
csrf_provider: form.csrf_provider
intention: authenticate
provider: ldap
logout:
path: /logout
target: /
restricted_area:
pattern: ^/
#anonymous: ~
imag_ldap:
check_path: login_check
login_path: login
csrf_provider: form.csrf_provider
intention: authenticate
provider: ldap
logout:
path: /logout
target: /
but this causes a redirect loop.
Can anyone show me how to get this to work? I am trying to use the https://github.com/BorisMorel/LdapBundle ldap bundle to authenticate users..
According to the documentation https://github.com/BorisMorel/LdapBundle#configure-securityyml you should have one firewall with pattern: ^/ where also the login lives.
security:
firewalls:
restricted_area:
pattern: ^/
anonymous: ~
imag_ldap:
check_path: login_check
login_path: login
csrf_provider: form.csrf_provider
intention: authenticate
provider: ldap
logout:
path: /logout
target: /
providers:
ldap:
id: imag_ldap.security.user.provider
encoders:
IMAG\LdapBundle\User\LdapUser: plaintext
access_control:
- { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: IS_AUTHENTICATED_FULLY }
Sites where you don't need authentication you have to include under acces_control with IS_AUTHENTICATED_ANONYMOUSLY role. This also applies to the profiler and toolbar in dev-enivironment (actually for FOSUserBundle, but I think this also significant for the LdapBundle). And yeah, I know the symfony documentation says to create a anonymous firewall exclusively for ^/login$, but if the bundle supports an anonymous-role it is enough to take the exclude it with acces_control as above.
- { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
EDIT:
And don't forget to import the routing definitions from the bundle and not define them self. see https://github.com/BorisMorel/LdapBundle#import-routing
Im using FOSFacebookBundle and FOSUserBundle on Symfony 2.1.3. Have some troubles with my security settings:
imports:
- { resource: facebookParameters.ini }
security:
providers:
my_fos_facebook_provider:
id: my.facebook.user
firewalls:
main:
pattern: ^/
fos_facebook:
app_url: %facebookAppUrl%
server_url: %facebookServerUrl%
login_path: /login
check_path: /login_fb_check
default_target_path: /
provider: my_fos_facebook_provider
logout:
handlers: ["fos_facebook.logout_handler"]
anonymous: true
access_control:
- { path: ^/game, roles: ROLE_FACEBOOK }
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/gameinfos, roles: IS_AUTHENTICATED_ANONYMOUSLY }
Path game should be secured by facebook login, path login and gameinfos should be free to all visitors. Ok login is fine, its accessable from everywhere, but gameinfos is not. It allways directs me to facebook when i call the path / route.
Where could be the problem?
If a logged in user goes to the login action, I want to redirect them to another page. But I can't figure out how to detect whether the user is logged in or not while inside of the loginAction method. The security context in the login action make me seem logged out when I'm not.
As a test, I'm requesting both of the following pages while I'm logged into the site. Why can't I get access to the user in the login action?
Here's my login action:
public function loginAction()
{
$token = $this->get('security.context')->getToken();
print_r(get_class($token));
// Outputs "Symfony\Component\Security\Core\Authentication\Token\AnonymousToken"
print_r($token->getUser());
// Outputs "anon."
}
Here is a generic action in the application, protected by the login:
public function regularAction()
{
$token = $this->get('security.context')->getToken();
print_r(get_class($token));
// Outputs "Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken"
print_r(get_class($token->getUser()));
// Outputs "Company\BaseBundle\Entity\User"
}
Here's my security.yml:
security:
encoders:
Company\BaseBundle\Entity\User:
algorithm: sha1
iterations: 1
encode_as_base64: false
providers:
main:
entity: { class: Company\BaseBundle\Entity\User, property: user_name }
firewalls:
login_firewall:
pattern: ^/login$
anonymous: ~
main:
pattern: ^/
form_login:
login_path: /login
check_path: /login_check
post_only: true
always_use_default_target_path: false
default_target_path: /
use_referer: true
failure_path: null
failure_forward: false
username_parameter: user_name
password_parameter: password_hash
csrf_parameter: _csrf_token
intention: authenticate
logout:
path: /logout
target: /
acl:
connection: default
EDIT: I didn't think the rest of my firewalls were pertinent, but after reading ilanco's answer, I think they might be
security:
encoders:
Company\BaseBundle\Entity\User:
algorithm: sha1
iterations: 1
encode_as_base64: false
providers:
main:
entity: { class: Company\BaseBundle\Entity\User, property: user_name }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login_firewall:
pattern: ^/login$
anonymous: ~
password_reset:
pattern: ^/passwordreset/*$
anonymous: ~
error_firewall:
pattern: ^/error/.*$
anonymous: ~
unsupported_broswers:
pattern: ^/unsupported$
anonymous: ~
security_question_firewall:
pattern: ^/user/(locked|security_question)/(new)*$
anonymous: ~
api_firewall:
pattern: ^/api/.*$
provider: main
http_basic:
realm: "Secured API Area. Login with your regular credentials"
provider: main
main:
pattern: ^/
form_login:
login_path: /login
check_path: /login_check
post_only: true
always_use_default_target_path: false
default_target_path: /
use_referer: true
failure_path: null
failure_forward: false
username_parameter: user_name
password_parameter: password_hash
csrf_parameter: _csrf_token
intention: authenticate
logout:
path: /logout
target: /
acl:
connection: default
Following ilanco's suggestion, I removed this:
login_firewall:
pattern: ^/login$
anonymous: ~
and added this directly under the providers section:
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
But then I had a redirect loop error when I accessed /login.
I have struggled with this problem as well.
/login is not part of the main firewall, as such the user is not accessible there.
The way to solve this is to remove the custom firewall you have called login_firewall and allow access to /login through ACL.
Add the following code to your security.yml
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
Managed to solve this one - the problem with redirection loop is caused by the lack of access to the /login page. I've made only one firewall, set the access for anonymous: ~, defined access_control for non-users and voila!
security:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: true
anonymous: ~
secured_area:
pattern: ^/
anonymous: ~
form_login:
login_path: /login
check_path: /login_check
always_use_default_target_path: true
default_target_path: /
logout:
path: /logout
target: /
providers:
main:
entity: { class: Core\UserBundle\Entity\User, property: username }
encoders:
Core\UserBundle\Entity\User:
algorithm: sha256
iterations: 10
encode_as_base64: true
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_SUPERADMIN }
- { path: ^/user, roles: ROLE_USER }
- { path: ^/, roles: IS_AUTHENTICATED_FULLY }