FOSUserBundle : weird authentication

StackOverflow https://stackoverflow.com/questions/8330129

  •  26-10-2019
  •  | 
  •  

Question

I'm working on a project with Symfony2 where you must be logged to be able to see the website. I am using FOSUserBundle to create the member area. Here is the idea : if an anonymous comes to the website, I systematically redirect to the login page.

Here is my security.yml :

providers:
    fos_userbundle:
        id: fos_user.user_manager

firewalls:
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false
        realm: "Acces reserve"

    login:
        pattern:   ^/(login$|register|resetting)  
        anonymous: true                           

    main:
        pattern: ^/                      
        form_login:                      
            provider:    fos_userbundle  
            remember_me: true            
        remember_me:
            key:         %secret%        
        anonymous:       true            
        logout:          true            


access_control:
    - { path: ^/backoffice, roles: ROLE_ADMIN }
    - { path: ^/, roles: ROLE_USER }

I think there is no reason for it not to work ; here is the problem now. I observed that I'm not logged the same in /login and in others areas. For example, if I log myself then I'm the user named "admin" with role "ROLE_USER" on the website BUT if I go then to /login, I'm logged as "anon" with no role at all. Same problem but more boring: when a new user register, he's log on the /login page but not on the other pages... So he's always redirect to /login and the logout doesn't change anything. :/

Do you have an idea ?

Thanks !

P.S. : Is it possible to manually clean all sessions in Symfony2 ? 'cause I would like to be able to try other things but in Chrome I just can't do anything for now... I tryed clear the browser cache and cookies, clear Symfony cache, etc... Nothing changes, I'm still logged as "admin" on the /login page -_-

Was it helpful?

Solution

The thing is you specified the fos_userbundle provider only for main firewall, not for login and dev firewalls. So fos_userbundle isn't used for /login page at all.

The documentation says you should use this config:

firewalls:
    main:
        pattern: ^/
        form_login:
            provider: fos_userbundle
            remember_me: true            
        remember_me:
            key:         %secret%        
        logout:       true
        anonymous:    true

access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/backoffice, roles: ROLE_ADMIN }
    - { path: ^/, roles: ROLE_USER }
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top