All Questions

Tagged with
235 questions with no upvoted or accepted answers
Filter by
Sorted by
Tagged with
6votes
1answer
856views

Unable to find the controller for path "/api/login_check". The route is wrongly configured

I have a problem with "login_check" and i use Symfony 3 and LexikJWTAuthenticationBundle. The problem : The security.yml : firewalls: login: pattern: ^/api/login stateless: ...
user avatar
  • 109
5votes
1answer
828views

Securely store user data in DB with Symfony

I want to store data from users so that they become useless even if the database gets leaked somehow. I also don't want to be able to encrypt the data, so I encrypt all my data via `openssl_encrypt' ...
user avatar
  • 2,251
5votes
2answers
2kviews

Symfony 2.3 Bad Credentials Custom provider

I'm completely lost at the moment, two days that I try to figure why I always obtain a "Bad Credential" response on my login form. I've used the How to load Security Users from the Database tutorial. ...
user avatar
5votes
3answers
4kviews

How to implement a permission roles/groups system for my symfony2 website

[QUESTION] This is really more of a brainstorm for anyone who can participate and provide ideas. I would like to start by explaining what I am looking to do, some of my thoughts and hopefully get some ...
user avatar
  • 173
4votes
0answers
551views

Nonces and web developer toolbar in Symfony

Symfony uses nonces in the development web toolbar like this : <div id="sfwdtd61de8" class="sf-toolbar sf-display-none"></div><script nonce=ca6666b27bc9c402c16192e4b43bbdaa> etc ...
user avatar
  • 373
4votes
1answer
857views

changing user's password with verification ( symfony2 )

I have Users in DB, their passwords are encrypted with: security: encoders: AppBundle\Entity\User: algorithm: bcrypt After a User's registration, the password used to encoded ...
user avatar
  • 153
4votes
1answer
272views

Two-way authentication in Symfony 2 project

I need to implement two-way authentication process in one of my Symfony 2 projects according to this algorithm: User enters his username and password in the authentication form and submits it. System ...
user avatar
3votes
1answer
957views

Symfony, generate slug from submitted form

I have this form which I want to modify in order to add a slug field which should be generated from user submitted data. Like user chosen category (name), and random words from content, and I'm also ...
user avatar
3votes
0answers
203views

Guard authentication and serializable user

I have been assigned the task to improve the authentication system on a symfony-based website. The details don't matter, what's important is that the new Guard component (introduced in Symfony 2.8) is ...
user avatar
3votes
1answer
359views

Change Symfony voting strategy dynamically

With the Symfony Voters system it's pretty easy to get a good ACL up and running for a web app. However, you have to decide in the beginning, what strategy you'd like to use. Symfony supports 3 ...
user avatar
  • 4,148
3votes
0answers
233views

Using Silex SecurityServiceProvider in a form with an API authentication

I'm trying to authenticate some users via a form but I want to check in an API if the login/password is validated and retrieve some informations about the users to populate my database (so when I'm in ...
user avatar
  • 31
3votes
0answers
285views

Symfony 2 optional API Key authentication

I've followed the official docs to set up API key authentication for a certain URL pattern (Sf2.7 API Key auth docs). The APIA Key firewall is defined before the main (normal login) firewall and it ...
user avatar
3votes
0answers
1kviews

Container extension "Security" is not registered

I've installed and configured FOSUserBundle and everything worked perfectly fin, until out of nowhere I refreshed my home page and then Container extension "Security" is not registered I've tried to ...
user avatar
3votes
0answers
144views

Solution for this complex ACL requirement in Silex/Symfony2

I want to implement ACL for my product which has groups (company, department,...), users and objects. The rules are following: (Note: manage = view + create + edit + delete) System staffs (lower ...
user avatar
3votes
0answers
173views

Symfony2 AccessDeniedException override to record hacking attempt

The logic behind the solution I'm designing implies that if an AccessDeniedException is thrown it's an hacking attempt. It would be nice, for logging purposes, to record those hacking attempts, for ...
user avatar
  • 1,913
3votes
0answers
769views

Using/Configuring Symfony security component

Am attempting to configure security using Symfony's security component in a custom PHP applications. I have everything wired right down to HTTP Kernel and all the authentication and authorization ...
user avatar
  • 829
3votes
0answers
751views

Filter query if security access is granted in doctrine / Delete entities from knp paginator

I'm using symfony2, doctrine, knp paginator and security voters. In my application each user have some children. I should display a list of child that belong to current user (defined by current logged ...
user avatar
  • 1,355
3votes
2answers
2kviews

Security in file upload with Symfony2: where to safely store them?

I use an Ajax application to upload files in a Symfony2 web application. When I upload the files, I put them in a path like: "%kernel.root_dir%/../web/bundles/acmehome/images/uploaded" I have a lot ...
user avatar
  • 16.4k
3votes
1answer
586views

ACL ROLE_ADMIN does not work

Maybe somebody here can help me. I'm adding blog comments and add the rights on it. The rights for the user who created the blog the rights are OK. The rights for not logged user can view de comment ...
user avatar
2votes
0answers
1kviews

symfony 4 sets logged in as anonymous

I'm working on a Symfony 4 project. After trying to login, it redirects me back to the login page with an anonymous token. My setup is using the login form from symfony docs. After clicking login my ...
user avatar
2votes
0answers
2kviews

How to redirect to login page after session timeout with Symfony?

My problem, When session timed out, i refresh the page and then i get 500 error: Impossible to access an attribute ("id") on a null variable. because "id" is empty. I want to redirect to login ...
user avatar
2votes
1answer
886views

Symfony 3.3 Unable to find the controller for path "/login/check". The route is wrongly configured

I know there were some questions already asked although after checking 20x if it's not the same case as others had still I have no solution for my case yet. I've set up my own authentication ...
user avatar
2votes
0answers
239views

Silex: Authentication system does not login

I'm trying to implement the authentication system in my Silex project. However, I can't get it working. I've consulted so many websites that covered this system, but combining them all still does not ...
user avatar
2votes
0answers
280views

Symfony JWT Bundle and form authentication

When configuring the LexikJWTAuthenticationBundle I just need to set up the security.yml with these settings: security: # ... firewalls: login: pattern: ^/api/login ...
user avatar
  • 2,665
2votes
1answer
1kviews

Symfony 3 unable to login with ajax

First, I am not using FOSUserBundle in this project. So, let's get that out of the way. I am able to register an user, but unable to log him in. I verified that form is posted to LoginController ...
user avatar
  • 1,270
2votes
1answer
1kviews

Symfony3 + "Authentication request could not be processed due to a system"

I use Symfony3 with MongoDB ODM. When I try to login, I have this message: "Authentication request could not be processed due to a system problem." Here is the security.yml file: # To get started ...
user avatar
  • 71
2votes
0answers
213views

How to add another Symfony connection cookie for another domain?

In a SF 2.8 application with FOS User, I need to setup a second cookie for persist authentication, with another domain. My needs are a bit exotic in here : App is served over SSL, in HSTS mode (https:...
user avatar
  • 1,006
2votes
0answers
116views

Anon. in Custom User Provider

I want to manage my users without Database, and check their JWT I use Guard and a Custom Service to Validate my JWT. I Want to use even a custom user provider, And If user doesn't have JWT I want to ...
user avatar
  • 3,324
2votes
0answers
2kviews

Symfony2 - throwing AccessDeniedHttpException don't work EDIT: Security

I would like to remove unwanted effect of redirecting when somewhere is thrown AccesDeniedException. I mean redirecting to "login" page if user is not authenticated. I created kernel.exception ...
user avatar
  • 1,468
2votes
0answers
143views

Symfony2 SonataAdmin + EDBlogBundle in PROD environment with a specific role

I switched to my prod environemnt today and started testing. Everything is working great with my admin user. The problem is when I switch to another user, that has a role PROVIDER. This user is only ...
user avatar
  • 1,201
2votes
0answers
154views

Symfony2 list all route with security

Using symfony2 2.7 and annotations, I define routes as follow : /** * @Route("/my-route", name="api_my_route") * @Method("GET") * @Security("has_role('SOME_ROLE')") */ I would like to list all ...
user avatar
2votes
0answers
2kviews

Token based authentication in php symfony 2

I am building a rest api and web app in symfony 2. My rest api will be consumed by mobile application and it is not a public api. I am using token based authentication with tokens stored in a database....
user avatar
  • 3,614
2votes
1answer
52views

Concurrent firewalls

Context: I am currently working on a site where some features are only available to authenticated members. So I have the following firewall configuration: /app/config/security.yml: security: ...
user avatar
2votes
1answer
563views

symfony: defining logouts for multiple firewalls

I need to define logout paths for multiple firewalls in symfony 2. How do I configure my routing.yml file to allow for this? security.yml firewalls: dev: pattern: ^/(_(...
user avatar
2votes
0answers
331views

symfony2 throws "A Token was not found in the SecurityContext" with bots

In my symfony2 application, I built an exception listener which sends me an email when an exception occurs (I filtered out 404 and made sure it would not throw an email more than one a day for the ...
user avatar
  • 4,863
2votes
0answers
404views

Automatic logout unexpectedly

I am facing an weird issue,sometimes when an user weather he is active or not reloads the page or click on any other page,the session logs out. I am using FOS User Bundle here.Also,in that case the ...
user avatar
2votes
0answers
781views

How to test symfony authentication using shared context firewall?

I'm trying to test an application (symfony 2.6 + phpunit) that is using shared firewall by context but it is not working. I followed documentation from http://symfony.com/doc/current/cookbook/testing/...
user avatar
2votes
1answer
383views

Symfony2 subdomain firewall ignored on production server

I got a very strange issue after deploying a new site. The site uses a shop.domain.tld which is after a login. In the security.yml I defined a host parameter in my firewall and in the access_control ...
user avatar
2votes
0answers
323views

Symfony 2 FOSUserBundle Anonymous after login

I'm implementing FOSUserBundle on a Symfony 2.5 install. I have two problems: (SOLVED) When I login I get redirected to the debugger page, I have no idea why. Shouldn't I be directed to the last ...
user avatar
  • 10.7k
2votes
0answers
368views

PHP symfony 2.x: How to authenticate against a web-service by providing username and password?

I have a very big problem with symfony 2.x. I need to authenticate against a web-service by passing the username and the password to this web-service. The standard way and any other implementation of ...
user avatar
2votes
1answer
158views

Symfony security strategy with two user providers?

I have an API that is in production being used by a single web site. We wish to open this up to other applications. The API is REST and uses Symfony 2. I have been looking at various security ...
user avatar
  • 193
2votes
1answer
222views

Authentication does not work

I have set a secured area using http_basic . I can see the box with username and password fields but even if I put correct information I get the box again and again as if I used wrong ones. My ...
user avatar
2votes
0answers
812views

Symfony2 security - Strange behavior (Challenging issue)

Using FOSOauthServerBundle, FOSUserBundle and Symfony2.0, I have followed this documentation (http://blog.logicexception.com/2012/04/securing-syfmony2-rest-service-wiith.html) about creating an own ...
user avatar
  • 3,742
2votes
1answer
240views

Combine custom user provider with hashed passwords with http basic to backend api

I have a REST API and a frontend for that API, both written in Symfony2. In the frontend I have written a custom user provider to create a user object in the frontend, based on information from the ...
user avatar
  • 1,630
1vote
0answers
207views

How to upgrade Symfony 5 LDAP security to the new Authenticator-based

I'm successfully used LDAP auth with some settings: security: # enable_authenticator_manager: true encoders: App\Entity\User: algorithm: auto providers: ...
user avatar
1vote
1answer
161views

Symfony5: isPasswordValid return true only with plain password

I'm facing a weird issue that I've never met before with Symfony 5.2. I'm implementing a login for an API, and it seems that the method of UserPasswordEncoderInterface::isPasswordValid don't validate ...
user avatar
  • 21
1vote
0answers
588views

ApiPlatform - implement security authorization on subresource route

I'm using Symfony5 and ApiPlatform I have a User entity and a Product entity. I want to list all my user's products through a subressource, to do so I've implemented my user class as follow : /** * @...
user avatar
1vote
0answers
72views

api-platform: Limit the records a user can see based on access logic

I would like to use Symfonys API platform for a BI application. I know it is great in security and flexibility, but I need something I have not yet found in documentation or here on stackoverflow. I ...
user avatar
  • 11
1vote
0answers
302views

Symfony 4 - Why does security voter redirect me to the login page when it returns false?

there is something I don't understand in Symfony 4. I have a custom voter in which I check if I have a property that is true or false: /** * Vérifie si les essais gratuits sont activés * * @...
user avatar
  • 1,288
1vote
0answers
83views

Advanced use of Roles in Symfony Security

I am creating a Symfony application where users need to login. I want to use Symfony Security or FOSUserBundle. But I am having trouble deciding how to organize roles. This is why: there are ...
user avatar

15 30 50 per page
1
2 3 4 5