search

FriendsOfSymfony / FOSUserBundle

Provides user management for your Symfony project. Compatible with Doctrine ORM & ODM, and custom storages.
https://symfony.com/doc/master/bundles/FOSUserBundle/index.html
MIT License
3.25k stars 1.57k forks source link

Integration with HWIOAuthBundle #2841

Open konradja100 opened 6 years ago

konradja100 commented 6 years ago

Hi, i have some troubles after deploying my app to production server. I'm using symfony 4.1 with security pack and HWIOAuthBundle, and everything is working fine, but only for local enviroment. As long as i'm trying to log in by social accounts (ex. google), i get 403.

Here are my logs from this action: screenshot_36

So as i understand user is logged in properly, but then access is denied - "user is neither anonymous, nor remember-me", what can be possible reason?

I have this configuration:

security.yaml

security:
    encoders:
        FOS\UserBundle\Model\UserInterface: bcrypt

    role_hierarchy:
        ROLE_ADMIN:       ROLE_CLIENT
        ROLE_SUPER_ADMIN: ROLE_ADMIN

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            pattern: ^/
            oauth:
                resource_owners:
                    google: /login/check-google
                    linkedin: /login/check-linkedin
                    custom: /login/check-windows-live
                login_path: /%locale%/login
                use_forward: false
                failure_path: /%locale%/login
                success_handler: App\Handler\AuthenticationSuccessHandler
                oauth_user_provider:
                    service: my.oauth_aware.user_provider.service
            form_login:
                provider: fos_userbundle
                csrf_token_generator: security.csrf.token_manager
                login_path: fos_user_security_login
                check_path: fos_user_security_check
                default_target_path: app_homepage_index
                success_handler: App\Handler\AuthenticationSuccessHandler
            logout:
                path: fos_user_security_logout
                target: fos_user_security_login
            anonymous:    true
            remember_me:
                secret:   '%kernel.secret%'
                path: /
                domain: ~

    access_control:
        - { path: ^/[a-z]+/connect/[a-z]+$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/[a-z]+/payment_status/[a-z0-9]+/[a-z0-9]+$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/[a-z]+/connect/registration/[a-z]+$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/[a-z]+/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/[a-z]+/logout$, role: ROLE_USER }
        - { path: ^/[a-z]+/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/[a-z]+/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/[a-z]+/update, role: [IS_AUTHENTICATED_ANONYMOUSLY, ROLE_CLIENT] }
        - { path: ^/, role: ROLE_CLIENT }

Each user has granted ROLE_CLIENT in database, so what exacly says this "user is neither anonymous, nor remember-me" message?

stephanvierkant commented 5 years ago

I think you should open an issue in the HWIOAuthBundle repo.