search

rollerworks-graveyard / RollerworksMultiUserBundle

Multi user management for the FOSUserBundle - DISCONTINUED!!
MIT License
56 stars 21 forks source link

You must configure the check path to be handled by the firewall using form_login in your security firewall configuration #48

Closed truckee closed 10 years ago

truckee commented 10 years ago

I've wrung out as many (mostly self-inflicted) error messages as I can and am left with

You must configure the check path to be handled by the firewall using form_login in your security firewall configuration

I get a login template at /staff/profile/login. The above error appears after submitting the form.

app/config/routing.yml snippet:

vol_staff_security:
    resource: "@VolStaffBundle/Resources/config/routing/security.xml"
    prefix: /staff/profile

vol_staff_profile:
    resource: "@VolStaffBundle/Resources/config/routing/profile.xml"
    prefix: /staff/profile

vol_staff_register:
    resource: "@VolStaffBundle/Resources/config/routing/registration.xml"
    prefix: /staff/register

vol_staff_resetting:
    resource: "@VolStaffBundle/Resources/config/routing/resetting.xml"
    prefix: /staff/resetting

vol_staff_change_password:
    resource: "@VolStaffBundle/Resources/config/routing/change_password.xml"
    prefix: /staff/profile

app/config/security.yml firewall snippet

        staff:
            pattern: ^/staff
            form_login:
                provider: vol_staff_bundle
                csrf_provider: form.csrf_provider
                check_path: vol_staff_security_check
                login_path: vol_staff_security_login
            logout:       true
            anonymous:    true

[Curiously, omitting the check_path & login_path parameters threw an error.]

Staff Bundle Resources/config/routing/security.xml:

<routes xmlns="http://symfony.com/schema/routing"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://symfony.com/schema/routing http://symfony.com/schema/routing/routing-1.0.xsd">

    <route id="vol_staff_security_login" pattern="/login">
        <default key="_controller">FOSUserBundle:Security:login</default>
    </route>

    <route id="vol_staff_security_check" pattern="/login_check">
        <default key="_controller">FOSUserBundle:Security:check</default>
        <requirement key="_method">POST</requirement>
    </route>

    <route id="vol_staff_security_logout" pattern="/logout">
        <default key="_controller">FOSUserBundle:Security:logout</default>
    </route>

</routes>
sstok commented 10 years ago

You don't need to use check_path as this handled by firewall.

truckee commented 10 years ago

Eliminating the check_path parameter results in

The check_path "/login_check" for login method "form_login" is not matched by the firewall pattern "^/staff"

Where, then, is check_path handled by the firewall? Is it possible to view a complete working configuration (routing, security, bundle extension & configuration) anywhere?

truckee commented 10 years ago

Platform: Windows Pro 8.1, 64-bit

Starting with a fresh Symfony 2.4 installation, namespace Vol\AppBundle, adding FOSUserBundle with a Staff entity in namespace Vol\StaffBundle, then confirming that a user could log in w/ FOS, I did the following:

Launching dev environment results in:

Invalid configuration for path "security.firewalls.staff": The check_path "/login_check" for login method "form_login" is not matched by the firewall pattern "^/staff"

sstok commented 10 years ago

Ah wait check_path defaults to '/login_check' which is not present.

Assuming the the login page is at staff/login. Set the check_path to staff/login_check'

truckee commented 10 years ago

I very much appreciate your attention to this. The latest sequence:

login_path: /staff/profile/login
check_path: /staff/profile/login_check
        Configuration path "fos_user.db_driver" cannot be overwritten

("Unable to get template for "security.login", there is no such template configured.") in "FOSUserBundle:Security:login.html.twig"

  • so added to VolStaffExtension (after copying from FOS)
        'security' => array(
            'login' => array(
                'template' => 'VolStaffBundle:Security:login.html.twig',
            )
        ),

You must configure the check path to be handled by the firewall using form_login in your security firewall configuration

If you are not otherwise engaged, I've posted the code at https://github.com/truckee/Volunteer-Project

sstok commented 10 years ago

check_path: /staff/profile/login_check

This should be check_path: /staff/login_check, the login path is defined in https://github.com/truckee/Volunteer-Project/blob/master/src/Vol/StaffBundle/Resources/config/routing/security.xml#L11 and refers to the FOSUserBundle SecurityController. Its only done to inform a bad configuration, but its still required none the less.

The fos_user configuration is handled using the RollerworksMultiUserBundle, you must not set it manually as that will overwrite the auto configuration.

truckee commented 10 years ago

Thanks for taking a look. The recommended change, while not throwing an error, does not eliminate the error when logging in:

You must configure the check path to be handled by the firewall using form_login in your security firewall configuration

[Note: the login_path remains /staff/profile/login]

sstok commented 10 years ago

Found what is causing this, your templates are still using the FOSUserBundle routes. If you remove the fos_user routes (which are not needed anyway) you get an error saying that the route does not exist.

I will update the documentation to make this more clear.

Edit. You also configured some templates which are none existent, if you leave these empty they will use the RollerworksMultiUserBundle ones (which are basically the same as the FOSUserBundle templates).

sstok commented 10 years ago

Looking at this it also makes sense to make the layout-template configurable.

truckee commented 10 years ago

Thanks immensely. We're all sorted out now.