Closed nobodyjoh closed 5 months ago
Follow the troubleshooting guide: https://symfony.com/bundles/SchebTwoFactorBundle/6.x/troubleshooting.html#two-factor-authentication-form-is-not-shown-after-login
I already check but i don't find my problem. I try to update the security.yaml and to put this (add default_target_path: 2fa_login in form_login) :
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
two_factor:
auth_form_path: 2fa_login # The route name you have used in the routes.yaml
check_path: 2fa_login_check # The route name you have used in the routes.yaml
...
form_login:
# "login" is the name of the login route
login_path: login
check_path: login
default_target_path: 2fa_login
enable_csrf: true
I am correctly redirected to the /2fa page but end up with an 'access denied' error. I think I'm missing something to instruct the login to go to the /2fa page with the IS_AUTHENTICATED_2FA_IN_PROGRESS rights, but I thought it was managed by the module.
Sorry i'm a begginer with symfony and I might be overlooking something trivial to you.
Please provide your full security.yaml
so we can properly assess the situation.
yes no problem:
security:
enable_authenticator_manager: true
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
App\Entity\User:
algorithm: auto
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
two_factor:
auth_form_path: 2fa_login # The route name you have used in the routes.yaml
check_path: 2fa_login_check # The route name you have used in the routes.yaml
lazy: true
provider: app_user_provider
remember_me:
secret: '%kernel.secret%'
token_provider: 'Symfony\Bridge\Doctrine\Security\RememberMe\DoctrineTokenProvider'
lifetime: 68400
form_login:
# "login" is the name of the login route
login_path: login
check_path: login
enable_csrf: true
logout:
path: logout
# where to redirect after logout
target: login
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#the-firewall
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
role_hierarchy:
ROLE_MASTER: [ROLE_MASTER2,ROLE_MASTER, ROLE_ABONNE, ROLE_ALLOWED_TO_SWITCH]
ROLE_MASTER2 : [ROLE_MASTER2,ROLE_ADMIN_OF, ROLE_ABONNE, ROLE_ALLOWED_TO_SWITCH]
ROLE_ADMIN_OF: [ROLE_ADMIN_CENTRE]
ROLE_ADMIN_CENTRE: [ROLE_INSTRUCTEUR, ROLE_CANDIDAT]
ROLE_INSTRUCTEUR : [ROLE_INSTRUCTEUR, ROLE_USER]
ROLE_CANDIDAT : [ROLE_CANDIDAT, ROLE_USER]
ROLE_CLASSIC : ROLE_CLASSIC
ROLE_ZEN : [ROLE_CLASSIC,ROLE_ZEN,ROLE_ALLOWED_TO_SWITCH]
ROLE_ABONNE : ROLE_ABONNE
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
#- { path: ^/dronEdifice, roles: ROLE_MASTER }
# This makes the logout route accessible during two-factor authentication. Allows the user to
# cancel two-factor authentication, if they need to.
- { path: ^/logout, role: PUBLIC_ACCESS }
# This ensures that the form can only be accessed when two-factor authentication is in progress.
- { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS }
- { path: ^/centre/espace-candidat, roles: ROLE_CANDIDAT }
- { path: ^/centre/candidat/mes-convocations, roles: ROLE_CANDIDAT }
- { path: ^/mot-de-passe-oublie, roles: PUBLIC_ACCESS }
- { path: ^/api/annuaire-candidats-certifies, roles: PUBLIC_ACCESS }
- { path: ^/centre, roles: ROLE_INSTRUCTEUR }
Can't see anything obvious wrong. You should check if you still have a TwoFactorToken
security token when the 2fa page is requests and drill down where this "access denied" error is caused.
I look at Session storage on my chrome debugger and i don't have any token when i'm on /2fa. It seems like the 2FA form is never actually called; I always go through my usual form_login.
I found the solution after a lot of search, the problem was in the security.yaml :
main:
two_factor:
auth_form_path: 2fa_login # The route name you have used in the routes.yaml
check_path: 2fa_login_check # The route name you have used in the routes.yaml
provider: app_user_provider
enable_csrf: true
I put the provider in the two factor and now it works
Glad that you found the issue. I wouldn't have guessed that either 🤷
Bundle version: 6.1 Symfony version: 5.4 PHP version: 8
Hello,
I wish to add two-factor authentication to my project and I came across your solution which seems great to me. Initially, the installation seemed straightforward, but I must be missing something because my authentication still works with email and password as usual.
I follow the installation guide and this is a part of my security.yaml :
My SecurityController look like this :
To be honest, I don't understand why it's not working even after following the various tutorials I've read.
Regards