0
votes

I'm trying to get FOSUserBundle and HWIOAuth working together for handle the authentication of two types of users: representatives and interns. The representatives ones would begin using HWIOAuth and would use Salesforce and internal FOSUserBundle.

I'm trying to set everything but I have problems because Symfony throws this error when I try to access the /login-salesforce or /admin routes.

InvalidConfigurationException in BaseNode.php line 313: Invalid configuration for path "security.firewalls.admin_area": The check_path "/login_check" for login method "form_login" is not matched by the firewall pattern "^/admin".

This is the content of security.yml file:

security:
    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_REPRESENTATIVE:        [ROLE_USER]
        ROLE_ADMIN:                 [ROLE_REPRESENTATIVE, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username_email

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false

        #this is the secured area accessed through web browser and only internals are allowed to login
        admin_area:
            pattern:    ^/admin
            anonymous:    ~
            form_login:
                provider: fos_userbundle
                csrf_provider: form.csrf_provider
                login_path: /login
                check_path: /login_check
                post_only: true
                always_use_default_target_path: true
                target_path_parameter: _target_path
                use_referer: false
                failure_path: null
                failure_forward: false
            logout:
                path:   fos_user_security_logout
                target: /

        #this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
        rep_area:
            methods: [GET, POST]
            pattern: ^/
            anonymous: true
            logout: true
            logout:
                path:   /logout
                target: /
            oauth:
                resource_owners:
                    salesforce: "/login/check-salesforce"
                login_path: /login
                failure_path: /login
                oauth_user_provider:
                    service: pdi_salesforce.oauth_user_provider

    access_control:
        - { path: ^/reptool, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin, roles: ROLE_SUPER_ADMIN }

From HWIOAuth side I got everything setup, I think (can share if needed by someone). This is the content of routing.yml file:

#HWIOAuthBundle
hwi_oauth_redirect:
    resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml"
    prefix:   /connect

hwi_oauth_login:
    resource: "@HWIOAuthBundle/Resources/config/routing/login.xml"
    prefix:   /login

salesforce_login:
    pattern: /login/check-salesforce

#PDOne
pd_one:
    resource: "@PDOneBundle/Controller/"
    type:     annotation
    prefix:   /

template:
    resource: "@TemplateBundle/Controller/"
    type:     annotation
    prefix:   /

#FOSUserBundle
fos_user:
    resource: "@FOSUserBundle/Resources/config/routing/all.xml"

#SonataAdmin
admin:
    resource: '@SonataAdminBundle/Resources/config/routing/sonata_admin.xml'
    prefix: /admin

_sonata_admin:
    resource: .
    type: sonata_admin
    prefix: /admin

What else I am missing? Does any here get those two working together and can share their work to get it done?

1

1 Answers

1
votes

Hohoho the problem is here

admin_area:
        pattern:    ^/admin
        anonymous:    ~
        form_login:
            provider: fos_userbundle
            csrf_provider: form.csrf_provider
            login_path: /admin/login
            check_path: /admin/login_check
            post_only: true
            always_use_default_target_path: true
            target_path_parameter: _target_path
            use_referer: false
            failure_path: null
            failure_forward: false
        logout:
            path:   fos_user_security_logout
            target: /

The login_path and check_path need to have /admin at the front.