LexikJWTBundle: no route found for POST /api/login_check

0
votes

I am using LexikJWTBundle to authenticate an ionic angularjs app to a symfony2REST API.

My issue is that when I try to authenticate the user, Symfony returns : no route found for POST /api/login_check.

EDIT I had put the route in my rest routing file so the resulting route was /api/api/login_check. Now the error is: Unable to find the controller for path "/api/login_check". It looks like LexikJWTBundle doesn't intercept the call. End EDIT

I precise that my api is working fine w/o authentication and uses CORS though NelmioCorsBundle.

Here is my routing.yml portion:

api_login_check:
    path: /api/login_check

Here is my config.yml

lexik_jwt_authentication:
    private_key_path: %kernel.root_dir%/var/jwt/private.pem   # ssh private key path
    public_key_path:  %kernel.root_dir%/var/jwt/public.pem    # ssh public key path
    pass_phrase:      'passphrase'                                      # ssh key pass phrase
    token_ttl:        86400                                   # token ttl - defaults to 86400

Here is my security.yml:

# app/config/security.yml
security:

    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username_email


    firewalls:
        dev:
            pattern: ^/{_{profiler|wdt}}/
            security: false
            switch_user: true
        main:
            pattern: .*
            form_login:
                provider: fos_userbundle
                csrf_provider: form.csrf_provider
            logout:       true
            anonymous:    true
            switch_user: true
#       JWT SETUP
        login:
            pattern:  ^/api/login
            stateless: true
            anonymous: true
            form_login:
                check_path:               /api/login_check
                username_parameter: username
                password_parameter: password
                success_handler:          lexik_jwt_authentication.handler.authentication_success
                failure_handler:          lexik_jwt_authentication.handler.authentication_failure
                require_previous_session: false
#       JWT SETUP
        api:
            pattern:   ^/api
            stateless: true
            lexik_jwt:
                authorization_header:
                    enabled: true
                    prefix:  Bearer
                query_parameter:
                    enabled: true
                    name:    bearer

    access_control:
#        JWT SETUP
        - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api,       roles: IS_AUTHENTICATED_FULLY }
2
angularjssymfony

2 Answers

2
votes

Ok I found the issue: the firewall main should be located at the end because all routes maches this pattern and therefore prevent from going through other firewalls. Stupid mistake again !

Thank you @keyboardSmaher for your help.

Now the security.yml looks like this:

# app/config/security.yml
security:

    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username_email


    firewalls:
        dev:
            pattern: ^/{_{profiler|wdt}}/
            security: false
            switch_user: true
        api_login:
            pattern:    ^/api/login
            stateless:  true
            anonymous:  true
            provider:   fos_userbundle
            form_login:
                check_path:               api_login_check
                require_previous_session: false
                username_parameter:       username
                password_parameter:       password
                success_handler:          lexik_jwt_authentication.handler.authentication_success
                failure_handler:          lexik_jwt_authentication.handler.authentication_failure
        api:
            pattern:    ^/api
            stateless:  true
            provider:   fos_userbundle
            lexik_jwt: ~
        main:
            pattern: .*
            form_login:
                provider: fos_userbundle
                csrf_provider: form.csrf_provider
            logout:       true
            anonymous:    true
            switch_user:  true


#       JWT SETUP
#       JWT SETUP


    role_hierarchy:
        ROLE_DELEGATION:        [ROLE_USER]
        ROLE_EXPORT:            [ROLE_USER]
        ROLE_USER_ADMIN:        [ROLE_USER]
        ROLE_LIST_ADMIN:        [ROLE_USER]
        ROLE_IMPORT:            [ROLE_USER]
        ROLE_MOBILE:            [ROLE_USER]
        ROLE_ADMIN:             [ROLE_USER, ROLE_ALLOWED_TO_SWITCH]
        ROLE_SUPER_ADMIN:       [ROLE_USER, ROLE_ALLOWED_TO_SWITCH]

    access_control:
        - { path: ^/$, role: ROLE_USER}
#        - { path: ^/api, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/contacts, role: ROLE_USER }
        - { path: ^/profile, roles: ROLE_USER }
        - { path: ^/entites, role: ROLE_USER }
        - { path: ^/export, role: ROLE_EXPORT }
        - { path: ^/titres, roles: ROLE_ADMIN }
        - { path: ^/categories, roles: ROLE_ADMIN }
        - { path: ^/services, roles: ROLE_ADMIN }
        - { path: ^/groupes, roles: ROLE_ADMIN }
        - { path: ^/admin, roles: ROLE_ADMIN }
        - { path: ^/imports, roles: ROLE_IMPORT }
        - { path: ^/utilisateurs, roles: ROLE_USER_ADMIN }
        - { path: ^/register, role: ROLE_SUPER_ADMIN }
        - { path: ^/group, roles: ROLE_USER_ADMIN }
#        JWT SETUP
        - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api,       roles: IS_AUTHENTICATED_FULLY }
1
votes

For form log in to work, you need to create the check_path route. The route has to point to an empty controller and it is intercepted by the security system.

Just create an empty controller for /api/login_check and point your api_login_check route to it.

This information is in the documentation below.

Documentation