Simple login form with Symfony Security

4
votes

I tried to do login form with this tutorial: http://symfony.com/doc/current/cookbook/security/form_login_setup.html

So, now my security.yml file looks like:

security:
    providers:
        in_memory:
            memory:
                users:
                    ryan:
                        password: ryanpass
                        roles: 'ROLE_USER'
                    admin:
                        password: kitten
                        roles: 'ROLE_ADMIN'

    encoders:
      Symfony\Component\Security\Core\User\User: plaintext

    firewalls:
        login_firewall:
            pattern:   ^/login$
            anonymous: ~
        secured_area:
            pattern:    ^/
            anonymous: ~
            form_login:
              login_path: login
              check_path: login
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

    access_control:
        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/, roles: ROLE_USER }

Security Controller:

class SecurityController extends Controller
{
    /**
     * @Route("/login", name="login")
     */
    public function loginAction(Request $request)
    {
        $authenticationUtils = $this->get('security.authentication_utils');

        // get the login error if there is one
        $error = $authenticationUtils->getLastAuthenticationError();

        // last username entered by the user
        $lastUsername = $authenticationUtils->getLastUsername();

        return $this->render(
            'AppBundle:Security:login.html.twig',
            array(
                // last username entered by the user
                'last_username' => $lastUsername,
                'error'         => $error,
            )
        );
    }

}

So basically, it doesn't work properly. After sending login form nothing happens and I don't know why. I think the configuration of the security is wrong. Could somebody help me? I have no idea what is wrong.

1
phpsymfony
If you are trying to login with ROLE_ADMIN you may recognize the problems. You did not configure the role_hierarchy in which you tell symfony which role inherits the others. And in the access_controls you are only allowing ROLE_USER to enter. Maybe this is the problem? Additionally you should provide the default_target_path in your firewall ...Chris P. Bacon

1 Answers

2
votes

Change the check_path to something else, like login_check and also add the login_check and logout action to your controller:

/**
 * @Route("/login_check", name="login_check")
 */
public function loginAction()
{
    // The security layer will intercept this request, else redirect to login page
    $this->addFlash('warning', $this->get('translator')->trans('login_expired'));
    return $this->redirect($this->generateUrl('login'));
}

/**
 * @Route("/logout", name="logout")
 */
public function logoutAction()
{
    // The security layer will intercept this request, else redirect to login page
    $this->addFlash('warning', $this->get('translator')->trans('login_expired'));
    return $this->redirect($this->generateUrl('login'));
}

Also make sure that the login_form does a post to the login_check:

<form id="loginForm" action="{{ path('login_check') }}" method="post">