security.yml keeps asking for check_path which has already been supplied

0
votes

So I've got an application which is using the FOSUserbundle for user management and HWIOAuthBundle for the OAuth authentication, which at the moment is only Facebook.

I keep getting this error when I want to log in via the login form provided by the FOSUserBundle templates.

You must configure the check path to be handled by the firewall using form_login in your security firewall configuration.

But I'm not receiving this error when I log in via the sign in using facebook button.

Below is my security.yml file

security:

    encoders:
        FOS\UserBundle\Model\UserInterface: bcrypt

    # Roles being defined
    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: ROLE_ADMIN

    # http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
    providers:
        in_memory:
            memory: ~

        fos_userbundle:
            id: fos_user.user_provider.username

    firewalls:
        # disables authentication for assets and the profiler, adapt it according to your needs

        secured_area:
            anonymous: ~
            logout: ~
            oauth:
                resource_owners:
                    facebook: "/login/check-facebook"
                login_path:        /login
                use_forward:       false
                failure_path:      /login
                oauth_user_provider:
                    service: my.custom.user_provider
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            pattern: .*
            provider: fos_userbundle
            form_login:
                login_path: fos_user_security_login
                check_path: fos_user_security_check
                use_forward: false
                failure_path: null
            logout:
                 path:   fos_user_security_logout
                 target: /
            anonymous:    true
            http_basic:
              realm: "Reviews"
       # main:

            # activate different ways to authenticate

            # http_basic: ~
            # http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate

            # form_login: ~
            # http://symfony.com/doc/current/cookbook/security/form_login_setup.html

    # Access controls
    access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/view, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/, role: ROLE_ADMIN }
        - { path: ^/create, role: ROLE_USER}
        - { path: ^/edit, role: ROLE_USER}
        - { path: ^/delete, role: ROLE_USER}
1
symfonyfosuserbundlehwioauthbundle

1 Answers

0
votes

My guess is that your form login is caught by the secured_area firewall.

You have 3 firewalls:

  • secured_area which matches everything as the default pattern is /*
  • dev probably never reached because secured_area already matched
  • main matches all (because of pattern), but is never reached

Symfony will use the first matching firewall for authentication and since secured_area is not configured for the login form it will not work. You could merge both firewalls (basically copy the oauth section to main, but the separate login mechanisms might still interfere.

If both logins are for different sections (e.g. facebook for users, and form login for a backend accessible only to admin users) you could assign different patterns and check the profiler bar (the toolbar on the bottom of the screen in development mode) if the correct firewall was used.

In any case I would change the firewall's order. You can ensure dev is handled by moving it to the top and make sure to move the most generic firewall (using the /* pattern) to the bottom to make sure it catches all routes not previously handled by another firewall.