Symfony: Allow Basic Auth on sub route - multiple firewalls

0
votes

I have a main firewall for my Symfony 4 application. It is configured to load users from the DB and to use a login form etc, all standard stuff. And it works fine.

Here is my current security.yaml file:

security:
encoders:
    App\Entity\User:
        algorithm: bcrypt
providers:
    user_provider:
        entity:
            class: App\Entity\User
firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    main:
        pattern: ^/
        provider: user_provider
        anonymous: ~
        form_login:
            login_path: /login
            check_path: /login
        logout:
            path: /logout
            target: /login
access_control:
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/, roles: ROLE_ADMIN }

Now I need to add in basic authentication on a particular route that has dynamic information in it, which is where im struggling. An example URL would be:

http://myapp.com/repositories/%%username%%/directory/file.json

So up to http://myapp.com/ is secured and authenticated by the standard login form.

But if the request is to ^/repositories/%%username%% I need basic auth to be used.

%%username%% being dynamic and as you can see its a route to a file that will be the response in JSON. The basic auth doesn't actually have to be authenticated for symfony, it just needs to be available and if it fails return the correct Exception/Response:

array('fatal: Authentication failed', 'remote error: Invalid username or password.')

Any help would be much appreciated.

Thanks

** EDIT**

Ok guys so I have managed to figure out how to add the Basic Auth alongside my form based auth for a sub route.

Now i just need to figure out how to enable basic auth for a dynamic route.

Currently the following security.yaml covers http://myapp.com/repositories and anyone that logs in successfully will have access to all of the routes underneath.

security:
encoders:
    App\Entity\User:
        algorithm: bcrypt
providers:
    user_provider:
        entity:
            class: App\Entity\User
firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    repos:
        pattern: ^/repositories/
        anonymous: ~
        stateless: true
        http_basic:
            realm: "Toran Proxy Access"
    main:
        pattern: ^/
        provider: user_provider
        anonymous: ~
        form_login:
            login_path: /login
            check_path: /login
        logout:
            path: /logout
            target: /login
access_control:
    - { path: ^/repositories/, roles: ROLE_ADMIN}
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/, roles: ROLE_ADMIN }

But what i now need to do is restrict /repositories/%%username%% using basic auth and only giving access to this directory for certain credentials.

Thanks

1
symfonyauthenticationbasic-authenticationsymfony4

1 Answers

0
votes

So in the end I created my own Authorization Provider following http://symfony.com/doc/current/security/custom_authentication_provider.html

the in the provider I done a check to see if the current user should have permission to the sub directory or not.