0

I work under symfony, and I would like to configure my pattern in security so that it applies to everything but a certain path. (/Home)

I made that but it doesn't work and I don't know Regex :

pattern: ^/(?!/accueil).*$

There I am obliged to put all my links, which gives:

pattern: ^/(admin|profile|package|securiteInformatique|logout)

So it would be easier to put "all escept" /accueil

My security.yml:

   # app/config/security.yml
security:
    encoders:
        FOS\UserBundle\Model\UserInterface: bcrypt

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: ROLE_ADMIN

    providers:
        app:
           id: bes_auth.user_provider

    firewalls:

        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
           # anonymous:    true

       # public:
        #    pattern: ^accueil
         #   security: false
          #  anonymous: true

        main:
            logout_on_user_change: true
           # pattern: ^/(admin|profile|packages|securiteInformatique|logout)
            #pattern: ^/(?!accueil)

            form_login:
                check_path: fos_user_security_login_check
                login_path: /login_check

            guard:
                authenticators:
                    - app.security.login_form_authenticator
                    - bes_auth.authenticator

                entry_point: Site\PagesBundle\Security\LoginFormAuthenticator

            logout:
                path:   deconnexion #nom de la route de déconnexion
                target: /
                success_handler: bes_auth.authenticator
            anonymous:    true

    access_control:
        - { path: ^/admin, role: ROLE_SUPER_ADMIN }
        - { path: ^/accueil, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/, role: ROLE_USER }
wp78de
  • 18,207
  • 7
  • 43
  • 71
eronn
  • 1,690
  • 3
  • 21
  • 53
  • Please explain what does `accueil` mean in the example provided? Is it the path you would like to exclude? – Ildar Akhmetov Apr 15 '19 at 12:08
  • 2
    If you remove the slash in accueil ? It excepts `//accueil` not `/accueil` – G1.3 Apr 15 '19 at 12:10
  • Yes, this is my home page which contains a login form. On my website you can connect either by CAS authentication or from this login form, which is on the homepage. So to allow users to log in using the form, I need to remove the path "/ home" in the pattern so that it is accessible without the site automatically redirecting me to a login page with CAS authentication – eronn Apr 15 '19 at 12:11
  • Would /\b(?!accueil)\b\S+/g or ^(?!.*(home|accueil)$).* Work ? – Dylan KAS Apr 15 '19 at 12:41
  • This may works: `pattern: ^/(?!accueil)`. Tested and not catched bt a firewall in my Sf app. – G1.3 Apr 15 '19 at 12:48
  • Dylan Kas : So your first proposal does not cause an error, but strangely it allows all my pages. I had a false joy seeing that the home page was working but that I was not redirected to a CAS authentication for others :'( And the second redirects me to CAS authentication for the homepage :/ – eronn Apr 15 '19 at 12:59
  • G1.3 : Similarly, it redirects me to the CAS authentication page for all pages, as well as the homepage :( – eronn Apr 15 '19 at 13:00
  • I think we are looking in the wrong part of the security.yaml file. Show us the access_control part please – G1.3 Apr 15 '19 at 14:06
  • Okay, thanks for your help, I'll edit my first post – eronn Apr 15 '19 at 14:24

1 Answers1

0

You should remove the public firewall altogether, remove pattern from your main firewall, and use access_control to handle the permissions.

The following configuration is read by Symfony from the top down, applying the first rule it finds. So any URL beginning with /accueil will be checked against by your main firewall, but will allow the public to view without logging in (because you have anonymous: true). Every other URL (that doesn't begin with /accueil) will require the ROLE_USER role, therefore will force authentication.

    access_control:
        - { path: ^/admin, role: ROLE_SUPER_ADMIN }
        - { path: ^/accueil, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/, role: ROLE_USER }
emarref
  • 1,286
  • 9
  • 18
  • Thank you for interest in my post! So I did what you said (and that suddenly seems logical now). However, by going to the home page (http://site.DOMAIN.fr/accueil), this automatically sends me back to the CAS authentication page, so the home page is not searchable. Should the CAS authentication security for the home page be blown out? I am going to edit my first post to put my current code. And sorry for my English, I use a translator – eronn Apr 16 '19 at 06:32
  • Being bounced from /accueil to the login page suggests either the homepage is still requiring authentication, or it is redirecting you to a page that does. Perhaps confirm your two authenticator services are not causing authentication errors. – emarref Apr 16 '19 at 21:33
  • The security configuration is almost there - you need to make sure you are not hitting the common pitfalls mentioned in the docs - https://symfony.com/doc/4.0/security/form_login_setup.html#avoid-common-pitfalls. I.e. you need to make sure your login and login_check pages are allowed for unauthenticated users. – emarref Apr 16 '19 at 21:36