Stack Overflow
Stack Overflow

Questions tagged [symfony-security]

The Symfony security component is a standalone library that can be used outside of Symfony2 projects.

Symfony security component provides a complete security system for your web application. It ships with facilities for authenticating using HTTP basic or digest authentication, interactive form login or X.509 certificate login, but also allows you to implement your own authentication strategies. Furthermore, the component provides ways to authorize authenticated users based on their roles, and it contains an advanced ACL system.

Useful links

276 questions
3
votes
2 answers

How to immediately disable access to a user that is soft-deleted or no longer enabled?

In my application, users with the role ROLE_ADMIN are able to manually disable other user accounts, by setting enabled on the user account to false. Using a user checker, the user will not be able to log in the next time they try: public function…
Dirk J. Faber
  • 4,360
  • 5
  • 20
  • 58
3
votes
1 answer

Symfony 5: Can I have a main and admin firewalls in security.yaml?

I am following an excellent french course designed for symfony 4 and starting getting adapted to symfony 5. I am trying to create a redirection route when an user goes on admin/logout route. According to Symfony 5 official documentation, I do not…
Sébastien NOBOUR
  • 66
  • 2
  • 8
3
votes
1 answer

How can I configure basic authentication in Symfony to allow an empty password?

I am writing a REST API endpoint in PHP / Symfony 4.0 and I want to use basic authentication, with an in-memory user whose password is blank. When I try to call the endpoint with these credentials, I get a BadCredentialsException saying 'The…
dans
  • 39
  • 4
3
votes
2 answers

UserChecker - Use entity manager

My website is running Symfony 3.4 and I made my own user member system. My User entity contains a Datetime field 'lastLogin' and I can't find a solution to update it every time a user logged in. I created a custom UserChecker then I tried to update…
Paolito75
  • 558
  • 1
  • 11
  • 33
3
votes
2 answers

Symfony Security logout not clearing RememberMe token

Using Symfony 4 with a security.yaml like this: encoders: App\Entity\User: sha256 providers: public_users: entity: class: App\Entity\User property: email firewalls: dev: pattern:…
Thomas Decaux
  • 21,738
  • 2
  • 113
  • 124
3
votes
1 answer

Symfony - How to redirect the user to last page visited after login?

How to redirect the user to last page visited after login in Symfony with fosuserbundle? In my controller, I check first if user is logged in. Then if he isn't, I redirect him to the login page. Here is the short code I used at the beginning of my…
Kr1
  • 1,269
  • 2
  • 24
  • 56
3
votes
1 answer

Change Symfony voting strategy dynamically

With the Symfony Voters system it's pretty easy to get a good ACL up and running for a web app. However, you have to decide in the beginning, what strategy you'd like to use. Symfony supports 3 strategies: affirmative, consensus and unanimous (see…
wawa
  • 4,816
  • 3
  • 29
  • 52
3
votes
1 answer

Multiple security firewalls with the same pattern in Symfony2

I'm using two firewalls with same pattern for two types of users: Admin with access to both frontend and backend who can see some extra controls in frontend app then normal user. User who can access only frontend. This is my simplified…
martin
  • 93,354
  • 25
  • 191
  • 226
3
votes
1 answer

Secure method using annotations

I have a page with a form and want to know if it is possible to access it using GET, but only allow logged in users to POST to it. I know this can be done in security.yml, but am not sure how to do it with annotations. /** * @param Request…
George Irimiciuc
  • 4,573
  • 8
  • 44
  • 88
3
votes
1 answer

How to allow access only to a local subnet using access control in symfony 2?

Assuming I have /localnetwork, I want only to give access to the local network which usually has ips in this range 10.4.X.X security: firewalls: localnetwork: pattern: ^/localnetwork anonymous: ~ access_control: - {…
naguib
  • 85
  • 8
3
votes
1 answer

Authentication with user password through an API with Symfony2

I have an OAuth API that requires an username and a password to get the user object (resource owner password credentials flow). I'm trying to get this end result : User enters username/password Symfony exchanges username/password for access and…
azenet
  • 379
  • 1
  • 6
  • 14
3
votes
3 answers

Impossible to update Entity

Under Symfony 2 (last version), I'm trying to update my entity : php app/console doctrine:schema:upate --force I got this error message into my terminal : [Symfony\Component\Config\Definition\Exception\InvalidConfigurationException] …
user3553866
  • 316
  • 1
  • 3
  • 15
3
votes
1 answer

Symfony2 - Why voters are called even for SuperAdmins

I noticed that my voters are solicited even for SuperAdmin users. Is it working as expected ? If yes, I thought that the philosophy of SuperAdmin is that they systematically have all rights, so that we don't have to give them each permission one by…
Pierre de LESPINAY
  • 44,700
  • 57
  • 210
  • 307
2
votes
2 answers

Expected an instance of "Symfony\Component\Security\Core\User\UserInterface" as first argument

I'm trying to add hashing to passwords for my users, I followed this guide for symfony 5.3 and when I'm using ->setPassword($passwordHasher->hashPassword( $user, 'contraseña' )) While testing if it works,…
Cristian Rodriguez Navarro
  • 57
  • 1
  • 7
2
votes
1 answer

Auto remember-me after register

I'm using Symfony 5.2 / PHP8 My login form is simply email + password I do an auto "remember me" using firewalls: endusers: ... remember_me: secret: '%kernel.secret' lifetime:…
allan.simon
  • 3,886
  • 6
  • 35
  • 60
1 2
3
18 19