Saturday, March 12, 2022

[FIXED] Possible to authorize a page only to the disconnected user

      , , ,      No comments   

Issue

I wonder if it is possible on a symfony controller to only allow logged out users (for the login page for example).

I tried using:

  1. isGranted("IS_ANONYMOUS"): Only anonymous users are matched by this attribute.
  2. On security.yaml { path: ^/connexion, roles: IS_ANONYMOUS}

My security.yaml :

security:
  enable_authenticator_manager: true
  # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
  password_hashers:
    Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: "auto"
    App\Entity\User:
      algorithm: auto

  # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
  providers:
    # used to reload user from session & other features (e.g. switch_user)
    app_user_provider:
      entity:
        class: App\Entity\User
        property: username
    # used to reload user from session & other features (e.g. switch_user)
  firewalls:
    dev:
      pattern: ^/(_(profiler|wdt)|css|images|js)/
      security: false
    main:
      pattern: ^/
      lazy: true
      provider: app_user_provider
      form_login:
        # "login" is the name of the route created previously
        login_path: connexion
        check_path: connexion
        default_target_path: /
        always_use_default_target_path: true
      logout:
        path: deconnection

      # activate different ways to authenticate
      # https://symfony.com/doc/current/security.html#the-firewall

      # https://symfony.com/doc/current/security/impersonating_user.html
      # switch_user: true

  # Easy way to control access for large sections of your site
  # Note: Only the *first* access control that matches will be used
  access_control:
    # - { path: ^/admin, roles: ROLE_ADMIN }
    - { path: ^/deconnection, roles: IS_AUTHENTICATED_FULLY}


when@test:
  security:
    password_hashers:
      # By default, password hashers are resource intensive and take time. This is
      # important to generate secure password hashes. In tests however, secure hashes
      # are not important, waste resources and increase test times. The following
      # reduces the work factor to the lowest possible values.
      Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
        algorithm: auto
        cost: 4 # Lowest possible value for bcrypt
        time_cost: 3 # Lowest possible value for argon
        memory_cost: 10 # Lowest possible value for argon

And my controller :

class ConnexionController extends AbstractController
{


#[Route('/connexion', name: 'connexion')]
public function index(AuthenticationUtils $authenticationUtils, UserInterface $user = null): Response
{

    $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');

    // get the login error if there is one
    $error = $authenticationUtils->getLastAuthenticationError();

    // last username entered by the user
    $lastUsername = $authenticationUtils->getLastUsername();


    return $this->render('connexion/index.html.twig', [
        'last_username' => $lastUsername,
        'error'         => $error,
    ]);
}
}

But it does not work as I wish, could you enlighten me thank you :)


Solution

$this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY'); wait a authenticated user, replace by

if ($this->getUser()) {
    return $this->redirectToRoute('home');
}

replace route name home by yours



Answered By - Kallard

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...