Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Help Wanted: Auth flow not directing to login if no user found #100

Open
philbeard opened this issue Aug 18, 2022 · 0 comments
Open

Help Wanted: Auth flow not directing to login if no user found #100

philbeard opened this issue Aug 18, 2022 · 0 comments

Comments

@philbeard
Copy link

Hi,

I am trying to get the authorize flow to direct to the login page if the user has not logged in yet, and then redirect to the Authorize page.

Currently I just get a 403 if the user has not logged in (if the user has already logged in on the browser, it shows the auth page and continues on from there fine).

Is this a config issue or something else?

This is my Security.yaml

security:
    enable_authenticator_manager: true
    # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
    password_hashers:
        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
    # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
    providers:
        app_user_provider:
            entity:
                class: Clean\Implementation\Entity\UserOrmEntity
                property: email
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        token:
            pattern: ^/token
            security: false
        api:
            pattern: ^/api/
            security: true
            stateless: true
            oauth2: true
        main:
            form_login:
                login_path: login
                check_path: login
            logout:
                path: logout

            # activate different ways to authenticate
            # https://symfony.com/doc/current/security.html#the-firewall

            # https://symfony.com/doc/current/security/impersonating_user.html
            # switch_user: true

    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
        - { path: ^/authorize, roles: IS_AUTHENTICATED_REMEMBERED }
        - { path: ^/api, roles: ROLE_USER }
    # Use hierarchy to manage different access levels
    # https://symfony.com/doc/current/security.html#hierarchical-roles
#    role_hierarchy:
#        ROLE_DISTRIBUTOR: ROLE_USER
#        ROLE_ADMIN: [ ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
#    role_hierarchy:
#        ROLE_OAUTH2_SUPER_USER: [ROLE_OAUTH2_EMAIL, ROLE_OAUTH2_PREFERENCES]

when@test:
    security:
        password_hashers:
            # By default, password hashers are resource intensive and take time. This is
            # important to generate secure password hashes. In tests however, secure hashes
            # are not important, waste resources and increase test times. The following
            # reduces the work factor to the lowest possible values.
            Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
                algorithm: auto
                cost: 4 # Lowest possible value for bcrypt
                time_cost: 3 # Lowest possible value for argon
                memory_cost: 10 # Lowest possible value for argon

Authorization subscriber (from https://github.com/Kerrialn/oauth2-example-project)

<?php

namespace App\EventSubscriber;

use League\Bundle\OAuth2ServerBundle\Event\AuthorizationRequestResolveEvent;
use League\Bundle\OAuth2ServerBundle\OAuth2Events;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;

class AuthorizationRequestResolverSubscriber implements EventSubscriberInterface
{
    public const SESSION_AUTHORIZATION_RESULT = '_app.oauth2.authorization_result';

    private RequestStack $requestStack;
    private UrlGeneratorInterface $urlGenerator;

    public function __construct(RequestStack $requestStack, UrlGeneratorInterface $urlGenerator)
    {
        $this->requestStack = $requestStack;
        $this->urlGenerator = $urlGenerator;
    }

    public static function getSubscribedEvents(): array
    {
        return [
            OAuth2Events::AUTHORIZATION_REQUEST_RESOLVE => 'onAuthorizationRequestResolve',
        ];
    }

    public function onAuthorizationRequestResolve(AuthorizationRequestResolveEvent $event): void
    {
        $request = $this->requestStack->getCurrentRequest();

        if ($request->getSession()->has(self::SESSION_AUTHORIZATION_RESULT)) {
            $event->resolveAuthorization(
                $request->getSession()->get(self::SESSION_AUTHORIZATION_RESULT)
            );
            $request->getSession()->remove(self::SESSION_AUTHORIZATION_RESULT);

        } else {
            $url = $this->urlGenerator->generate('app_consent', $request->query->all());

            $response = new RedirectResponse($url);
            $event->setResponse($response);
        }

    }
}

Cheers,
Phil
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@philbeard