[symfony-devs] Re: Redirected to login_check

Victor Berchet Mon, 21 Jan 2013 00:58:13 -0800

Marco,

Please send you support requests to the user ml:
https://groups.google.com/forum/?fromgroups=#!forum/symfony2


Cheers,
Victor

On Friday, January 18, 2013 10:58:05 PM UTC+1, Marco Roello wrote:
>
> HI,
> I'm quite sure that I'm falling in security common pitfalls, but this is 
> my problem:
> all my site is under a main firewall, so when an user request an url (for 
> example *http://mysite/accounts*), he will be redirected to login page *
> http://mysite/login*. (it works)
> when the user submits the login form he will be authenticated in this case 
> with my custom entity provider. (it works)
> the login redirects the user (from login_check) to the requested resource (
> *http://mysite/accounts*) and sends the correct response (...my account 
> list)
> Here there is the problem.
> In the user browser address bar *the user continue to see the url 
> login_check instead of the url of the requested resource** **(**
> http://mysite/login_check*)*
> **
> *symfony 2.1.6*
>
> *Any informations will be appreciated
> Marco Roello
> *
> security.yml*
> providers:
>         cnr:
>             entity: { class: CnrVTBundle:User }
>             
>         in_memory:
>             memory:
>                 users:
>                     user:  { password: userpass, roles: [ 'ROLE_USER' ] }
>                     admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
>
> firewalls:
>         ajax_calls:
>             pattern:    ^/_wdt
>             anonymous:  ~
>         main:
>             pattern: ^/
>             anonymous:    ~
>             form_login:
>                 provider: cnr
>                 csrf_provider: form.csrf_provider
>                 login_path:  /login
>                 check_path:  /login_check
>                 use_referer: false
>                 always_use_default_target_path: false
>                 default_target_path: /
>             logout:       true
>         
>     access_control:
>         - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
>         - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
>         - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
>         - { path: ^/_wdt, roles: 'IS_AUTHENTICATED_ANONYMOUSLY' } 
>         - { path: ^/, role: IS_AUTHENTICATED_FULLY }
>         
>         
>     role_hierarchy:
>         ROLE_ADMIN:       ROLE_USER
>         ROLE_SUPER_ADMIN: ROLE_ADMIN
>
> *routing.yml*
> cnr_vt:
>     resource: "@CnrVTBundle/Controller/"
>     type:     annotation
>     prefix:   /
>
> fos_js_routing:
>     resource: "@FOSJsRoutingBundle/Resources/config/routing/routing.xml"
>
> cnr_vt_security_login:
>     pattern:   /login
>     defaults:  { _controller: CnrVTBundle:Security:login }
>
> _security_login_check:
>     pattern:   /login_check
>
> _security_logout:
>     pattern:   /logout
>
> *login.html.twig*
> <!DOCTYPE html>
> <html lang="en">
>     <head>
>         <meta charset="UTF-8" />
>         <meta name="viewport" content="width=device-width, 
> initial-scale=1">
>         <title>{% block title %}Title{% endblock %}</title>
>         <link rel="icon" sizes="16x16" href="{{ asset('favicon.ico') }}" />
>         
>         <link rel="stylesheet"  href="{{ 
> asset('bundles/cnrvt/css/jquery.mobile-1.2.0.css') }}" />  
>         <link rel="stylesheet"  href="{{ 
> asset('bundles/cnrvt/css/style.css') }}" />  
>
>         <script src="{{ asset('bundles/cnrvt/js/jquery.js') }}"></script>
>         <script src="{{ asset('bundles/cnrvt/js/jquery.mobile-1.2.0.js') 
> }}"></script>
>         
>         <script>
>             $(document).on("mobileinit", function () {
>                 //$.mobile.ajaxEnabled = false;
>             });
>         </script>
>     </head>
>     <body>
>         <div data-role="page">
>             <div  data-role="header"><h1>Accedi</h1></div> 
>             
>             <div  data-role="content">
>                 {% if error %}
>                     <div>{{ error.message }}</div>
>                 {% endif %}
>
>                 <form action="{{ path('_security_login_check') }}" 
> method="post">
>                     <input type="hidden" name="_csrf_token" value="{{ 
> csrf_token }}" />
>                     
>                     <label for="username">Username:</label>
>                     <input type="text" id="username" name="_username" 
> value="{{ last_username }}" />
>
>                     <label for="password">Password:</label>
>                     <input type="password" id="password" name="_password" 
> />
>                     
>                     <button type="submit" 
> data-inline="true">Accedi</button>
>                 </form>
>             </div>
>         </div>
>     </body>
> </html>
>

-- 
-- 
If you want to report a vulnerability issue on Symfony, please read the 
procedure on http://symfony.com/security

You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to symfony-devs@googlegroups.com
To unsubscribe from this group, send email to
symfony-devs+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en

[symfony-devs] Re: Redirected to login_check

Reply via email to