I'm desperate : I'm using Symfony for years, and today I'm stuck on a basic stuff. As FOSUserBundle is not implemented for Sf4 yet, I decided to create a really basic User entity in DB to load user.
But when I enter my username/password in the BasicAuth windows in my web browser (chrome) it's not logging me and loops over and over.
Here is my security file :
security:
encoders:
App\Entity\User:
algorithm: bcrypt
providers:
native_provider:
entity:
class: App\Entity\User
property: username
manager_name: native_users
firewalls:
main:
pattern: ^/
http_basic: ~
provider: native_provider
access_control:
- { path: ^/, roles: ROLE_USER }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
And my User class is exactly the same as the one in the symfony example : https://symfony.com/doc/current/security/entity_provider.html#create-your-user-entity
Finally I created some User fixtures using [nelmio/alice][1] :
App\Entity\User:
user_1:
id: '<uuid()>'
username: 'admin'
password: '\$2y\$10\$574w3EitCqOaHmhu4ER49.KPG2EMtcQlYrO0vdPyYW/EuqTHMCB0C'
email: 'admin#test.com'
isActive: true
Where '\$2y\$10\$574w3EitCqOaHmhu4ER49.KPG2EMtcQlYrO0vdPyYW/EuqTHMCB0C' reprensent the "admin" word coded in bcrypt.
Despite all these things, basic auth won't work.
Any Idea ?
Thanks !
Related
I followed the instruction from this website to add the authentication with Identity Server. The configuration is quite simple
proxy:
title: Open Analytics Shiny Proxy
port: 8080
authentication: openid
openid:
auth-url: https://identityserverurl/connect/authorize
token-url: https://identityserverurl/connect/token
jwks-url: https://identityserverurl/.well-known/openid-configuration/jwks
logout-url: https://identityserverurl/Account/Logout?return=http://yourshinyproxy:8080/
client-id: ShinyProxy
client-secret: secret
scopes: [ "openid", "profile", "roles" ]
username-attribute: aud
roles-claim: role
And the authentication seems working. When I add the access-groups to display only the app for a particular role, it doesn't work
specs:
- id: 01_hello
display-name: Hello Application
description: Application which demonstrates the basics of a Shiny app
container-cmd: ["R", "-e", "shinyproxy::run_01_hello()"]
container-image: openanalytics/shinyproxy-demo
container-network: sp-example-net
access-groups: 200122-user
The same code is working with the version 2.4.3 of ShinyProxy.
Is there anything I missed for this configuration in the ShinyProxy 2.6.1?
I'm new with ShinyProxy, and I followed this tutorial, the web shows correctly.
However, I cannot login with user name as tesla or jack and password as password.
And the error message in the log is as below:
ERROR 34460 --- [XNIO-2 task-17]
w.a.UsernamePasswordAuthenticationFilter : An internal error occurred
while trying to authenticate the user.
My applicaion.yml is as below:
proxy:
title: Open Analytics Shiny Proxy
logo-url: http://www.openanalytics.eu/sites/www.openanalytics.eu/themes/oa/logo.png
landing-page: /
heartbeat-rate: 10000
heartbeat-timeout: 60000
port: 8080
authentication: ldap
admin-groups: scientists
# Example: 'simple' authentication configuration
users:
- name: jack
password: password
groups: scientists
- name: tesla
password: password
groups: mathematicians
# Example: 'ldap' authentication configuration
ldap:
url: ldap://ldap.forumsys.com:389/dc=example,dc=com
user-dn-pattern: uid={0}
group-search-base:
group-search-filter: (uniqueMember={0})
manager-dn: cn=read-only-admin,dc=example,dc=com
manager-password: password
# Docker configuration
docker:
cert-path: /home/none
url: http://localhost:2375
port-range-start: 20000
specs:
- id: 01_hello
display-name: Hello Application
description: Application which demonstrates the basics of a Shiny app
container-cmd: ["R", "-e", "shinyproxy::run_01_hello()"]
container-image: openanalytics/shinyproxy-demo
access-groups: [scientists, mathematicians]
- id: 06_tabsets
container-cmd: ["R", "-e", "shinyproxy::run_06_tabsets()"]
container-image: openanalytics/shinyproxy-demo
access-groups: scientists
logging:
file:
shinyproxy.log
Change: authentication: ldap
for: authentication: simple
I deployed 2 versions of openapi.yaml file to Google Cloud Endpoint using the Cloud Endpoint's versioning feature(i.e gcloud service-management deploy openapi_v1.yaml openapi_v2.yaml). Each version of the yaml file contains a version number and basepath different from the other, one endpoint that use api-key authentication, and definition for api-key authentication tag. After deployed to Endpoint, the configuration shows both yaml file, however deploying an api to GAE using this configuration will only have api-key authentication turned on for the newer version.
Does anyone know if this is a known bug, or there is something else I need to do to enable authentication for all versions?
The .yaml file looks like the following. The two versions I used to test on are identical except version and bathpath:
swagger: "2.0"
info:
description: "This API is used to connect 3rd-party ids to a common user identity"
version: "0.0.1"
title: "****"
host: "uie-dot-user-id-exchange.appspot.com"
basePath: "/v0"
...
- "https"
x-google-allow: all
paths:
...
/ids/search:
get:
operationId: "id_search"
produces:
- "application/json"
security:
- api_key: []
tags:
- "Ids"
summary: "Privileged endpoint. Provide any id (3rd party or otherwise) and get a hash of all ids associated with it."
parameters:
- in: "query"
name: "id_type"
description: "Type of id to search"
required: true
type: string
- in: "query"
name: "id_value"
description: "Value of id to search"
required: true
type: string
responses:
200:
description: "AssociatedIdsHash"
schema:
$ref: '#/definitions/AssociatedIdsHash'
400:
description: "Bad request. Requires both id_type and id_value query parameters."
401:
description: "Unauthorized. Please provide a valid api-key in the \"api-key\" header."
404:
description: "Not found - no entry found for key provided"
...
################ SECURITY DEFINITIONS ################
securityDefinitions:
# This section configures basic authentication with an API key.
api_key:
type: "apiKey"
name: "key"
in: "query"
I can replicate this issue and it appears to be a bug.
What does work is adding the API key restriction on the global level for both versions rather than at the per-path level. Perhaps this workaround will suffice for your use case.
...
security:
- api_key: []
path:
...
i am following
https://cloud.google.com/endpoints/docs/quickstart-app-engine
but when i run
gcloud service-management deploy openapi.yaml
i am hitting:
ERROR: (gcloud.service-management.deploy) PERMISSION_DENIED: Not allowed to get project settings for project instasmarttagger-162719
i am not sure what i have to do to resolve it.
the openapi.yml looks like
VSKUMAR-mac:appengine vskumar$ vi openapi.yaml
- "application/json"
responses:
200:
description: "Authenication info."
schema:
$ref: "#/definitions/authInfoResponse"
x-security:
- google_id_token:
audiences:
# Your OAuth2 client's Client ID must be added here. You can add
# multiple client IDs to accept tokens from multiple clients.
- "YOUR-CLIENT-ID"
definitions:
echoMessage:
properties:
message:
type: "string"
authInfoResponse:
properties:
id:
type: "string"
email:
type: "string"
# This section requires all requests to any path to require an API key.
security:
- api_key: []
securityDefinitions:
# This section configures basic authentication with an API key.
api_key:
type: "apiKey"
name: "key"
in: "query"
# This section configures authentication using Google API Service Accounts
# to sign a json web token. This is mostly used for server-to-server
# communication.
google_jwt:
authorizationUrl: ""
flow: "implicit"
type: "oauth2"
# This must match the 'iss' field in the JWT.
x-google-issuer: "jwt-client.endpoints.sample.google.com"
# Update this with your service account's email address.
x-google-jwks_uri: "https://www.googleapis.com/service_accounts/v1/jwk/YOUR-SERVICE-ACCOUNT-EMAIL"
# This section configures authentication using Google OAuth2 ID Tokens.
# ID Tokens can be obtained using OAuth2 clients, and can be used to access
# your API on behalf of a particular user.
google_id_token:
authorizationUrl: ""
flow: "implicit"
type: "oauth2"
x-google-issuer: "accounts.google.com"
x-google-jwks_uri: "https://www.googleapis.com/oauth2/v1/certs"
Looks like i was signed into a different account and was trying to deploy to the app hosted on another account. doing a gcloud list projects helped me identify it
I want to build a site where users can log in register and that stuff. For the User management i use FOSUserbundle. Now i want to use a different db connection for FOSUserBundle than for the other bundles. My config.yml file looks like:
doctrine:
dbal:
default_connection: default
connections:
default:
driver: "%database1_driver%"
host: "%database1_host%"
port: "%database1_port%"
dbname: "§database1_name%"
user: "%database1_user%"
password: "%database1_password%"
charset: UTF8
user:
driver: "%database2_driver%"
host: "%database2_host%"
port: "%database2_port%"
dbname: "%database2_name%"
user: "%database2_user%"
password: "%database2_password%"
charset: UTF8
orm:
default_entity_manager: default
entity_managers:
default:
connection: default
mappings:
MyProjectMainBundle: ~
user:
connection: user
mappings:
MyProjectUserBundle: ~
When i try to load the page i get the error MappingException: The class 'MyProject\UserBundle\Entity\User' was not found in the chain configured namespaces MyProject\MainBundle\Entity, FOS\UserBundle\Model.
I followed the documentation for FOSUserBundle exactly and it is working if i use
auto_generate_proxy_classes: %kernel.debug%
auto_mapping: true
in config.yml.
The only thing with this is, it only generates the table like defined in the new entity from the documentation. Only an id field is generated, and not the whole fos_user table like it should.
I know some similar questions have been asked before, but I tried using all the solutions from there and it didn't work. So how can I fix this? Is it even possible? I really need to use seperate databases because my project will use a lot of tables and i don't want it to get too messy.
user:
connection: user
mappings:
FOSUserBundle: ~
MyProjectUserBundle: ~
Need to add the FOSUserBundle to your mappings to get rid of the entity error
And make sure you have the model_manager_name set in config.ym;
fos_user:
db_driver: orm
firewall_name: main
user_class: Cerad\Bundle\AccountBundle\Entity\AccountUser
model_manager_name: user