Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

All custom resource owners have the same login_path when setting enable_authenticator_manager to true #1992

Open
axelvnk opened this issue Apr 3, 2024 · 2 comments
Open

All custom resource owners have the same login_path when setting enable_authenticator_manager to true #1992

axelvnk opened this issue Apr 3, 2024 · 2 comments

Comments

@axelvnk
Copy link

axelvnk commented Apr 3, 2024
edited

Q A
Bug? maybe
New Feature? no
Support question? yes
Version 1.4 and 2.2

Actual Behavior

The user is not redirected to the login_path configured in the firewall in security.yaml

Things i've already discovered while debugging
Security/Http/EntryPoint/OAuthEntryPoint.php are not instantiated anymore for each separate resource owner with their respective login_path parameter.

I can see that happening because when debugging DependencyInjection/Security/Factory/OAuthFactory.php::createEntryPoint is not being called anymore

And when i end up in Security/Http/EntryPoint/OAuthEntryPoint.php::start method, i can see the loginPath property is always /login

Expected Behavior

What is the behavior you expect?

I would expect my application to redirect the user towards the configured login_path value that's configured in my security.yaml file.

Steps to Reproduce

security.yaml

    secured_area_axelvnk:
      provider: fos_userbundle
      pattern: ^/
      request_matcher: MyCompany\SecurityBundle\Security\Authorization\Firewall\AxelvnkRequestMatcher
      oauth:
        resource_owners:
          axelvnk:       "/oauth/login/check-axelvnk"
        login_path:        /oauth/connect/axelvnk
        failure_path:      /login/notfound

        oauth_user_provider:
          service: security.authentication.provider.oauth
      entry_point: MyCompany\SecurityBundle\EntryPoint\MyCustomOAuthAuthenticationEntryPoint
      logout:
        target: /logout

To be clear, that hwi oauth implementation was basically left unchanged. We just turned on this config in security.yaml

enable_authenticator_manager: true
@stloyd
Copy link
Collaborator

stloyd commented Apr 3, 2024

Hey, thanks for the report and for using this bundle, but unfortunately version 1.4 is not supported, and it never had proper support for the new authentication system.

Please upgrade to version 2.2 and feel free to report any issue you encounter on that release.

@axelvnk
Copy link
Author

axelvnk commented Apr 4, 2024
edited

Thanks for answering! That clears that up haha...

Okay so I've upgraded to 2.2 and the problem persists let's say..

It seems as if, when I use a custom entry point, it doesn't use the authenticator anymore. When i remove that part of the configuration in security.yaml, it's redirecting to the right spot...

@axelvnk axelvnk changed the title All resource owners have the same login_path when using 1.4.5 combined with new sf security approach All custom resource owners have the same login_path when setting enable_authenticator_manager to true Apr 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stloyd @axelvnk