New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Accessing app.user in twig even if path is anonymous (the user is logged in) #2290

Closed
atim140 opened this Issue Oct 25, 2016 · 4 comments

Comments

Projects
None yet
3 participants
@atim140
Copy link

atim140 commented Oct 25, 2016

Hello,

I can't figure out how to make it possible to getting app.user or is_granted in twig if the user is logged in.

Use case : it's very common to have a homepage which could be accessed anonymously but also the user can log in. Then, he browse the same page now with his username shown and the possibility to logout.

Now : I've set the path as "anonymous : true" in security.yml.
Result : Even if the user get logged in, I can't get his username. The symfony debug toolbar show obviously anonymous user too.

I think it's very common use case but I couldn't get help elsewhere.

Thank you :)

@damienalexandre

This comment has been minimized.

Copy link

damienalexandre commented Oct 30, 2016

Hi,
this is not a FOSUserBundle issue but more likely a Symfony issue. Could you please share your security.yml configuration?

One possible cause is the "path" option of your firewall not covering the homepage.

@atim140

This comment has been minimized.

Copy link

atim140 commented Oct 31, 2016

Hello, thank you for replying @damienalexandre. There is an extract of my security.yml

firewalls:
        # disables authentication for assets and the profiler, adapt it according to your needs
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        login:
            pattern: ^/(login$|register|resetting)
            anonymous: true

        index_root:
            pattern: ^/frontal/index$
            anonymous: true

        main:
            pattern: ^\/.+
            form_login:
                provider: fos_userbundle
                csrf_token_generator: security.csrf.token_manager
                remember_me: true
                default_target_path: /frontal/index0

            remember_me:
                secret: %secret%
            anonymous: false
            logout: true
            # activate different ways to authenticate

            # http_basic: ~
            # http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate

            # form_login: ~
            # http://symfony.com/doc/current/cookbook/security/form_login_setup.html
    access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/base, role: IS_AUTHENTICATED_ANONYMOUSLY }

So I can't access app.user in index_root path because it's anonymous. Is it expected?

@damienalexandre

This comment has been minimized.

Copy link

damienalexandre commented Oct 31, 2016

Yes, the index_root firewall does not have anything to do with the main firewall, so it can't access the session or the user provider.

I suggest you do as follow:

  • remove the index_root firewall
  • set the main firewall as anonymous: true
  • use access_control rules allow not fully authenticated user on ^/frontal/index$, and force IS_AUTHENTICATED_FULLY for everything else
@XWB

This comment has been minimized.

Copy link
Member

XWB commented Nov 10, 2016

Closing as this is not a FOSUserBundle issue.

@XWB XWB closed this Nov 10, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment