Unable to find the controller for path /v1/login_check

[adetwiler]

Hello!

I was following the security.yml in the sandbox application and this bundle. However, I cannot seem to get past this firewall issue.

Symfony version: 2.5.5

security.yml

security:
    encoders:
        Acme\UserBundle\Entity\User:
            algorithm:        sha1
            encode_as_base64: false
            iterations:       10

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        acme_userbundle:
            id: acme_user.provider

    firewalls:

        login:
            pattern:  ^/v1/login
            stateless: true
            anonymous: true
            form_login:
                check_path:               /v1/login_check
                success_handler:          lexik_jwt_authentication.handler.authentication_success
                failure_handler:          lexik_jwt_authentication.handler.authentication_failure
                require_previous_session: false

        api:
            pattern:   ^/v1
            stateless: true
            lexik_jwt: ~

    access_control:
        - { path: ^/v1/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/v1, roles: IS_AUTHENTICATED_FULLY }

app/routing.yml

acme_api:
    resource: "@AcmeAPIBundle/Resources/config/routing.yml"
    prefix:   /v1

src/AcmeAPIBundle/Resources/config/routing.yml

login_check:
    path: /login_check

acme_api_v1:
    type:     rest
    resource: "Acme\APIBundle\Controller\UserController"
    defaults: {_format: json}
    prefix:   /

Thanks!

[slashfan]

Hi,

Your configuration looks good. Have you tried a standard html login form to see if it works ?

Maybe these will help : http://stackoverflow.com/questions/12409998/symfony2-1-unable-to-find-the-controller-for-path-login-check and http://stackoverflow.com/questions/20950149/unable-to-find-the-controller-for-path-login-check-symfony2

[adetwiler]

Hello @slashfan

Thank you for your reply.

I will not be using a standard login. This API will be backend only and won't have a UI.
I have tried these suggestions on Stackoverflow.

If I set the pattern to ^/v1/login$ I get "You are not authenticated", I tried adding on security: false, removing it from the access_control, setting the access_control to match the login pattern exactly, etc.

I either get the original error or the error that I am not authenticated.

[carlcraig]

Not sure if this will help, but you could try adding the $ on firewall pattern and access control.

    firewalls:
        login:
            pattern:  ^/v1/login$

    access_control:
        - { path: ^/v1/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }

Also, if your not using normal login you could look at https://github.com/gfreeau/GfreeauGetJWTBundle for a stateless login replacement.

[adetwiler]

@carlcraig when I try that I get "You are not authenticated." when requesting the login_check url.

[carlcraig]

Im not sure then, maybe try removing your login_check route? I think the firewall normally intercepts login_check, so it might be failing as you have specifically created the route?

Could try leaving check_path: /v1/login_check but disabling your login_check route.

I might be completely wrong on this, but the times I have used https://github.com/gfreeau/GfreeauGetJWTBundle i havent needed to configure a route for login_check.

[slashfan]

Hi @carlcraig did you find the problem ?

[carlcraig]

Not sure if @adetwiler has found what was causing the problem yet? I have not experienced this problem myself (although I am using the stateless login replacement).

[slashfan]

Sorry, that message was meant for @adetwiler !
But I never had the problem either, even in the sandbox.

[slashfan]

Ping @adetwiler is it ok to close this issue ?

[adetwiler]

Yes, finally got it working. Thanks for everyone's help!

On Thursday, October 9, 2014, Nicolas Cabot notifications@github.com
wrote:

Ping @adetwiler https://github.com/adetwiler is it ok to close this
issue ?

—
Reply to this email directly or view it on GitHub
#31 (comment)
.

[slashfan]

Cool !

[johnpancoast]

@adetwiler what was the solution? I have similar configuration with a similar error.

[adetwiler]

@johnpancoast I can't remember specifically, but here is my new config that works. I separated the routes to where /api is accessible to anyone and use /sapi for authenticated api requests.

`

    api:
        pattern:   ^/api
        stateless: true
        anonymous: true

    sapi:
        pattern:   ^/sapi
        stateless: true
        lexik_jwt:
            authorization_header:
                enabled: true
                prefix:  Bearer
            throw_exceptions:        false
            create_entry_point:      true
            authentication_provider: lexik_jwt_authentication.security.authentication.provider

    refresh:
        pattern:  ^/api/token/refresh
        stateless: true
        anonymous: true

access_control:
    - { path: ^/api/login,    roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/api/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^api/token/refresh, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/api/doc,      roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/api,          roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/sapi,         roles: IS_AUTHENTICATED_FULLY }`

[johnpancoast]

I actually found my problem which was just a misconfiguration of the login route. Thanks, @adetwiler.

[EvKoh]

Try to change order of your firewalls, example :
1 - dev
2 - login
3 - api
4 - main