I am strugling to make the multi guard auth working on my preprod server.
I have set up the multiple guard authenticator on a project. One authenticator is for the normal form "login, password" Second is for an auth by request with a Bearer token. I have followed the documentation here : https://symfony.com/index.php/doc/4.4/security/multiple_guard_authenticators.html
Everything work fine with the local symfony server. If i curl like this :
curl --location --request GET 'http://127.0.0.1:8000/' \
--header 'Authorization: Bearer 867504f2ff8e03672db2a5aee8f04f8bc17d60f62226d7c97aadb34012599c528f0047959f5ee22d251b3ca0c884bbf659e76a2b668fa9d2608b1fe8' \
--header 'Cookie: PHPSESSID=hd1ea3imfa77fmo5nsuheolmu2'
I am nicely auth and redirect to the index. (or a fail respons : token expired or so..) But on my preproduction server, its just not working. No guard is launch and i am automatically 302 redirect to /login (login form)
Here is my security.yaml
security:
providers:
our_db_provider:
entity:
class: App\Entity\User
property: apikey
encoders:
custom_sodium:
id: 'encoder_service'
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: ~
http_basic: ~
form_login:
login_path: login
check_path: login
logout:
path: logout
target: login
logout_on_user_change: true
guard:
authenticators:
- App\Security\ApiTokenAuthenticator
- App\Security\LoginAuthAuthenticator
entry_point: App\Security\LoginFormAuthenticator
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/provider, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/action/createproposition, roles: ROLE_USER }
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/api/, roles: ROLE_USER }
- { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_USER }
role_hierarchy:
ROLE_ADMIN: [ROLE_USER]
I tried many things as trying to log the use of the Auth guard with monologue
On the local server, i can see that symfony call the authenticator to find out which one to use, and access the proper one. On my preprod server i have no log who popup. So it look like no guard is used and it just redirect to /login because /^ is ROLE_USER
I also suspect the .htaccess conf to cause the problem, but i really don't know how to fix it..
Kindly, Naqued
After a lot of struggle i find out the problem this thread help me a lot :
Authorization header missing in PHP POST request
I figured out that the Authorization key in the header was missing (logger on the host server)
The problem was that on local server, there is no .htaccess On a server with apache2, in the .htaccess
there was the rewriteEngine On So apache rewrite the header and don't write the authorization Key in the header of the request
Solution : In your .htaccess put
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
This work perfectly :)
Kindly, Naqued
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.