So I've got an application which is using the FOSUserbundle for user management and HWIOAuthBundle for the OAuth authentication, which at the moment is only Facebook.
I keep getting this error when I want to log in via the login form provided by the FOSUserBundle templates.
You must configure the check path to be handled by the firewall using form_login in your security firewall configuration.
But I'm not receiving this error when I log in via the sign in using facebook button.
Below is my security.yml file
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
# Roles being defined
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
in_memory:
memory: ~
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
secured_area:
anonymous: ~
logout: ~
oauth:
resource_owners:
facebook: "/login/check-facebook"
login_path: /login
use_forward: false
failure_path: /login
oauth_user_provider:
service: my.custom.user_provider
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: .*
provider: fos_userbundle
form_login:
login_path: fos_user_security_login
check_path: fos_user_security_check
use_forward: false
failure_path: null
logout:
path: fos_user_security_logout
target: /
anonymous: true
http_basic:
realm: "Reviews"
# main:
# activate different ways to authenticate
# http_basic: ~
# http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate
# form_login: ~
# http://symfony.com/doc/current/cookbook/security/form_login_setup.html
# Access controls
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/view, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/create, role: ROLE_USER}
- { path: ^/edit, role: ROLE_USER}
- { path: ^/delete, role: ROLE_USER}
My guess is that your form login is caught by the secured_area firewall.
You have 3 firewalls:
secured_area which matches everything as the default pattern is /*dev probably never reached because secured_area already matchedmain matches all (because of pattern), but is never reachedSymfony will use the first matching firewall for authentication and since secured_area is not configured for the login form it will not work. You could merge both firewalls (basically copy the oauth section to main, but the separate login mechanisms might still interfere.
If both logins are for different sections (e.g. facebook for users, and form login for a backend accessible only to admin users) you could assign different patterns and check the profiler bar (the toolbar on the bottom of the screen in development mode) if the correct firewall was used.
In any case I would change the firewall's order. You can ensure dev is handled by moving it to the top and make sure to move the most generic firewall (using the /* pattern) to the bottom to make sure it catches all routes not previously handled by another firewall.