This forum is in READ-ONLY mode.
You can look around, but if you want to ask a new question, please use the new forum.
Home » plugins » User management plugins » sfGuard does not force user to authenticate
sfGuard does not force user to authenticate [message #55863] Thu, 10 July 2008 04:47 Go to next message
doza  is currently offline doza
Messages: 3
Registered: December 2007
Junior Member
Hello,

I am trying to implement sfGuard with 1.1. I have the plugin installed and (think) I followed all of the instructions on the plugin documentation page, but I have an issue. I tried to secure my whole application to test it out, but I am never prompted to login. It just lets me go straight to the page that I have requested.

Here is the log that is generated when I access a page (http://mysite.com/frontend_dev.php/user):

1	Info PatternRouting	Connect "/"
2	Info PatternRouting	Connect "/symfony/:action/*"
3	Info PatternRouting	Connect "/:module"
4	Info PatternRouting	Connect "/:module/:action/*"
5	Info PatternRouting	Connect "/login"
6	Info PatternRouting	Connect "/logout"
7	Info PatternRouting	Connect "/request_password"
8	Info PatternRouting	Connect "/login"
9	Info PatternRouting	Connect "/logout"
10	Info PatternRouting	Connect "/request_password"
11	Info FrontWebController	Initialization
12	Info PatternRouting	Match route [default_index] for "/:module"
13	Info WebRequest	Request parameters array ( 'action' => 'index', 'module' => 'user',)
14	Info Context	Initialization
15	Info FrontWebController	Dispatch request


Here is my routing.yml

# default rules
homepage:
  url:   /
  param: { module: default, action: index }

default_symfony:
  url:   /symfony/:action/*
  param: { module: default }

default_index:
  url:   /:module
  param: { action: index }

default:
  url:   /:module/:action/*

sf_guard_signin:
  url:   /login
  param: { modules: sfGuardAuth, action: signin }

sf_guard_signout:
  url:   /logout
  param: { modules: sfGuardAuth, action: signout }

sf_guard_password:
  url:   /request_password
  param: { module: sfGuardAuth, action: password }


Here is a snippet from my settings.yml

all:
  .settings:
    # Form security secret (CSRF protection)
    # csrf_secret:            off     # Unique secret to enable CSRF protection or false to disable

    # Output escaping settings
    escaping_strategy:      false            # Determines how variables are made available to templates. Accepted values: on, off.
    escaping_method:        ESC_SPECIALCHARS # Function or helper used for escaping. Accepted values: ESC_RAW, ESC_ENTITIES, ESC_JS, ESC_JS_NO_ENTITIES, and ESC_SPECIALCHARS.

    enabled_modules:        [default, sfGuardAuth]

  .actions:
    login_module:           sfGuardAuth
    login_action:           signin

    secure_module:          sfGuardAuth
    secure_action:          secure


And here is my security.yml

default:
  is_secure: on


I'm not sure if this is relevant, but the application is on a shared host at 1and1. I did follow the steps on the wiki for installing on 1and1. I apologize for posting so much info, but I was not sure which part of it was relevant to my issue.

Can anybody see where I went wrong? Any help would be appreciated.

Thanks!
Re: sfGuard does not force user to authenticate [message #56185 is a reply to message #55863 ] Tue, 15 July 2008 01:51 Go to previous messageGo to next message
markchicobaby  is currently offline markchicobaby
Messages: 149
Registered: November 2007
Senior Member
Have you cleared symfony cache (symfony cc) and the browser cache, see if that helps.

If its already authenticated at some point, you have to be logged out or timed-out to be forced to re-authenticate. So if settings are all OK, this could be the problem.
Re: sfGuard does not force user to authenticate [message #56193 is a reply to message #56185 ] Tue, 15 July 2008 05:11 Go to previous messageGo to next message
doza  is currently offline doza
Messages: 3
Registered: December 2007
Junior Member
Quote:

Have you cleared symfony cache (symfony cc) and the browser cache, see if that helps.

If its already authenticated at some point, you have to be logged out or timed-out to be forced to re-authenticate. So if settings are all OK, this could be the problem.


Thanks for your reply. I have cleared the server cache and the browser. I get the same results using different browsers on different machines. Any other ideas? I imagine that there is something wrong with my settings.
Re: sfGuard does not force user to authenticate [message #56200 is a reply to message #56193 ] Tue, 15 July 2008 05:49 Go to previous message
markchicobaby  is currently offline markchicobaby
Messages: 149
Registered: November 2007
Senior Member
Symfony 1.1 has its own syntax checker for YAML. Google around for how to use it, I'm still on 1.0 and have not tried it.

Otherwise you can try to run any YAML files you've created or modified through the 1.0 YAML checker (its for 1.0, not sure if it will work on 1.1)

http://www.symfony-project.org/forum/index.php/m/51188/?srch =hot+tip+yaml#msg_51188

If the YAML looks OK, try making the default security "off". Then set security for just a single module, and see if that works.

You did install sfGuard for 1.1? There are two versions, one for 1.1 and one for 1.0.

M

[Updated on: Tue, 15 July 2008 05:50]

Previous Topic:sfGuard propel teams
Next Topic:sfguard check_password_callable not callable [solved]
Goto Forum:
  

powered by FUDforum - copyright ©2001-2004 FUD Forum Bulletin Board Software