Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Symfony2 is_granted('IS_AUTHENTICATED_FULLY') during 404 error page display, causing ResourceNotFoundException

Tags:

twig

symfony-2.1

I have setup custom error pages to display for certain HTTP errors in the folder:

app/Resources/TwigBundle/views/Exception/

The 403 page (error403.html.twig) works and displays as expected.

The 500 page (error500.html.twig) works and displays as expected.

The 404 page (error404.html.twig) throws a 500 server error:

PHP Fatal error: Uncaught exception 'Symfony\Component\Routing\Exception\ResourceNotFoundException'

The error is being thrown by doing an auth check to display certain menu items for users that are or aren't authenticated:

{% if is_granted('IS_AUTHENTICATED_FULLY') %}

If I remove that check and just allow all menu items to display, the page loads the error page as expected. Again, the 403 page displays as it should and utilizes the auth checks without a problem.

I'm stuck on this one. The pages are EXACTLY the same, apart from the filename.

like image 342
Nick Avatar asked Aug 08 '12 17:08

Nick

3 Answers

If symfony < 2.8 :

{% if app.user is not null and is_granted('ROLE_ADMIN') %}

See : https://github.com/symfony/symfony-docs/issues/2078

Edit from Dec 17 '15:

This is no longer needed since 2.8,

{% if is_granted('ROLE_ADMIN') %}

works fine now.

source: http://symfony.com/blog/new-in-symfony-2-8-dx-improvements#allow-to-check-for-security-even-in-pages-not-covered-by-firewalls

like image 88
Tseho Avatar answered Nov 02 '22 11:11

Tseho

You can't use the is_granted in a 404 page since 2.1:

It's mentioned in the upgrade file

The Firewall listener is now registered after the Router listener. This means that specific Firewall URLs (like /login_check and /logout) must now have proper routes defined in your routing configuration. Also, if you have a custom 404 error page, make sure that you do not use any security related features such as is_granted on it.

See: https://github.com/symfony/symfony/blob/master/UPGRADE-2.1.md#security

like image 12
Jeroen Avatar answered Nov 02 '22 12:11

Jeroen

I would suggest checking for app.security.token to be more strict and evaluate to true even when user is anonymous.

If you check for app.user it will evaluate false in Exception templates, but even when the firewall is present (= regular templates) but the user is not logged. This will prevent - for example - the display of a login button.

See: https://github.com/symfony/symfony-docs/pull/2359

like image 2
bozma88 Avatar answered Nov 02 '22 12:11

bozma88
Sign in to Comment

Related questions

Installing Visual Studio 2012 Ultimate on Windows 8
How to check if an arbitrary type is an iterator?
JavaScript semicolon-less code style and minification? [closed]
Boost::Bimap equivalent of bidirectional multimap
How to check Haskell infix operator precedence
Uninstall AnkhSVN from VS2012
gacutil is not recognized as an internal or external command?
Link with Boost (Homebrew) Mac c++
Faraday vs HTTParty [closed]
Dynamic update statement with variable column names
Stanford Parser tags
How can I share MongoDB collections between Meteor apps?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!