I'm working on a project that implements two-level authentication (username + password) and TOTP authentication using the FOS User bundle. Additionally, I'm integrating a REST API using the FOSRest bundle. To handle authentication for this API, I'm using the Lexik/JWT-Authentication-Bundle. However, I've encountered a route conflict when attempting to authenticate, resulting in an error message.
Security.yaml
security:
password_hashers:
FOS\UserBundle\Model\UserInterface: bcrypt
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
algorithm: 'auto'
cost: 15
role_hierarchy:
ROLE_ADMIN: [ROLE_USER, ROLE_SOGETI_ADMIN]
ROLE_SUPER_ADMIN: ROLE_ADMIN
ROLE_EM: ROLE_USER
enable_authenticator_manager: true
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
api_login:
pattern: ^/api/login_check$
stateless: true
# dev:
# pattern: ^/(_(profiler|wdt)|css|images|js)/
# security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
enable_csrf: true
login_path: fos_user_security_login
check_path: fos_user_security_check
logout:
path: fos_user_security_logout
entry_point: form_login
jwt: ~ # Allow JWT authentication to be used alongside form-based authentication for the main firewall
api:
pattern: ^/api
stateless: true
jwt: ~ # Use JWT authentication as the entry point for the API firewall Add any additional JWT-specific configuration for API routes here
access_control:
- { path: ^/login$, role: PUBLIC_ACCESS }
- { path: ^/css, role: PUBLIC_ACCESS }
- { path: ^/register, role: [ROLE_ADMIN, ROLE_EM] }
- { path: ^/resetting, role: ROLE_ADMIN }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/, role: ROLE_USER }
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
- { path: ^/api/login_check$, roles: PUBLIC_ACCESS }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
when@test:
security:
password_hashers:
# By default, password hashers are resource intensive and take time. This is
# important to generate secure password hashes. In tests however, secure hashes
# are not important, waste resources and increase test times. The following
# reduces the work factor to the lowest possible values.
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
algorithm: auto
cost: 4 # Lowest possible value for bcrypt
time_cost: 3 # Lowest possible value for argon
memory_cost: 10 # Lowest possible value for argon
- routes.yaml:
fos_user:
resource: "@FOSUserBundle/Resources/config/routing/all.xml"
# prefix: /{_locale}
# requirements:
# _locale: en|fr
fos_user_registration_register:
path: /{_locale}/register
defaults: { _controller: App\Controller\RegistrationController::registerAction }
requirements:
_locale: en|fr
fos_user_change_password:
path: /{_locale}/change-password
defaults: { _controller: App\Controller\ChangePasswordController::changePasswordAction }
requirements:
_locale: en|fr
fos_user_registration_confirm:
path: /confirm/{token}
defaults: { _controller: App\Controller\DefaultUserController::confirmUserAction }
fos_user_registration_confirmed:
path: /confirmed
defaults: { _controller: App\Controller\DefaultUserController::savempsAction }
fos_user_security_login:
path: /login
defaults: { _controller: App\Controller\SecurityController::loginAction }
fos_user_security_check:
path: /{_locale}/login_check
defaults: { _controller: fos_user.security.controller:checkAction }
requirements:
_locale: en|fr
fos_user_security_logout:
path: /{_locale}/logout
defaults: { _controller: fos_user.security.controller:logoutAction }
requirements:
_locale: en|fr
api_login_check:
path: /api/login_check