1

The FOSRestBundle is working perfectly in my project but without authentification. Now, my goal is to make my requests with auth.

To do so, I added this firewall in security.yml

firewalls:
    # ...    
    rest_api:
        pattern: ^/api/
        stateless: true
        http_basic:
            provider: fos_userbundle
    # ...    
access_control:
    # ...    
    - { path: ^/api/, role: IS_AUTHENTICATED_FULLY }

To check this, I used this shell command: 

curl -i http://localhost/tuto/web/app_dev.php/api/test/1

The result is:

HTTP/1.1 302 Found
Date: Fri, 11 Apr 2014 13:56:08 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.4.9-4ubuntu2.4
Set-Cookie: PHPSESSID=4dtr168vmj1eg523a07kbkjkh1; path=/
Cache-Control: no-cache
Location: http://localhost/tuto/web/app_dev.php/login
Vary: Accept-Language
X-Debug-Token: 220df7
Transfer-Encoding: chunked
Content-Type: application/json

<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <meta http-equiv="refresh" content="1;url=http://localhost/tuto/web/app_dev.php/login" />

        <title>Redirecting to http://localhost/tuto/web/app_dev.php/login</title>
    </head>
    <body>
        Redirecting to <a href="http://localhost/tuto/web/app_dev.php/login">http://localhost/tuto/web/app_dev.php/login</a>.
    </body>
</html>

As you can see, the returned code is 302 FOUND since it is URL is redirected to http://localhost/tuto/web/app_dev.php/login as I am using FOSUserBundle.

This is strange since I defined my action() method as follows:

/**
 * @Rest\View
 * @Rest\Get("/api/test/{id}",
 *      requirements={"id" = "\d+"},
 *      defaults={"id" = 1}
 * )
 */
public function getAction($id) {
    $user = $this->get('security.context')->getToken()->getUser();
    if(!($user instanceof \Minn\UserBundle\Entity\User)){
        throw new \Symfony\Component\Security\Core\Exception\AccessDeniedException();
    }
    $repo = $this->getDoctrine()->
            getManager()->
            getRepository("MinnAdsAPIBundle:Test");
    $entity = $repo->find($id);
    if (!$entity) {
        throw $this->createNotFoundException('Unable to find test entity!');
    }
    return array('test' => $entity);
}

So, is there any idea to fix my action() method?

Thanks.

By the way, what is the shell command to check my action with authentification?

I tried this command curl -i http://localhost/tuto/web/app_dev.php/api/test/1 --user user:password but still I have 302 FOUND.

Amine Jallouli
  • 3,919
  • 8
  • 36
  • 73
  • 1
    you need to provide username and password you can see this answer and adapt your curl command to pass `PHP_AUTH_USER` and `PHP_AUTH_PWD` parameters or simply use the code provided in the answer http://stackoverflow.com/a/6776742/1545904 – zizoujab Apr 11 '14 at 14:54
  • @zizoujab the link you gave me describes how to make a request through the client application. I am looking for curl command & for the action() method of my controller. – Amine Jallouli Apr 11 '14 at 15:54

1 Answers1

1

I found the solution by self again...

Simply modify the config.yml as follows:

fos_rest:
    # ...
    access_denied_listener:
        # all requests using the 'json' format will return a 403 on an access denied violation
        json: true
    # ...

Now, I get the 403 error code.

Hope it will help others.

Amine Jallouli
  • 3,919
  • 8
  • 36
  • 73
  • What?! That's not what you're asking for. You basically throw a 403 when the content-type is set to application/json. – DevAntoine Mar 30 '16 at 13:13
  • @DevAntoine : no this is the correct answer => http://symfony.com/doc/current/bundles/FOSRestBundle/3-listener-support.html#security-exception-listener – Pierre Jul 11 '16 at 15:20