FOS用户捆绑确认链接强制您登录

Question

我被要求将确认电子邮件添加到CRM中，然后用户将注册，然后发送一封带有链接的电子邮件进行确认以启用其帐户。但是，无论何时链接被点击，它都会立即重定向到登录页面，因为他们没有确认它，所以这是毫无用处的。我试图将其排除在security.yml文件中，但至今没有运气。

我已经试过：

- { path: ^/register/*, role: IS_AUTHENTICATED_ANONYMOUSLY } 

- { path: ^/confirm/, role: IS_AUTHENTICATED_ANONYMOUSLY } 

- { path: ^/register/confirm/*, role: IS_AUTHENTICATED_ANONYMOUSLY } 

但所有这些似乎工作。

按照要求，对于FOS登记的路由文件：

<?xml version="1.0" encoding="UTF-8" ?> 

<routes xmlns="http://symfony.com/schema/routing" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://symfony.com/schema/routing http://symfony.com/schema/routing/routing-1.0.xsd"> 

    <route id="fos_user_registration_register" path="/" methods="GET POST"> 
     <default key="_controller">FOSUserBundle:Registration:register</default> 
    </route> 

    <route id="fos_user_registration_check_email" path="/check-email" methods="GET"> 
     <default key="_controller">FOSUserBundle:Registration:checkEmail</default> 
    </route> 

    <route id="fos_user_registration_confirm" path="/confirm/{token}" methods="GET"> 
     <default key="_controller">FOSUserBundle:Registration:confirm</default> 
    </route> 

    <route id="fos_user_registration_confirmed" path="/confirmed" methods="GET"> 
     <default key="_controller">FOSUserBundle:Registration:confirmed</default> 
    </route> 

</routes> 

FOS用户配置：

fos_user: 
    db_driver: orm 
    firewall_name: main 
    user_class: AppBundle\Entity\User 
    registration: 
     confirmation: 
      enabled: true 
      template: emails/registration.html.twig 
      from_email: 
       address:  noreply@siteemail.co.uk 
       sender_name: #sender name here# 
    resetting: 
     email: 
      from_email: 
       address:  noreply@siteemail.co.uk 
       sender_name: #sender name here# 
      template: emails/password_reset.html.twig 

Symfony的3.1/FOS用户捆绑2.0 任何帮助理解。

Answer 1

恕我直言，因为确认路线是path="/confirm/{token}"那么您必须允许^/(confirm/){1}.+路径在security.yml中匿名认证，因为在确认过程中用户还没有通过认证。

所以编辑seciruty.yml到：- { path: '^/(confirm/){1}.+', role: IS_AUTHENTICATED_ANONYMOUSLY }

同时检查网址的注册电子邮件 - 它应该指向example.com/confirmation/???

Answer 2

检查security.yml 这种配置有工作！

## app/config/security.yml 

## ... 

firewalls: 
    # This firewall is used to handle the public login area 
    # This part is handled by the FOS User Bundle 
    main: 
     pattern: ^/ 
     form_login: 
      # redirect to "/login" path if you aren't an admin 
      login_path: fos_user_security_login 
      check_path: fos_user_security_check 
      provider: fos_userbundle 
      #csrf_provider: form.csrf_provider 
      #always_use_default_target_path: true 
      #default_target_path: homepage 
      csrf_token_generator: security.csrf.token_manager 

     remember_me: 
      secret: '%secret%' 
      lifetime: 604800 
      domain: ".%domain_name%" 
      always_remember_me: true 
     anonymous: true 
     logout: 
      path: fos_user_security_logout 

另外，在同一security.yml您可以添加此行：

access_control: 
     - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY } 
     - { path: ^/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY } 
     - { path: ^/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY } 
     - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } 

这个配置应该工作。 还有一些具有确定主机的另一种方法：

access_control: 
     - { path: ^/logout$,  host: ^%domain_name%$,   roles: IS_AUTHENTICATED_ANONYMOUSLY } 
     - { path: ^/login$,   host: ^%domain_name%$,   roles: IS_AUTHENTICATED_ANONYMOUSLY } 
     - { path: ^/register,  host: ^%domain_name%$,   roles: IS_AUTHENTICATED_ANONYMOUSLY } 
     - { path: ^/resetting,  host: ^%domain_name%$,   roles: ROLE_USER } 

%domain_name% - 是您的域名即example.com，你应该在app/config/parameters.yml