I have implemented a set of rules but when a user attempts to access a restricted area, I am getting a text output instead of a nice boostrap alert. How can I get this working again?
Rule:
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['index', 'view'],
'rules' => [
[
'roles' => ['#'],
'actions' => ['index', 'view'],
'allow' => true,
],
],
],
Exception message:
An Error occurred while handling another error:
exception 'yii\web\ForbiddenHttpException' with message 'You are not allowed to perform this action!.' in ###\vendor\yiisoft\yii2\filters\AccessControl.php:151
Stack trace:...
Thanks Bizley for your help. I followed your instructions and discovered that I rather stupidly copied my rules to my site/error page meaning that I accidentally blocked the ability to see the error page!!! I removed the offending rule and all is working.
Related
I cannot send emails out in Yii2-usuario, e.g. when a password recovery is requested. Email is not working at all.
There is just a flash message saying
Unable to send recovery message to the user
I think that this is a transport problem. There are tons of things that can go wrong here: firewall issues, tls-/security-settings, self-signed certificates, wrong ports, hostname-typos, ...
How to debug transport layer? How to enable debugging to trace connection to the email service?
Found the error. In config/web.php the mailer was configured as:
'mailer' => [
'class' => 'yii\swiftmailer\Mailer',
'useFileTransport' => false,
'viewPath' => '#app/mail',
'htmlLayout' => 'layouts/main-html',
'textLayout' => 'layouts/main-text',
instead of
'mailer' => [
'class' => 'yii\swiftmailer\Mailer',
'useFileTransport' => false,
'viewPath' => '#app/mail',
'htmlLayout' => '#app/mail/layouts/main-html',
'textLayout' => '#app/mail/layouts/main-text',
The layout paths were wrong. So the Mailer could not render the messages and failed sending out emails since Yii2-usuario uses formatted emails.
Everything works now.
My Yii 2 application was progressing well until I received an unusual error bout a bad HTTP request.
HTTP 400 Unable to verify your data Submission.
I have looked it up and much of the literature indicates the cause being due to a CSRF issue. However, the CSRF components are all in place within the HTML head section and the hidden field is submitting the correct token.
Additional Info
Yii version = 2.0.12 App Basic
PHP version = 5.6
OS = Ubuntu
I have disabled all the security firmware of the host but I still get the error. Please help the site is in Prod already and I can not find how to solve this many thanks in advance.
web/config/main.php
$config = [
'components' => [
'session' => ['class' => 'yii\web\DbSession'],
'request' => [
'cookieValidationKey' => 'AAOSL2no3kbkJwRA4CNwDuB5g5T5_58t',
],
'cache' => [
'class' => 'yii\caching\FileCache',
],
'user' => [
'identityClass' => 'app\models\User',
'enableAutoLogin' => true,
],
'errorHandler' => ['errorAction' => 'site/error'],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning'],
],
],
],
'db' => $db,
'urlManager' => [
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [
],
],
],
'params' => $params,
];
if (YII_ENV_DEV) {
$config['bootstrap'][] = 'debug';
$config['modules']['debug'] = [
'class' => 'yii\debug\Module',
//'allowedIPs' => ['127.0.0.1', '::1'],
];
$config['bootstrap'][] = 'gii';
$config['modules']['gii'] = [
'class' => 'yii\gii\Module',
//'allowedIPs' => ['127.0.0.1', '::1'],
];
}
return $config;
As per Change Logs, BugFix and Enhancement related to CSRF cookie.
2.0.13 November 03, 2017 updates include
Bug #14542: Ensured only ASCII characters are in CSRF cookie value since binary data causes issues with ModSecurity and some browsers (samdark)
Enh #14087: Added yii\web\View::registerCsrfMetaTags() method that registers CSRF tags dynamically ensuring that caching doesn't interfere (RobinKamps).
2.0.14 February 18, 2018 updates include
Bug #15317: Regenerate CSRF token if an empty value is given
Enh #15496: (CVE-2018-6009): CSRF token is now regenerated on changing identity (samdark, rhertogh)(sammousa)
So update your framework to the latest version 2.0.14 use composer update via terminal inside your project root, once updated make sure you have the
<?= Html::csrfMetaTags () ?>
inside the <head> tag of the layout file you are using either main.php or any other custom name.
If still persist you can disable it for the specific action inside the beforeAction
public function beforeAction($action)
{
if ($action->id == 'action-name') {
$this->enableCsrfValidation = false;
}
return parent::beforeAction($action);
}
or for a specific controller by adding
public $enableCsrfValidation = false;
Add <?= Html::csrfMetaTags() ?> in your view, or add in layout(main.php)
I have problem with dektrium\yii2-user when sign up form submitted going to error Setting unknown property: dektrium\user\models\User::confirmed_at
i just setup config
'modules' => [
'user' => [
'class' => 'dektrium\user\Module',
],
help me out this error
i'm gonna guess you didn't run the migrations
php yii migrate/up --migrationPath=#vendor/dektrium/yii2-user/migrations
https://github.com/dektrium/yii2-user/blob/master/docs/getting-started.md
I developing a site with two different registrations, and I have 2 different table, One is user and 2nd is admin.In the web.config how to I can set both tables in the components section. For this I am tried this my code is that :-
'user' => [
'identityClass' => 'app\models\Users',
'enableAutoLogin' => true,
],
'admin' => [
//'class' => 'yii\web\User'
'identityClass' => 'app\models\adminUser',
'enableAutoLogin' => true,
],
But when run run my application its showing error message erro message is that :-
Invalid Configuration – yii\base\InvalidConfigException
I also tried this multiple user identity in config Yii2 when I add class its showing blank page.
Thank you
An Error occurred while handling another error:
exception 'yii\web\ForbiddenHttpException' with message 'Login
Required' in
C:\wamp\www\k\kometonline\vendor\yiisoft\yii2\web\User.php:431
Am getting this error after installing RBAC in backend admin login page (site.com/backend/web/site/login). Whats the main cause of this problem. I don't know what code to post. Please comment below If you need any code. Thanks in advance.
I encountered the same error while installing RBAC in backend admin login page while following this tutorial:
RBAC Super Simple with Admin and User
You may try doing the changes you made at the frontend login SiteController and see if works. The difference between these two SiteControllers is that the frontend already uses access rules in its behavior method.
From there you can compare the SiteControllers at backend and frontend and see what makes it work. In my case I simply added one line
'only' => ['logout'],
just below
'class' => AccessControl::className(),
and it worked!
While I know the solution worked for the OP and is a few years old, I wanted to post how I solved this for myself, in the hope of offering an alternate solution.
In my case, I specified the following actions
'rules' => [
[
'actions' => ['logout', 'index',],
'allow' => true,
'roles' => ['#'],
],
This specified that the index and logout was protected by a password, The
*"'roles' => ['#']"*
say that only authenticated users can invoke these actions.
Therefore, when my application restarted, it tried to direct to the login action and error presented. I solved this by specifying a rule for non logged in users (a.k.a guests) by specifying the role
*"'roles' => ['?']"*
My behavior method therefore changed to
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['logout', 'index',],
'allow' => true,
'roles' => ['#'],
],
[
'actions' => ['login'],
'allow' => true,
'roles' => ['?'],
],
],
],
];
}