An Error occurred while handling another error:
exception 'yii\web\ForbiddenHttpException' with message 'Login
Required' in
C:\wamp\www\k\kometonline\vendor\yiisoft\yii2\web\User.php:431
Am getting this error after installing RBAC in backend admin login page (site.com/backend/web/site/login). Whats the main cause of this problem. I don't know what code to post. Please comment below If you need any code. Thanks in advance.
I encountered the same error while installing RBAC in backend admin login page while following this tutorial:
RBAC Super Simple with Admin and User
You may try doing the changes you made at the frontend login SiteController and see if works. The difference between these two SiteControllers is that the frontend already uses access rules in its behavior method.
From there you can compare the SiteControllers at backend and frontend and see what makes it work. In my case I simply added one line
'only' => ['logout'],
just below
'class' => AccessControl::className(),
and it worked!
While I know the solution worked for the OP and is a few years old, I wanted to post how I solved this for myself, in the hope of offering an alternate solution.
In my case, I specified the following actions
'rules' => [
[
'actions' => ['logout', 'index',],
'allow' => true,
'roles' => ['#'],
],
This specified that the index and logout was protected by a password, The
*"'roles' => ['#']"*
say that only authenticated users can invoke these actions.
Therefore, when my application restarted, it tried to direct to the login action and error presented. I solved this by specifying a rule for non logged in users (a.k.a guests) by specifying the role
*"'roles' => ['?']"*
My behavior method therefore changed to
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['logout', 'index',],
'allow' => true,
'roles' => ['#'],
],
[
'actions' => ['login'],
'allow' => true,
'roles' => ['?'],
],
],
],
];
}
Related
The user appears to be automatically logged out if the website has been idle for about an hour. Is it possible that they are not logged out for at least a month.
I've tried changing the parameters.
'user' => [
'identityClass' => 'app\models\User',
'enableAutoLogin' => false,
'authTimeout' => 3600*24*30,
],
'session'=>[
'class' => 'yii\web\Session',
'timeout' => 3600*24*30,
],
I've tried session php.ini parameters:
And I've tried setting the login parameters:
Yii::$app->user->login($this->getUserById($userId), 3600*24*30);
My Yii 2 application was progressing well until I received an unusual error bout a bad HTTP request.
HTTP 400 Unable to verify your data Submission.
I have looked it up and much of the literature indicates the cause being due to a CSRF issue. However, the CSRF components are all in place within the HTML head section and the hidden field is submitting the correct token.
Additional Info
Yii version = 2.0.12 App Basic
PHP version = 5.6
OS = Ubuntu
I have disabled all the security firmware of the host but I still get the error. Please help the site is in Prod already and I can not find how to solve this many thanks in advance.
web/config/main.php
$config = [
'components' => [
'session' => ['class' => 'yii\web\DbSession'],
'request' => [
'cookieValidationKey' => 'AAOSL2no3kbkJwRA4CNwDuB5g5T5_58t',
],
'cache' => [
'class' => 'yii\caching\FileCache',
],
'user' => [
'identityClass' => 'app\models\User',
'enableAutoLogin' => true,
],
'errorHandler' => ['errorAction' => 'site/error'],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning'],
],
],
],
'db' => $db,
'urlManager' => [
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [
],
],
],
'params' => $params,
];
if (YII_ENV_DEV) {
$config['bootstrap'][] = 'debug';
$config['modules']['debug'] = [
'class' => 'yii\debug\Module',
//'allowedIPs' => ['127.0.0.1', '::1'],
];
$config['bootstrap'][] = 'gii';
$config['modules']['gii'] = [
'class' => 'yii\gii\Module',
//'allowedIPs' => ['127.0.0.1', '::1'],
];
}
return $config;
As per Change Logs, BugFix and Enhancement related to CSRF cookie.
2.0.13 November 03, 2017 updates include
Bug #14542: Ensured only ASCII characters are in CSRF cookie value since binary data causes issues with ModSecurity and some browsers (samdark)
Enh #14087: Added yii\web\View::registerCsrfMetaTags() method that registers CSRF tags dynamically ensuring that caching doesn't interfere (RobinKamps).
2.0.14 February 18, 2018 updates include
Bug #15317: Regenerate CSRF token if an empty value is given
Enh #15496: (CVE-2018-6009): CSRF token is now regenerated on changing identity (samdark, rhertogh)(sammousa)
So update your framework to the latest version 2.0.14 use composer update via terminal inside your project root, once updated make sure you have the
<?= Html::csrfMetaTags () ?>
inside the <head> tag of the layout file you are using either main.php or any other custom name.
If still persist you can disable it for the specific action inside the beforeAction
public function beforeAction($action)
{
if ($action->id == 'action-name') {
$this->enableCsrfValidation = false;
}
return parent::beforeAction($action);
}
or for a specific controller by adding
public $enableCsrfValidation = false;
Add <?= Html::csrfMetaTags() ?> in your view, or add in layout(main.php)
I have implemented a set of rules but when a user attempts to access a restricted area, I am getting a text output instead of a nice boostrap alert. How can I get this working again?
Rule:
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['index', 'view'],
'rules' => [
[
'roles' => ['#'],
'actions' => ['index', 'view'],
'allow' => true,
],
],
],
Exception message:
An Error occurred while handling another error:
exception 'yii\web\ForbiddenHttpException' with message 'You are not allowed to perform this action!.' in ###\vendor\yiisoft\yii2\filters\AccessControl.php:151
Stack trace:...
Thanks Bizley for your help. I followed your instructions and discovered that I rather stupidly copied my rules to my site/error page meaning that I accidentally blocked the ability to see the error page!!! I removed the offending rule and all is working.
I developing a site with two different registrations, and I have 2 different table, One is user and 2nd is admin.In the web.config how to I can set both tables in the components section. For this I am tried this my code is that :-
'user' => [
'identityClass' => 'app\models\Users',
'enableAutoLogin' => true,
],
'admin' => [
//'class' => 'yii\web\User'
'identityClass' => 'app\models\adminUser',
'enableAutoLogin' => true,
],
But when run run my application its showing error message erro message is that :-
Invalid Configuration – yii\base\InvalidConfigException
I also tried this multiple user identity in config Yii2 when I add class its showing blank page.
Thank you
I have a yii2 basic application with 2 parts (web and service for mobile).
I have created a module to handle the restful requests fired from mobile . I want to configure this module to be rest. So I created a config file for this module in side the module directory. as mentioned in the yii2 documentation for modules
/config/config.php:
return [
'components' => [
'urlManager' => [
'class' => 'yii\web\UrlManager',
// Disable index.php
'showScriptName' => false,
// Disable r= routes
'enablePrettyUrl' => true,
'enableStrictParsing' => false,
'rules' => array(
[
'class' => 'yii\rest\UrlRule',
'controller' => 'mobile/mobile-clients',
'extraPatterns' => ['GET search' => 'search']
],
),
],
'request' => [
'class' => '\yii\web\Request',
'enableCookieValidation' => false,
'parsers' => [
'application/json' => 'yii\web\JsonParser',
],
],
]
];
the module class is as follows:
<?php
namespace app\modules\Mobile;
use Yii;
use yii\base\Module;
class MobileService extends Module {
public $controllerNamespace = 'app\modules\Mobile\controllers';
public function init() {
parent::init();
Yii::configure($this, require(__DIR__ .DIRECTORY_SEPARATOR
.'config'.DIRECTORY_SEPARATOR .'config.php'));
}
}
The problem is that the request component is not working as expected while it works fine when configured in the application configuration (config/main.php)
same for the urlManager.
Any Ideas?
The Solution to my problem is to create api application that is a new application inside the yii2 basic app. It shares the models and the vendors directory but has its own configuration and entry script (index.php). This is the solution link for more information .
EDIT:
Do not forget to add the user component in the api.config file
'user' => [
'identityClass' => 'app\models\User',
'enableAutoLogin' => false,
],
I think using yii2 advanced application structure is better for a case like mine. But this solution works perfect :) .
Best.