Search code examples
symfonyfosuserbundle

FOS User bundle confirm link forces you to login

I've been asked to add a confirmation email into a CRM, whereupon a user will sign up then be sent an email with a link to confirm in order to enable their account. However, whenever the link is clicked it instantly redirects to the login page, which is useless since they have not confirmed it. I've tried to exclude it in the security.yml file, but thus far no luck.

I've tried:

- { path: ^/register/*, role: IS_AUTHENTICATED_ANONYMOUSLY }

- { path: ^/confirm/, role: IS_AUTHENTICATED_ANONYMOUSLY }

- { path: ^/register/confirm/*, role: IS_AUTHENTICATED_ANONYMOUSLY }

But none of these seem to work.

As requested, the routing file for FOS registration:

<?xml version="1.0" encoding="UTF-8" ?>

<routes xmlns="http://symfony.com/schema/routing"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://symfony.com/schema/routing http://symfony.com/schema/routing/routing-1.0.xsd">

    <route id="fos_user_registration_register" path="/" methods="GET POST">
        <default key="_controller">FOSUserBundle:Registration:register</default>
    </route>

    <route id="fos_user_registration_check_email" path="/check-email" methods="GET">
        <default key="_controller">FOSUserBundle:Registration:checkEmail</default>
    </route>

    <route id="fos_user_registration_confirm" path="/confirm/{token}" methods="GET">
        <default key="_controller">FOSUserBundle:Registration:confirm</default>
    </route>

    <route id="fos_user_registration_confirmed" path="/confirmed" methods="GET">
        <default key="_controller">FOSUserBundle:Registration:confirmed</default>
    </route>

</routes>

FOS User config:

fos_user:
    db_driver: orm
    firewall_name: main
    user_class: AppBundle\Entity\User
    registration:
        confirmation:
            enabled: true
            template:   emails/registration.html.twig
            from_email:
                address:        noreply@siteemail.co.uk
                sender_name:    #sender name here#
    resetting:
        email:
            from_email:
                address:        noreply@siteemail.co.uk
                sender_name:    #sender name here#
            template: emails/password_reset.html.twig

Symfony 3.1 / FOS User Bundle 2.0 Any help is appreciated.

Solution

  • IMHO because the confirm route is path="/confirm/{token}" then you have to allow the ^/(confirm/){1}.+ path to be athenticated anonymously in the security.yml, because user is not authenticated yet during the confirmation.

    So edit the security.yml to: - { path: '^/(confirm/){1}.+', role: IS_AUTHENTICATED_ANONYMOUSLY }

    Also check the url in the registration email - it should point to example.com/confirmation/???