Search code examples
symfonysymfony6pimcore

Symfony fails to load route post upgrade to Pimcore v11

Currently upgraded from Pimcore 10.6.9 to Pimcore 11

the command bin/console --ansi cache:clear used to display errors that I have fixed. Now that the command executed successfully , I am stuck at loading the home page and the admin page routes.

I get the following errors

while loading /

UnexpectedSessionUsageException [HTTP 500 Internal Server Error]

Session was used while the request was declared stateless.

OR

while loading /admin

AccessDeniedException - InsufficientAuthenticationException - HttpException [ HTTP 401 Unauthorized]

Full authentication is required to access this resource.

Currently using Symfony 6.3.7

I am unable to determine where the issue lies.

Here is a sample of my security.yaml file located at pomodoro\config\packages\security.yaml

`security: enable_authenticator_manager: true

providers:
    pimcore_admin:
        id: Pimcore\Security\User\UserProvider

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false

    pimcore_admin_webdav:
        pattern: ^/admin/asset/webdav
        provider: pimcore_admin
        http_basic: ~

    pimcore_admin:
        pattern: ^/admin(/.*)?$
        stateless: true
        provider: pimcore_admin
        login_throttling:
            max_attempts: 3
            interval: '5 minutes'

        logout:
            path: pimcore_admin_logout
            target: pimcore_admin_login
        custom_authenticators:
            - Pimcore\Bundle\AdminBundle\Security\Authenticator\AdminTokenAuthenticator
        two_factor:
            auth_form_path: /admin/login/2fa                   # Path or route name of the two-factor form
            check_path: /admin/login/2fa-verify                # Path or route name of the two-factor code check
            default_target_path: /admin            # Where to redirect by default after successful authentication
            always_use_default_target_path: false  # If it should always redirect to default_target_path
            auth_code_parameter_name: _auth_code   # Name of the parameter for the two-factor authentication code
            trusted_parameter_name: _trusted       # Name of the parameter for the trusted device option
            multi_factor: false                    # If ALL active two-factor methods need to be fulfilled (multi-factor authentication)

access_control:
    # Pimcore admin ACl  // DO NOT CHANGE!
    - { path: ^/admin/settings/display-custom-logo, roles: PUBLIC_ACCESS }
    - { path: ^/admin/login/2fa-verify, roles: IS_AUTHENTICATED_2FA_IN_PROGRESS}
    - { path: ^/admin/login/2fa, roles: IS_AUTHENTICATED_2FA_IN_PROGRESS}
    - { path: ^/admin/login$, roles: PUBLIC_ACCESS }
    - { path: ^/admin/login/(login|lostpassword|deeplink|csrf-token)$, roles: PUBLIC_ACCESS }
    - { path: ^/admin, roles: ROLE_PIMCORE_USER }

role_hierarchy:
    # Pimcore admin  // DO NOT CHANGE!
    ROLE_PIMCORE_ADMIN: [ROLE_PIMCORE_USER]

`

Solution

  • set security.firewalls.pimcore_admin: '%pimcore_admin_bundle.firewall_settings%'