Actual Behavior

How does Sulu behave at the moment?
Media files on the Webpage (Images) return HTTP 302 and try to point to the community login form.

Expected Behavior

What is the behavior you expect?
Images load normally.

Steps to Reproduce

What are the steps to reproduce this bug? Please add code examples,
screenshots or links to GitHub repositories that reproduce the problem.
n/a

Hi, using the install instruction, I get the following error:

Configuration path "security.access_control" cannot be overwritten. You have to define all options for this path, and any of its sub-paths in one configuration section.

This is my security.yaml:

security:
access_decision_manager:
strategy: unanimous
allow_if_all_abstain: true

encoders:
    Sulu\Bundle\SecurityBundle\Entity\User: bcrypt

providers:
    sulu:
        id: sulu_security.user_provider

access_control:
    - { path: ^/admin/reset, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/security/reset, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/_wdt, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/translations, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin, roles: ROLE_USER }

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    admin:
        pattern: ^/admin(\/|$)
        anonymous: true
        lazy: true
        provider: sulu
        entry_point: sulu_security.authentication_entry_point
        json_login:
            check_path: sulu_admin.login_check
            success_handler: sulu_security.authentication_handler
            failure_handler: sulu_security.authentication_handler
        logout:
            path: sulu_admin.logout
            success_handler: sulu_security.logout_success_handler

    website:
        pattern: ^/
        anonymous: lazy
        # The login and logout routes need to be created.
        # For an advanced user management with registration and opt-in emails have a look at the:
        # https://github.com/sulu/SuluCommunityBundle
        # Also have a look at the user context based caching when you output user role specific data
        # https://docs.sulu.io/en/2.2/cookbook/user-context-caching.html
        form_login:
            login_path: login
            check_path: login
        logout:
            path: logout
            target: /
        remember_me:
            secret:   "%kernel.secret%"
            lifetime: 604800 # 1 week in seconds
            path:     /

sulu_security:
checker:
enabled: true

security_website.yml:

security:
encoders:
Sulu\Bundle\SecurityBundle\Entity\User: bcrypt

providers:
sulu:
id: sulu_security.user_provider

access_control:
# needed when firewall on ^/ is not anonymous
# - { path: '/login', roles: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: '/registration', roles: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: '/password-reset', roles: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: '/password-forget', roles: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: '/_fragment', roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '/profile', roles: ROLE_USER }
- { path: '/completion', roles: ROLE_USER }

firewalls:
:
pattern: ^/
anonymous: lazy
form_login:
login_path: sulu_community.login
check_path: sulu_community.login
logout:
path: sulu_community.logout
target: /
remember_me:
secret: "%kernel.secret%"
lifetime: 604800 # 1 week in seconds
path: /

sulu_security:
checker:
enabled: true

sulu_community.yaml:

sulu_community:
webspaces:
:
from: "%env(SULU_ADMIN_EMAIL)%"

• Doc Full Configuration Example
• Doc Create Login
• Doc Create Registration
• Doc Create Password Reset / Forget
• Doc Create Profile
• Doc Completion Listener
• Doc Blacklisting
• #10

Actual Behavior

User can not login when he lost his confirmed mail.

Expected Behavior

User can resend his registration email.

Steps to Reproduce

Register a user when e.g. postfix is not running.

Possible Solutions

For this a new resend confirm mail when he tries to password forget or login with an unconfirmed user.

Actual Behavior

Error during cache:clear on composer auto-script :

In PropertyMetadata.php line 40:
Property "country" does not exist in class "Sulu\Bundle\ContactBundle\Entity\Address"

Possible Solutions

Solving by commenting L.96 to L.105 of "community-bundle\Resources\config\validation.xml"

<class name="Sulu\Bundle\ContactBundle\Entity\Address">
    <property name="country">
        <constraint name="NotBlank">
            <option name="groups">
                <value>registration</value>
                <value>profile</value>
            </option>
        </constraint>
    </property>
</class>

Expected Behavior

The configuration for the security bundle in the test environment (https://github.com/sulu/SuluCommunityBundle/blob/develop/Resources/doc/2-setup-webspace.md#enable-security) in the documentation should set the provider to testprovider. Otherwise, the security:check command will throw the following error:

Not configuring explicitly the provider for the "form_login" listener on "webspace-xyz" firewall is ambiguous as there is more than one registered provider.

Furthermore, the configuration should also activate the TestUserProvider of Sulu with the following config:

security:
    # ...
    firewalls:
        <webspace_key>:
            provider: testprovider
            # ...

sulu_test:
    enable_test_user_provider: true

Otherwise the configuration will lead to the following error:

The service "security.context_listener.0" has a dependency on a non-existent service "test_user_provider".

Actual Behavior

You can not set any form options.
It will error as unrecognized option.

Actual Behavior

When calling confirmation link like:
http://test.com/en/confirmation/bEKXXK_Jjk4YCPSAVYfsrmcxoQgAIgH9WvenwTeR8sg

with redirect link:
/confirmation-completed

i get redirected to sulus default language:

http://test.com/de/confirmation-completed

Expected Behavior

I should be redirected to/en/confirmation-completed

Actual Behavior

The texts are hardcoded by the theme developer.

Expected Behavior

Content manager should be able to change the text and insert user information (Username, Password Reset Url, ...) with a placeholder.

Problem description

Currently the community bundle uses the term blacklist which we should avoid.

Proposed solution

As it some time ago discussed the list can be used to block or not block things I would suggest the name RegistrationRule and so RegistrationRuleItem for the entities.

Actual Behavior

if in dev environment path('sulu_community') = /de/login
when changed into stage env path('sulu_community') = /login
so it creates a redirect and lose my post data.
both webspaces environments are with /{localization} and the route include is type portal.

Expected Behavior

in both environments it will prefix the language.

Steps to Reproduce

Install sulu and change env, just look at the action of the login form.

Possible Solutions

I fixed it by removing type portal and add prefix: /{_locale}

The main processes should be tested in the automated testcases:

• Register
• Confirmation
• Blacklist
• Login
• Password-reset

Actual Behavior

Currently no UI for sulu 2.0 exist.

Expected Behavior

Create UI for blacklisting and move add into a custom form.

Steps to Reproduce

1. Install develop branch on sulu 2.0
2. Access admin v2 no blacklisting is shown

Actual Behavior

You can reset a password of a user which is not enabled.

Expected Behavior

A. User can not disabled because he has not confirm his Mail Address
B. User can reset the password and is automatically enabled because he did confirm the email over the password reset link.

Actual Behavior

You can't change name of the website system role with the back office without editing role name in the config of sulu community bundle otherwise when a user is registered, there is an message error :
[Symfony\Component\Debug\Exception\ContextErrorException] Catchable Fatal Error: Argument 1 passed to Sulu\Bundle\SecurityBundle\Entity\BaseUserRole::setRole() must implement interface Sulu\Component\Security\Authentication\RoleInterface, null given, called in /Users/xxxx/Travail/www/xxxxx/www/private/vendor/sul u/community-bundle/Manager/UserManager.php on line 175 and defined

DefaultUser is set as the default name in the config and mismatch with the role stored in the db.

By the way, the role option in the configuration is missing in the documentation

Expected Behavior

No errors

Steps to Reproduce

Change the community role name only in the backoffice and register a user.

Possible Solutions

Maybe the role name of website system should not be editable in the back office or a webspace and a default flag could be defined with it.

Actual Behavior

Currently each bundle need include `

Expected Behavior

Own service in sulu/sulu which will return this values.

Actual Behavior

Missing translations in Sulu admin "Settings > navigation.settings.blacklist"

Expected Behavior

Has default translations.

Steps to Reproduce

Include CommunityBundle to Sulu.

Possible Solutions

Add default translations.

Actual Behavior

When calling the route /logout Symfony returns the error: Unable to find the controller for path "/logout". The route is wrongly configured.

Expected Behavior

The session cookies should be revoked and the login session should be ended.

Steps to Reproduce

1. Set up the logout route as mentioned in the documentation.
2. Open a Session through your login form.
3. Call the logout route which is www.example.com/logout by default.
4. Get the error.

Possible Solutions

Maybe move the logout route to the same area as the protection / firewall zone? But this still didn't work on ^/.

Discussed in #160

When a form isn't valid, Turbo expects a HTTP 422 code to be returned.
Otherwise form errors aren't handled correctly.

Actual Behavior

This bundle is using the old way of calling $this->render('...', ['form' => $form->createView()]).
This always returns a HTTP 200 code regardless of form errors.

Expected Behavior

Every form of this bundle should return a HTTP 422 when given data isn't valid.

Steps to Reproduce

Using Hotwire Turbo and this bundle, submit any form with invalid value and see the problem: no error displayed and no redirection.

Possible Solutions

As of Symfony version 5.4, you can use the renderForm() method: $this->renderForm('...', ['form' => $form]) (see: https://symfony.com/doc/5.4/forms.html#rendering-forms).
Note that, as of Sf 6.2 the renderForm() method is deprecated in favor of directly passing the FormInterface instance to render(): $this->render('...', ['form' => $form])

Actual Behavior

Impossible to install SuluCommunityBundle via composer on a Sulu 2.5 installation.
Dependencies outdated.

Steps to Reproduce

composer require sulu/community-bundle:^2.0@dev --no-scripts

Possible Solutions

Upgrade bundle dependencies in composer.json

Actual Behavior

Currently the community bundle does not error when webspace with specified key does not exist.

Expected Behavior

It should error when webspace with specified key does not exist.

Steps to Reproduce

Configurate community bundle for none existing webspace.

Possible Solutions

Add check to community manager and user manager compilerpass. Currently not easy possible as the webspace manager service is not available in the compilerpass.

  [Symfony\Component\DependencyInjection\Exception\RuntimeException]
  You have requested a synthetic service ("kernel"). The DIC does not know how to construct this servic

Actual Behavior

Currently you can only set the from and to email address.

Expected Behavior

It should also be possible to set the from and to name. They should fallback to the webspace name when not set!

Possible Solutions

It should be allow the old syntax and the new one:

from: [email protected]
to: [email protected]

New:

from: 
    email: [email protected]
    name: Test
to: 
    email: [email protected]
    name: Test

Actual Behavior

The system added by the bundle is not shown in the select, when editing a role

Expected Behavior

The system should be shown in the select, to avoid loose it when editing a role

Steps to Reproduce

Install the bundle, init the bundle and edit a role

Actual Behavior

I currently try to use this bundle into a personal project, and I need to listen some community related event to execute related actions in my code. But some actions do not send an event when executed, such as email confirmation.

Expected Behavior

Each actions from this bundle should dispatch at least an event when performing.
By the way, ideally there should be some pre/post events so we can extend this bundle.

Actual Behavior

The community events are dispatched before the entity is saved.

Expected Behavior

Because it are post events registered it should dispatch the event after the user was saved.

Actual Behavior

The cache is set normally to 240 which will make problems when the user logout and land again on the same page which he visited the last 240seconds.

Expected Behavior

It should be documented how to deactivate the client and proxy cache.:

sulu_http_cache:
    handlers:
        public:
            max_age: 0
            shared_max_age: 0

Actual Behavior

There is no option for users to disable/remove their account.

Expected Behavior

The user should have an option to remove their account.

Possible Solutions

• In profile settings the user should be able to click on Remove Profile
• The user receives an email with temporary link
• When clicking the link the contact remove is called (the same what happens when you remove it from the admin ui).

| Bug? | yes?
| Sulu Version | 1.4.7
| Browser Version | Chrome 56.0.2924.87

Actual Behavior

I registered a user but then I tried to log on, it just reload the login page without authentification...

Expected Behavior

I should be authenticated, right?
(Is it ok that the form login call the same login action. I did not see authentication in this action...)

Steps to Reproduce

I just installed and configured the bundle by following the documentation.

Possible Solutions

Thank you for your help!

Expected Behavior

The encoding algorithm of sulu minimal was changed to bcrypt: sulu/sulu-minimal@92a5f5f

Therefore we should update the Enable Security (https://github.com/sulu/SuluCommunityBundle/blob/develop/Resources/doc/2-setup-webspace.md#enable-security) section of the documentation.

Actual Behavior

I override some community controllers and need to check if user is logged or not. But controller action getUser throw an 403 Exception if no user is logged.

Expected Behavior

Method getUser should not throw an Exception.

Possible Solutions

If no user is logged, method getUser should return null and exception should be thrown in calling method.

Hello everyone,

I've been working on the Sulu contact section, adding a new social media feature. Everything was working perfectly in the local environment, but when I deployed the project, I encountered a 404 error with the message: "There is no Metadata available for the type 'form' with the key 'contact_details' in /var/www/html/sources/vendor/sulu/sulu/src/Sulu/Bundle/AdminBundle/Metadata/FormMetadata/FormMetadataProvider.php on line 88."

I need your help to resolve this issue. If you have any ideas or solutions, please share them.

Actual Behavior

In the emails after a password reset there is only this:

Expected Behavior

There should be some text, not the translation key. Also I guess it should be password_resetted.

Steps to Reproduce

Trigger a password reset.

Possible Solutions

Fix the translation

Actual Behavior

Logged In Users can access Login Page an Registration Page

Expected Behavior

Logged in Users should be redirected when they try to access login or registration pages

Actual Behavior

A mainEmail address needs a email address else it is reseted.

Expected Behavior

When a mainEmail is written it needs to add this mail address also as contact email entity.

Steps to Reproduce

Create a new user with community bundle. Edit the contact in the backend the mainEmail address will be removed.

Possible Solutions

Add the email entity when not exist in the CommunityManager.

Actual Behavior

When you follow this tutorial and overwrite ONLY the user entity
https://docs.sulu.io/en/2.4/cookbook/extend-entities.html
everything works fine until you register. when you create a new account you will see an error:

Expected value of type "App\Entity\User" for association field "Sulu\Bundle\SecurityBundle\Entity\UserRole#$user", got "Sulu\Bundle\SecurityBundle\Entity\User" instead.

it seems like the default user role still use the Sulu User class instead of the overwritte one

Expected Behavior

User Role should use the model defined in sulu_security.yaml

Steps to Reproduce

Code Example is here: https://github.com/OpenTribes/Framework/

Possible Solutions

in the class vendor/sulu/community-bundle/Form/Type/RegistrationType.php

in configureOptions there is a default UserEntity used.

in order to fix this behavoir i replaced empty_data with

    public function configureOptions(OptionsResolver $resolver): void
    {

        $resolver->setDefaults(
            [
                'data_class' => UserInterface::class,
                'validation_groups' => ['registration'],
                'empty_data' => function (FormInterface $form) {
                    $user = new \App\Entity\User();
                    $user->setContact(new Contact());

                    return $user;
                },
            ]
        );
    }

and this way the registration works. i assume a UserEntityFactory could be use here somehow to get the overwritten entity

Actual Behavior

The bundle won't install.

[InvalidArgumentException]
Could not find package sulu/community-bundle in a version matching "2.0@dev" and a stability matching "dev".

Expected Behavior

Make the bundle installation ok

Steps to Reproduce

composer require sulu/community-bundle:^2.0@dev --no-scripts

Possible Solutions

Update composer.json

Actual Behavior

The admin can preview pages meant for registered users only, but misses the member-elements on that page (logged-in bar with menu, reaction-form, etc). This is quite confusing.

The preview in the backend partly ignores if you are logged in as a user or not.

1. It ignores my Accesscontrol rules defined in the websites' security.yml (that's good I guess).
2. In my twig-template I'm using {% if app.user %} to show/hide a member menu and/or other items for logged in users only. {% if app.user %} resolves always to false. That's unwanted behaviour and creates pages for the content-editor which do not exist.

Expected Behavior / Solution

The feature I'm proposing is a masquerade-as-user option within the preview. See my screenshots.
I suggest:

• if a website has 1-10 users, show them in the dropdown list box (see second screenshot)
• if a website has more users, use a text input field with auto-complete. Under the textfield there can be space for the 5 'used' users.

Just a suggestion off course. This would be a great tool to preview the website, specially in combination with SuluCommunityBundle.
Drupal has a module 'Masquerade' which does this. https://www.drupal.org/project/masquerade

My screenshots:

Actual Behavior

Its hard to change validation e.g. not unique username ...

Actual Behavior

When I run command

php bin/console sulu:community:init

system return:

09:49:52 ERROR [console] Error thrown while running command "sulu:community:init". Message: "Notice: Undefined property: Sulu\Bundle\CommunityBundle\Command\InitCommand::$entityManager" ["exception" => Symfony\Component\Debug\Excepti
on\ContextErrorException { …},"command" => "sulu:community:init","message" => "Notice: Undefined property: Sulu\Bundle\CommunityBundle\Command\InitCommand::$entityManager"]

In InitCommand.php line 61:

Notice: Undefined property: Sulu\Bundle\CommunityBundle\Command\InitCommand::$entityManager

Possible Solutions

in file:

vendor\sulu\community-bundle\Command\InitCommand.php

in line 64:

$this->entityManager->flush();

replace to:

$entityManager->flush();

Actual Behavior

Cannot install the bundle on Sulu 2.1RC2 due to newer packages and bundles for Sulu 2.1.

Expected Behavior

To be able to successfully install community-bundle.

Steps to Reproduce

Create a new 2.1RC2 skeleton and attempt to install the community-bundle.

Actual Behavior

The tests should run with --prefer-lowest. The problem is that sulu <1.5 is not able to run the tests with lowest.

Actual Behavior

When adding any content to security_website.yaml that isn't a comment, Symfony will return the following error:
Configuration path "<RULE NAME>" cannot be overwritten. You have to define all options for this path, and any of its sub-paths in one configuration section.

The """solution""" I found was to merge every security config file into one, which could be causing another Issue I've logged here:
https://stackoverflow.com/questions/31464972/configuration-path-security-access-control-cannot-be-overwritten

Expected Behavior

Both configuration files get applied to their respective parts of the webpage (Admin / Webspace)

Steps to Reproduce

1. Create security_website.yaml like the documentation
2. Populate the file with said preset content and firewall rules
3. Get the error when trying to load any page affected by the firewall zone

Actual Behavior

https://github.com/sulu/SuluCommunityBundle/blob/develop/Controller/ProfileController.php#L137

Sulu adds by default an address and a note. If you don't want this (only a form with the basic profile info such as username) it's almost not possible to skip this step.

Expected Behavior

It is possible to don't include an address/note field.

Steps to Reproduce

Save the form without the required address/note

Possible Solutions

Make this configurable or perhaps make addAddress / addNote protected instead of private. So it can be overwritten in a client specific class.

Actual Behavior

Cannot install the bundle on Sulu 2.2, composer say:

sulu/community-bundle[1.1.0, ..., 1.1.1] require sulu/sulu ^1.3 -> found sulu/sulu[1.3.0, ..., 1.6.37] but it conflicts with your root composer.json require (^2.2.0)

Expected Behavior

To be able to successfully install community-bundle.

Steps to Reproduce

Just start a new sulu project in the latest version and try to install the community-bundle

Possible Solutions

I think there is a problem with your release , the latest release is the 1.1.1 (2019) and this specific version specified sulu in 1.3 version. I'm not a composer expert but composer try to fetch the latest release i guess because in the latest commit your composer.json file does not specified sulu in 1.3 version.

Thank you for reading me and thanks for your work.

Expected Behavior

The role parameter should be mentioned in the Activate Community Features (https://github.com/sulu/SuluCommunityBundle/blob/develop/Resources/doc/2-setup-webspace.md#activate-community-features) section of the documentation.

Actual Behavior

The profile email address is currently read from the Contact Main Email. This make some problem because the content manager always need to change the contact and the user email adress.

Expected Behavior

The expect behaviour is the user email is read from the user itself on the profile and is written with the email token to an own entity.

Possible Solutions

Add an email field to EmailConfirmationToken entity.
Read (when exists) and write to this entity instead of the User entity.

Actual Behavior

When having 2 Webspaces a user from Webspace A can not get Permissions to access Webspace B.

Expected Behavior

User from Webspace A should be able to get permissions (the user role) for Webspace B.

Possible Solutions

A functionality could be added which will allow User form Webspace A register with the Login Data from Webspace A for Webspace B. It will work like "Login with Github" where he first need to enter its username and password of Webspace A which will send its request to a new Controller which will add the user the Role for Webspace B. After that he will be redirect to Webspace B where he is successfully logged in.