身份验证/登录中的凭据错误 - Symfony2
[英]Bad credentials in authentication / login - Symfony2
问题描述
I'm new to symfony2 and doctrine. 
我是symfony2和doctrine的新手。 I am trying the authentication system based on documents and some tutorials. 我正在尝试基于文档和一些教程的身份验证系统。 I don't know know why I'm finding it so hard. 我不知道为什么我这么难找到它。
Here is what I did based on 2 separate tutorials. 这是我基于2个单独的教程做的。
My User Entity: 我的用户实体:
<?php
// src/Acme/UserBundle/Entity/User.php
namespace Login\LoginBundle\Entity;
use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\UserInterface;
/**
* Login\LoginBundle\Entity\User
*
* @ORM\Table(name="tb_user")
* @ORM\Entity(repositoryClass="Login\LoginBundle\Entity\UserRepository")
*/
class User implements UserInterface, \Serializable
{
/**
* @ORM\Column(type="integer")
* @ORM\Id
* @ORM\GeneratedValue(strategy="AUTO")
*/
private $id;
/**
* @ORM\Column(type="string", length=25, unique=true)
*/
private $username;
/**
* @ORM\Column(type="string", length=32)
*/
private $salt;
/**
* @ORM\Column(type="string", length=64)
*/
private $password;
/**
* @ORM\Column(type="string", length=60, unique=true)
*/
private $email;
/**
* @ORM\Column(name="is_active", type="boolean")
*/
private $isActive;
public function __construct()
{
$this->isActive = true;
$this->salt = md5(uniqid(null, true));
}
/**
* @inheritDoc
*/
public function getUsername()
{
return $this->username;
}
/**
* @inheritDoc
*/
public function getSalt()
{
return $this->salt;
}
/**
* @inheritDoc
*/
public function getPassword()
{
return $this->password;
}
/**
* @inheritDoc
*/
public function getRoles()
{
return array('ROLE_USER');
}
/**
* @inheritDoc
*/
public function eraseCredentials()
{
}
/**
* @see \Serializable::serialize()
*/
public function serialize()
{
return serialize(array(
$this->id,
$this->username,
$this->salt,
$this->password,
));
}
/**
* @see \Serializable::unserialize()
*/
public function unserialize($serialized)
{
list (
$this->id,
$this->username,
$this->salt,
$this->password,
) = unserialize($serialized);
}
/**
* Get id
*
* @return integer
*/
public function getId()
{
return $this->id;
}
/**
* Set username
*
* @param string $username
* @return User
*/
public function setUsername($username)
{
$this->username = $username;
return $this;
}
/**
* Set salt
*
* @param string $salt
* @return User
*/
public function setSalt($salt)
{
$this->salt = $salt;
return $this;
}
/**
* Set password
*
* @param string $password
* @return User
*/
public function setPassword($password)
{
$this->password = $password;
return $this;
}
/**
* Set email
*
* @param string $email
* @return User
*/
public function setEmail($email)
{
$this->email = $email;
return $this;
}
/**
* Get email
*
* @return string
*/
public function getEmail()
{
return $this->email;
}
/**
* Set isActive
*
* @param boolean $isActive
* @return User
*/
public function setIsActive($isActive)
{
$this->isActive = $isActive;
return $this;
}
/**
* Get isActive
*
* @return boolean
*/
public function getIsActive()
{
return $this->isActive;
}
}
My security.yml 我的security.yml
# app/config/security.yml
security:
encoders:
Login\LoginBundle\Entity\User:
algorithm: sha512
encode_as_base64: true
iterations: 1
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
providers:
administrators:
entity: { class: LoginLoginBundle:User, property: username }
firewalls:
admin_area:
pattern: ^/
anonymous: ~
form_login:
login_path: login
check_path: login_check
logout:
path: /logout
target: /login
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
My Controller 我的控制器
<?php
namespace Login\LoginBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Login\LoginBundle\Entity\User;
use Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder;
class DefaultController extends Controller
{
public function indexAction($name)
{
$user = new User();
$user->setUsername('aa');
$user->setEmail('admin@umahanov.com');
$user->setSalt(md5(time()));
$user->setIsActive(false);
$encoder = new MessageDigestPasswordEncoder('sha512',true,1);
$password = $encoder->encodePassword('1234', $user->getSalt());
$user->setPassword($password);
$manager = $this->getDoctrine()->getManager();
$manager->persist($user);
$manager->flush();
return $this->render('LoginLoginBundle:Default:index.html.twig', array('name' => $name));
}
}
So idea is to insert user when /hello/me is called. 所以想法是在调用/hello/me时插入用户。 And perform login when admin/hello/me is called. 并在调用admin/hello/me时执行登录。 Now after first iteration my database contains this data 现在,在第一次迭代后,我的数据库包含此数据
1
d033e22ae348aeb5660fc2140aec35850c4da997
admin
admin@example.com
1
But when I'm providing aa and 1234 as credentials in login form, it is showing * bad credentials . 但是,当我在登录表单中提供aa和1234作为凭据时,它显示* 错误的凭据 。 What I'm missing? 我错过了什么? * Is there any simple tutorial to describe whole authentication using symfony2 in easy way.Also with plain password. *是否有任何简单的教程来简单地使用symfony2来描述整个身份验证。还有简单的密码。 Please help...... please :( 请帮助......请:(
2 个解决方案
解决方案1
8 已采纳 2014-01-04 08:41:21
You are using Sha512 which generates a 128 chars hash. 您正在使用Sha512生成128个字符哈希。 Your database storage for password is 40 chars. 密码的数据库存储是40个字符。
Try Sha1 or other hashing algo which generates less than 40 chars hash. 尝试使用Sha1或其他散列算法生成少于40个字符散列。 Or increase the storage size for that field. 或者增加该字段的存储大小。
解决方案2
0 2015-02-21 08:23:00
note: if you generate salt at entity (construct) 注意:如果在实体(构造)生成salt
public function __construct()
{
...
$this->salt = md5(uniqid(null, true));
}
You dont need to do that again with 你不需要再做那件事
$user->setSalt(md5(time()));
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.