[英]Symfony 4 API Platform+LexikJWTAuthenticationBundle : Bad credentials
I am trying to create JWT Authentication with the LexikJWTAuthenticationBundle. 我正在尝试使用LexikJWTAuthenticationBundle创建JWT身份验证。
On both http://127.0.0.1:8000/api/
and http://127.0.0.1:8000/api/login_check?username=****&password=****
I get 在
http://127.0.0.1:8000/api/
和http://127.0.0.1:8000/api/login_check?username=****&password=****
我都得到
{
"code": 401,
"message": "Bad credentials"
}
as a respond. 作为回应。
My security.yaml looks like this: 我的security.yaml如下所示:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
App\Entity\User:
algorithm: bcrypt
providers:
my_provider:
entity:
class: App\Entity\User
property: username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/backend/api/login
stateless: true
form_login:
check_path: /backend/api/login_check
username_parameter: _username
password_parameter: _password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
require_previous_session: false
guard:
authenticators:
- App\Security\LoginFormAuthenticator
api:
pattern: ^/api
stateless: true
lexik_jwt: ~
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
access_control:
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
The routes.yaml is: route.yaml为:
api_login_check:
path: api/login_check
The lexik_jwt_authentication.yaml : lexik_jwt_authentication.yaml :
lexik_jwt_authentication:
secret_key: '%kernel.project_dir%/config/jwt/private.pem' # required for token creation
public_key: '%kernel.project_dir%/config/jwt/public.pem' # required for token verification
pass_phrase: 'pass' # required for token creation, usage of an environment variable is recommended
token_ttl: 86400
The Entity/User.php file: Entity / User.php文件:
<?php
namespace App\Entity;
use ApiPlatform\Core\Annotation\ApiResource;
use Doctrine\ORM\Mapping as ORM;
use FOS\UserBundle\Model\User as BaseUser;
use Symfony\Component\Security\Core\User\UserInterface;
/**
* @ApiResource()
* @ORM\Table(name="user")
* @ORM\Entity(repositoryClass="App\Repository\UserRepository")
*/
class User implements UserInterface, \Serializable
{
/**
* @ORM\Id()
* @ORM\GeneratedValue()
* @ORM\Column(type="integer")
*/
private $id;
/**
* @ORM\Column(type="string", length=255)
*/
private $username;
/**
* @ORM\Column(type="string", length=255)
*/
private $fullname;
/**
* @ORM\Column(type="string", length=255)
*/
private $password;
/**
* @ORM\Column(type="string", length=255)
*/
private $email;
/**
* @ORM\Column(type="string", length=255, nullable=true)
*/
private $mobile;
/**
* @ORM\Column(type="string", length=255, nullable=true)
*/
private $bild;
/**
* @ORM\Column(type="boolean")
*/
private $status;
/**
* @ORM\Column(type="integer")
*/
private $usergroupid;
/**
* @ORM\Column(type="string", length=255, nullable=true)
*/
private $activewidgetid;
public function getId(): ?int
{
return $this->id;
}
public function getUsername(): ?string
{
return $this->username;
}
public function setUsername(string $username): self
{
$this->username = $username;
return $this;
}
public function getFullname(): ?string
{
return $this->fullname;
}
public function setFullname(string $fullname): self
{
$this->fullname = $fullname;
return $this;
}
public function getPassword(): ?string
{
return $this->password;
}
public function setPassword(string $password): self
{
$this->password = $password;
return $this;
}
public function getEmail(): ?string
{
return $this->email;
}
public function setEmail(string $email): self
{
$this->email = $email;
return $this;
}
public function getMobile(): ?string
{
return $this->mobile;
}
public function setMobile(?string $mobile): self
{
$this->mobile = $mobile;
return $this;
}
public function getBild(): ?string
{
return $this->bild;
}
public function setBild(?string $bild): self
{
$this->bild = $bild;
return $this;
}
public function getStatus(): ?bool
{
return $this->status;
}
public function setStatus(bool $status): self
{
$this->status = $status;
return $this;
}
public function setEnabled(bool $enabled): self
{
$this->enabled = $enabled;
return $this;
}
public function setSuperAdmin(bool $enabled): self
{
$this->enabled = $enabled;
return $this;
}
public function getUsergroupid(): ?int
{
return $this->usergroupid;
}
public function setUsergroupid(int $usergroupid): self
{
$this->usergroupid = $usergroupid;
return $this;
}
public function getActivewidgetid(): ?string
{
return $this->activewidgetid;
}
public function setActivewidgetid(?string $activewidgetid): self
{
$this->activewidgetid = $activewidgetid;
return $this;
}
public function getRoles()
{
return array('ROLE_ADMIN');
}
public function getSalt() {}
public function eraseCredentials() {}
public function serialize()
{
return serialize([
$this->id,
$this->username,
$this->password,
$this->email
]);
}
public function unserialize($string)
{
list (
$this->id,
$this->username,
$this->password,
$this->email
) = unserialize($string, ['allowed_classes' => false]);
}
}
I do not even have access even to the Swagger, my api_platfrom.yaml looks like: 我什至无法访问Swagger,我的api_platfrom.yaml看起来像:
# api/config/packages/api_platform.yaml
api_platform:
swagger:
api_keys:
apiKey:
name: Authorization
type: header
The keys are also created: 还创建了密钥:
Any suggestion, solution? 有什么建议,解决方案吗? Thanks in advance
提前致谢
I think a made a step further. 我认为迈出了一步。
I changed the security.yaml to this: 我将security.yaml更改为:
security:
encoders:
App\Entity\User:
algorithm: bcrypt
providers:
entity_provider:
entity:
class: App\Entity\User
property: username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/login
stateless: true
anonymous: true
json_login:
check_path: /login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
register:
pattern: ^/register
stateless: true
anonymous: true
api:
pattern: ^/api
stateless: true
anonymous: false
provider: entity_provider
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/, roles: IS_AUTHENTICATED_FULLY }
and now my response on http://localhost:8000/api/
and /api/login_check
is 现在我对
http://localhost:8000/api/
和/api/login_check
是
{
"code": 401,
"message": "JWT Token not found"
}
I get the same response, even if I try it with CURL: 即使使用CURL尝试也得到相同的响应:
The /api lokked before the LexikJTW bundle like this demo: https://demo.api-platform.com / api像下面的演示一样在LexikJTW软件包之前出现: https ://demo.api-platform.com
How can I bring back the api plafrom and get the token as response? 我怎样才能带回api平台并获得令牌作为响应? I am running out of ideas and options...
我的想法和选择都用光了。
I solved it. 我解决了 The changes that I did in my security.yml :
我在security.yml中所做的更改:
security:
encoders:
App\Entity\User:
algorithm: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
entity_provider:
entity:
class: App\Entity\User
property: username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/login
stateless: true
anonymous: true
form_login:
check_path: api_login_check
login_path: api_login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
require_previous_session: false
username_parameter: username
password_parameter: password
api:
pattern: ^/api
stateless: true
provider: entity_provider
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/, roles: IS_AUTHENTICATED_FULLY}
and now on localhost:8000/login_check
I can get the token: 现在在
localhost:8000/login_check
我可以获取令牌:
after that when I try to access localhost:8000/api (for ex. with curl -H "Authorization: Bearer [TOKEN]" http://localhost:8000/api ), I get an error response: 之后,当我尝试访问localhost:8000 / api(例如,使用curl -H“ Authorization:Bearer [TOKEN]” http:// localhost:8000 / api )时,出现错误响应:
{
"code": 401,
"message": "Unable to find key \"username\" in the token payload."
}
but that is another case. 但这是另一种情况。 I will mark this as solved.
我将其标记为已解决。 Hope it will help someone.
希望它会帮助某人。
here is an example that works for me, with FOSUserBundle : 这是一个适合我的示例,使用FOSUserBundle:
security.yaml security.yaml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/_(profiler|wdt)
security: false
api:
pattern: ^/api/users # protected path
stateless: true
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
main:
stateless: true
anonymous: true
provider: fos_userbundle
json_login:
check_path: /authentication_token
username_path: username
password_path: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
api_plateform.yaml api_plateform.yaml
api_platform:
mapping:
paths: ['%kernel.project_dir%/src/Entity']
# enable_fos_user: true
swagger:
api_keys:
apiKey:
name: Authorization
type: header
routing.yaml routing.yaml
# app/config/routing.yml
fos_user:
resource: "@FOSUserBundle/Resources/config/routing/all.xml"
authentication_token:
path: /authentication_token
methods: ['POST']
lexik_jwt_authentication.yaml lexik_jwt_authentication.yaml
lexik_jwt_authentication:
secret_key: '%kernel.project_dir%/config/jwt/private.pem'
public_key: '%kernel.project_dir%/config/jwt/public.pem'
pass_phrase: 'your pass phrase'
token_ttl: 3600
and make sure that line is deleted on "access_control" : 并确保在“ access_control”上删除该行:
- { path: ^/api/, roles: IS_AUTHENTICATED_FULLY }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.