stackoom
  简体   繁体   中英

Symfony3 authorization doesn't work - always wrong credentials

 原文  2017-04-04 11:08:44       php/ symfony/ login/ authorization/ symfony-3.2

Question

I'm working on login form in Symfony3 but no matter what I did, I can't authorize user and it always says that credentials are incorrect.

Some details.

Database - user table - contains below list of columns: id, first_name, last_name, username, email, password, is_admin, code, guid, secret, confirmed, created and status. Five of them are important and here they are: username , email , password , is_admin and status .

I would like to authorize users with username or email and password but also by check, if they have is_admin set to false and status set to true. I think that I missed something in my logic but I don't know what and where.

security.yml 

security:
    encoders:
        AppBundle\Entity\StUser:
            algorithm: bcrypt
            cost: 12
    providers:
        our_db_provider:
            entity:
                class: AppBundle:StUser
                property: email
    firewalls:
        user_secured_area:
            pattern:   ^/([a-z]{2})/account
            form_login:
                login_path: login
                check_path: login
        user_login_area:
            anonymous: ~
            form_login:
                login_path: login
                check_path: login
                provider: our_db_provider
                username_parameter: email
                password_parameter: password
                csrf_token_generator: security.csrf.token_manager
        default:
            anonymous: ~
            http_basic: ~

login.html.twig 

<form action="{{ url }}" method="post">
    <div class="field text">
        <input type="text" id="email" name="email" value="">
    </div>
    <div class="field text">
        <input type="password" id="password" name="password">
    </div>
    <div class="field hidden">
        <input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}">
    </div>
    <div class="field button">
        <button type="submit">Login</button>
    </div>
</form>

AccountController.php 

namespace AppBundle\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;

use AppBundle\Entity\StUser;
use AppBundle\Helper\GuidHelper;
use AppBundle\Helper\EmailHelper;
use AppBundle\Helper\SecretHelper;
use AppBundle\Helper\NotificationHelper;
use AppBundle\Helper\Validation\UserActivationValidation;
use AppBundle\Helper\Validation\UserRegistrationValidation;

class AccountController extends Controller
{
    public function loginAction(Request $request)
    {
        $helper = $this->get('security.authentication_utils');
        $error = $helper->getLastAuthenticationError();

        return $this->render('account/login.html.twig', array( 'error' => $error ));
    }
}

StUser.php entity 

namespace AppBundle\Entity;
use Symfony\Component\Security\Core\User\UserInterface;

class StUser implements UserInterface
{
    private $id;
    private $firstName;
    private $lastName;
    private $email;
    private $username;
    private $password;
    private $plainPassword;
    private $isAdmin = '0';
    private $code;
    private $guid;
    private $secret;
    private $confirmed;
    private $created = 'CURRENT_TIMESTAMP';
    private $status = '1';

    public function getId() { return $this->id; }
    public function setFirstName($firstName) { $this->firstName =     $firstName; return $this; }
    public function getFirstName() { return $this->firstName; }
    public function setLastName($lastName) { $this->lastName = $lastName; return $this; }
    public function getLastName() { return $this->lastName; }
    public function setEmail($email) { $this->email = $email; return $this; }
    public function getEmail() { return $this->email; }
    public function setUsername($username) { $this->username = $username; return $this; }
    public function getUsername() { return $this->username; }
    public function setPassword($password) { $this->password = $password; return $this; }
    public function getPassword() { return $this->password; }
    public function setPlainPassword($plainPassword) { $this->plainPassword = $plainPassword; return $this; }
    public function getPlainPassword() { return $this->plainPassword; }
    public function setCode($code) { $this->code = $code; return $this; }
    public function getCode() { return $this->code; }
    public function setGuid($guid) { $this->guid = $guid; return $this; }
    public function getGuid() { return $this->guid; }
    public function setSecret($secret) { $this->secret = $secret; return $this; }
    public function getSecret() { return $this->secret; }
    public function setIsAdmin($isAdmin) { $this->isAdmin = $isAdmin; return $this; }
    public function getIsAdmin() { return $this->isAdmin; }
    public function setConfirmed($confirmed) { $this->confirmed = $confirmed; return $this; }
    public function getConfirmed() { return $this->confirmed; }
    public function setCreated($created) { $this->created = $created; return $this; }
    public function getCreated() { return $this->created; }
    public function setStatus($status) { $this->status = $status; return $this; }
    public function getStatus() { return $this->status; }

    public function getRoles() { return null; }
    public function getSalt() { return null; }
    public function eraseCredentials() { }

    public function __construct($email = '', $password = '', $salt = '', $roles = array())
    {
        $this->email = $email;
        $this->password = $password;
    }
}

When I displayed sql query it looks that it checks onlt the email, nothing else.

Do I have to implement something else? Maybe UserRepository class? Or maybe my configuration is wrong?

Thanks in advance.

1 answers

solution1
 0 ACCPTED  2017-04-04 21:43:56

I see some strange differences with my security.yml. Look and find: 

security:

    encoders:
        AppBundle\Entity\User:
            algorithm: bcrypt
            cost: 12

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: ROLE_ADMIN

    providers:
        our_db_provider:
            entity:
                class: AppBundle:User
                property: email

    firewalls:
        # disables authentication for assets and the profiler, adapt it according to your needs
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        main:
            anonymous: ~
            pattern:    ^/
            provider: our_db_provider
            form_login:
                login_path: /login
                check_path: /login_check
                csrf_token_generator: security.csrf.token_manager       # FOR SYMFONY 2.7 OR BELOW USE:   csrf_provider: security.csrf.token_manager
            logout:
                path:   /logout
                target: /

    access_control:
        # require ROLE_ADMIN for /admin*
        - { path: ^/admin, roles: ROLE_ADMIN }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Symfony3 repository method doesn't work Symfony3/PHP7 Form submit doesn't work Symfony3 Custom User Provider doesn't work Symfony3 Authorization Process Symfony3 Command - pcntl doesn't works Angular5 with Symfony3 Authorization One field in form doesn't validate in Symfony3 Symfony3 LDAP authentication bind credentials Laravel Authorization doesn't work Symfony3 - wrong file permissions with LiipImagineBundle
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM