Symfony安全配置，check_path轉到已定義的控制器

Question

我是symfony的新手，並且正在嘗試創建自己的身份驗證。 （我有外部身份驗證系統，所以我聲明了User類和UserProvider）我已經配置了一些路由，控制器和安全yml，但是當我發送登錄表單時，我卻遇到了錯誤提示

要訪問此資源，需要完全身份驗證。

這是我的安全性配置：

security:
encoders:
    App\Domain\User\ValueObject\User: bcrypt
providers:
    UserProvider:
        id: App\Providers\UserProvider

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    login:
        pattern: ^/login
        anonymous: ~
    login_others:
        pattern: ^/login/.*$
        anonymous: ~
    register:
        pattern: ^/register.*$
        anonymous: ~
    bye:
        pattern: ^/bye
        anonymous: ~
    main:
        provider: UserProvider
        pattern: ^/.*
        form_login:
            # submit the login form here
            check_path: user.login.check

            # the user is redirected here when they need to log in
            login_path: /login
        logout:
            path:   /logout
            target: /login
            invalidate_session: false

# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
     - { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
     - { path: ^/login/.*$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
     - { path: ^/register.*$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
     - { path: ^/bye$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
     - { path: ^/.+$, roles: ROLE_USER }

我的路線控制器如下所示：

    class LoginController extends Controller
{
    /**
     * @param AuthenticationUtils $authUtils
     * @param TokenStorageInterface $tokenStorage
     * @return Response
     *
     * @Route("/login", name="user.login", methods="GET")
     */
    public function loginAction(
        AuthenticationUtils $authUtils,
        TokenStorageInterface $tokenStorage
    ) {
        if (!is_null($tokenStorage->getToken()) && in_array('ROLE_USER', $tokenStorage->getToken()->getRoles())) {
            return $this->redirect($this->generateUrl('dashboard'));
        }

        $error = $authUtils->getLastAuthenticationError();
        $lastUsername = $authUtils->getLastUsername();

        return $this->render('user/login.twig', [
            'error'         => $error,
            'last_username' => $lastUsername,
        ]);
    }

    /**
     *
     * @Route("/login_check", name="user.login.check", methods={"POST"})
     */
    public function loginCheckAction()
    {

    }

知道我在做什么錯嗎？ 我幾乎可以確定這是配置問題，但似乎我不理解。

Answer 1

這是一個簡單的配置：

#config/packages/security.yaml
# ...
providers:
    user_provider:
        entity:
            class: App\Providers\UserProvider
firewalls:    
    main:
        anonymous: ~
        form_login:
            login_path: login
            check_path: login
        logout:
            path: /logout
            target: /
access_control:
    - { path: dashboard, roles: ROLE_USER }

LoginController

/**
 * @Route("/login", name="login")
 */
public function login(Request $request, AuthenticationUtils $authenticationUtils)
{
    $error = $authenticationUtils->getLastAuthenticationError();

    $lastUsername = $authenticationUtils->getLastUsername();

    return $this->render('login.html.twig', array(
        'last_username' => $lastUsername,
        'error'         => $error,
    ));
}

然后，您可以在登錄后設置默認重定向：

#config/packages/security.yaml
security:
    # ...
    firewalls:
        main:
            form_login:
                # ...
                default_target_path: dashboard

希望這可以幫助

Answer 2

我最終想出了更多可行的配置

security:
    encoders:
        App\Domain\User\ValueObject\User: bcrypt
    providers:
        UserProvider:
            id: App\Security\UserProvider

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            anonymous: ~
            provider: UserProvider
            pattern: ^/.*
            form_login:
                login_path: user.login
            logout:
                path:   /logout
                target: user.login
                invalidate_session: false

    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
         - { path: ^/login.*$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/register.*$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/.+$, roles: ROLE_USER }

如您所見，我尚未為form_login配置檢查路徑。 那是因為它不想為已登錄的令牌替換匿名用戶令牌，因此我最終創建了自己的端點來進行登錄檢查，並手動執行了如下操作：

/**
 * @param Request $request
 * @param PasswordAuthenticator $authenticator
 * @param UserProvider $provider
 * @param Session $session
 * @param TokenStorageInterface $storage
 * @return \Symfony\Component\HttpFoundation\RedirectResponse|Response
 *
 * @Route("/login/check", name="user.login.check", methods={"POST"})
 */
public function checkLoginUser(
    Request $request,
    PasswordAuthenticator $authenticator,
    UserProvider $provider,
    Session $session,
    TokenStorageInterface $storage
) {
    $token = $authenticator->createToken(
        $request,
        $request->request->get('_username'),
        $request->request->get('_password'),
        'UserProvider'
    );

    $authenticator->supportsToken($token, 'UserProvider');
    try {
        $newToken = $authenticator->authenticateToken($token, $provider, $token->getUser());

        $storage->setToken($newToken);
        $session->set('_security_main', serialize($newToken));

        return $this->redirect($this->generateUrl('dashboard'));
    } catch (CustomUserMessageAuthenticationException $e) {
        $error = $e->getMessage();
    }

    return $this->render('user/login.twig', [
        'error'         => $error,
        'last_username' => $request->request->get('_username'),
    ]);

}