如何在登录时使用getLastAuthenticationError检索错误消息？

问题描述

我曾经尝试使用Symfony Guard和Symfony Authentication provider实现一个简单的登录表单，但是尽管我尝试了一切，但变量$ last_email和$ error始终为空。

我已按照以下步骤进行操作：https://symfony.com/doc/4.4/security/form_login_setup.html和我的所有LoginFormAuthenticator.php都相同。我的控制器和login.html.twig

也是如此

public function login(AuthenticationUtils $authenticationUtils,Request $request,AuthorizationCheckerInterface $authChecker): Response
{
    // get the login error if there is one
    $error = $authenticationUtils->getLastAuthenticationError();
    dump($error);

    // last username entered by the user
    $last_email = $authenticationUtils->getLastUsername();

    return $this->render('security/login.html.twig',[
        'last_email' => $last_email,'error'      => $error,]);
}

在这里，即使电子邮件不存在或密码无效，$ error始终为null。为什么？

以下是日志：

[2020-08-23 11:53:35] request.INFO：匹配的路线“登录”。 {“ route”：“登录”，“ route_parameters”：{“ _ route”：“登录”，“ _controller”：“ App \ Controller \ SecurityController :: login”}，“ request_uri”：“ http：// localhost：8000 / login“，” method“：” POST“} [2020-08-23 11:53:35]安全性。调试：检查警卫身份验证凭据。 {“ firewall_key”：“ main”，“ authenticators”：1} [2020-08-23 11:53:35]安全性。调试：检查对后卫的支持验证者。 {“ firewall_key”：“ main”，“ authenticator”：“ App \ Security \ LoginFormAuthenticator”} [2020-08-23 11:53:35] security.debug：调用getCredentials（）警卫认证者。 {“ firewall_key”：“ main”，“ authenticator”：“ App \ Security \ LoginFormAuthenticator”} [2020-08-23 11:53:35] security.DEBUG：传递防护令牌信息发送给GuardAuthenticationProvider {“ firewall_key”：“ main”，“ authenticator”：“ App \ Security \ LoginFormAuthenticator”} [2020-08-23 11:53:35] security.INFO：防护身份验证失败。 {“例外”：“ [对象] （Symfony \ Component \ Security \ Core \ Exception \ InvalidCsrfTokenException（代码： 0）：在 /src/Security/LoginFormAuthenticator.php:68)","authenticator":"App\Security\LoginFormAuthenticator“} [2020-08-23 11:53:35]安全性。调试： “ App \ Security \ LoginFormAuthenticator”身份验证器设置响应。任何以后的身份验证器都不会被调用 {“ authenticator”：“ App \ Security \ LoginFormAuthenticator”} [2020-08-23 11:53:35] request.INFO：匹配的路线“登录”。 {“ route”：“登录”，“ route_parameters”：{“ _ route”：“登录”，“ _controller”：“ App \ Controller \ SecurityController :: login”}，“ request_uri”：“ http：// localhost：8000 / login“，” method“：” GET“} [2020-08-23 11:53:35]安全性。调试：检查警卫身份验证凭据。 {“ firewall_key”：“ main”，“ authenticators”：1} [2020-08-23 11:53:35]安全性。调试：检查对后卫的支持验证者。 {“ firewall_key”：“ main”，“ authenticator”：“ App \ Security \ LoginFormAuthenticator”} [2020-08-23 11:53:35] security.DEBUG：Guard身份验证器不支持该请求。 {“ firewall_key”：“ main”，“ authenticator”：“ App \ Security \ LoginFormAuthenticator”} [2020-08-23 11:53:35] security.INFO：填充了TokenStorage 带有匿名令牌。

我的Security.yaml

security:
    access_denied_url: /
    encoders:
        App\Entity\User:
            algorithm: bcrypt
    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
    providers:
        in_memory: { memory: ~ }
        our_db_provider:
            entity:
                class: App\Entity\User
                property: email
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            pattern:    ^/
            http_basic: ~
            provider: our_db_provider
            anonymous: ~
            form_login:
                use_referer: true
                csrf_token_generator: security.csrf.token_manager
            remember_me:
                secret:   '%kernel.secret%'
                lifetime: 604800 # 1 week in seconds
                path:     /
                name:     REMEMBERME
                remember_me_parameter: _remember_me
            logout:
                path:  /logout
                target: /
            guard:
                authenticators:
                    - App\Security\LoginFormAuthenticator
    # activate different ways to authenticate

    # activate different ways to authenticate
    # https://symfony.com/doc/current/security.html#firewalls-authentication

    # https://symfony.com/doc/current/security/impersonating_user.html
    # switch_user: true

    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    role_hierarchy:
        ROLE_ADMIN:    [ROLE_USER,ROLE_INVESTOR,ROLE_STARTUP]
        ROLE_INVESTOR: [ROLE_USER]
        ROLE_STARTUP:  [ROLE_USER]
    access_control:
        - { path: ^/login$,roles: IS_AUTHENTICATED_ANONYMOUSLY }

我的LoginFormAuthenticator.php

class LoginFormAuthenticator extends AbstractFormLoginAuthenticator
{
    use TargetPathTrait;

    public const LOGIN_ROUTE = 'login';

    private $entityManager;
    private $urlGenerator;
    private $csrfTokenManager;
    private $passwordEncoder;
    private $flash;

    public function __construct(EntityManagerInterface $entityManager,UrlGeneratorInterface $urlGenerator,CsrfTokenManagerInterface $csrfTokenManager,UserPasswordEncoderInterface $passwordEncoder,FlashBagInterface $flash)
    {
        $this->entityManager = $entityManager;
        $this->urlGenerator = $urlGenerator;
        $this->csrfTokenManager = $csrfTokenManager;
        $this->passwordEncoder = $passwordEncoder;
        $this->flash = $flash;
    }

    public function supports(Request $request)
    {
        return self::LOGIN_ROUTE === $request->attributes->get('_route')
            && $request->isMethod('POST');
    }

    public function getCredentials(Request $request)
    {
        $credentials = [
            'email' => $request->request->get('email'),'password' => $request->request->get('password'),'csrf_token' => $request->request->get('_csrf_token'),];

        $request->getSession()->set(
            Security::LAST_USERNAME,$credentials['email']
        );

        return $credentials;
    }

    public function getUser($credentials,UserProviderInterface $userProvider)
    {
        $token = new CsrfToken('authenticate',$credentials['csrf_token']);
        if (!$this->csrfTokenManager->isTokenValid($token)) {
//            throw new InvalidCsrfTokenException();
        }

        $user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => $credentials['email']]);
        dump($user);
        if (!$user) {
            // fail authentication with a custom error
            throw new CustomUserMessageAuthenticationException('Email could not be found.');
        }

        return $user;
    }

    public function checkCredentials($credentials,UserInterface $user)
    {
        return $this->passwordEncoder->isPasswordValid($user,$credentials['password']);
    }

    public function onAuthenticationSuccess(Request $request,TokenInterface $token,$providerKey)
    {
        if ($targetPath = $this->getTargetPath($request->getSession(),$providerKey)) {
            return new RedirectResponse($targetPath);
        }

         return new RedirectResponse($this->urlGenerator->generate('logged_in'));
    }

    protected function getLoginUrl()
    {
        return $this->urlGenerator->generate(self::LOGIN_ROUTE);
    }
}

我们非常感谢您的帮助。我正在使用Symfony 4.4

编辑：因此，登录表单为WORKS-我可以登录和注销。但是，如果我的电子邮件不存在或我的凭据无效，则不会显示任何错误消息。在$ error和$ last_email上执行var_dump总是返回NULL和空字符串。另外，我试图var dump $ this-> passwordEncoder-> isPasswordValid（$ user，$ credentials ['password']）;从我的LoginFormAuthenticator中的checkCredentials方法中获取，如果我的凭据无效，我可以看到它返回false。这样行得通。但是不知何故，后台似乎有些破损。

解决方法

从您对问题的不同评论中，我认为您应该在每个步骤中查看文档，以检查是否没有忘记什么。 Guard authentification

对于丢失的错误消息，您可以引发自定义异常：Guard customize error

我发现您的onAuthenticationFailure中没有LoginFormAuthenticator。

onAuthenticationFailure（请求$ request，AuthenticationException $ exception）如果身份验证失败，将调用此方法。您的工作是返回应发送到客户端的Symfony \ Component \ HttpFoundation \ Response对象。 $ exception会告诉您验证期间出了什么问题。

您可以添加一个以对认证失败执行操作。

symfony-security symfony4

如何在登录时使用getLastAuthenticationError检索错误消息？

问题描述

解决方法

相关问答