问题描述
我曾经尝试使用Symfony Guard和Symfony Authentication provider实现一个简单的登录表单,但是尽管我尝试了一切,但变量$ last_email和$ error始终为空。
我已按照以下步骤进行操作:https://symfony.com/doc/4.4/security/form_login_setup.html和我的所有LoginFormAuthenticator.php都相同。我的控制器和login.html.twig
也是如此public function login(AuthenticationUtils $authenticationUtils,Request $request,AuthorizationCheckerInterface $authChecker): Response
{
// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
dump($error);
// last username entered by the user
$last_email = $authenticationUtils->getLastUsername();
return $this->render('security/login.html.twig',[
'last_email' => $last_email,'error' => $error,]);
}
在这里,即使电子邮件不存在或密码无效,$ error始终为null。为什么?
以下是日志:
[2020-08-23 11:53:35] request.INFO:匹配的路线“登录”。 {“ route”:“登录”,“ route_parameters”:{“ _ route”:“登录”,“ _controller”:“ App \ Controller \ SecurityController :: login”},“ request_uri”:“ http:// localhost:8000 / login“,” method“:” POST“} [2020-08-23 11:53:35]安全性。调试:检查警卫 身份验证凭据。 {“ firewall_key”:“ main”,“ authenticators”:1} [2020-08-23 11:53:35]安全性。调试:检查对后卫的支持 验证者。 {“ firewall_key”:“ main”,“ authenticator”:“ App \ Security \ LoginFormAuthenticator”} [2020-08-23 11:53:35] security.debug:调用getCredentials() 警卫认证者。 {“ firewall_key”:“ main”,“ authenticator”:“ App \ Security \ LoginFormAuthenticator”} [2020-08-23 11:53:35] security.DEBUG:传递防护令牌 信息发送给GuardAuthenticationProvider {“ firewall_key”:“ main”,“ authenticator”:“ App \ Security \ LoginFormAuthenticator”} [2020-08-23 11:53:35] security.INFO:防护身份验证失败。 {“例外”:“ [对象] (Symfony \ Component \ Security \ Core \ Exception \ InvalidCsrfTokenException(代码: 0):在 /src/Security/LoginFormAuthenticator.php:68)","authenticator":"App\Security\LoginFormAuthenticator“} [2020-08-23 11:53:35]安全性。调试: “ App \ Security \ LoginFormAuthenticator”身份验证器设置响应。 任何以后的身份验证器都不会被调用 {“ authenticator”:“ App \ Security \ LoginFormAuthenticator”} [2020-08-23 11:53:35] request.INFO:匹配的路线“登录”。 {“ route”:“登录”,“ route_parameters”:{“ _ route”:“登录”,“ _controller”:“ App \ Controller \ SecurityController :: login”},“ request_uri”:“ http:// localhost:8000 / login“,” method“:” GET“} [2020-08-23 11:53:35]安全性。调试:检查警卫 身份验证凭据。 {“ firewall_key”:“ main”,“ authenticators”:1} [2020-08-23 11:53:35]安全性。调试:检查对后卫的支持 验证者。 {“ firewall_key”:“ main”,“ authenticator”:“ App \ Security \ LoginFormAuthenticator”} [2020-08-23 11:53:35] security.DEBUG:Guard身份验证器不 支持该请求。 {“ firewall_key”:“ main”,“ authenticator”:“ App \ Security \ LoginFormAuthenticator”} [2020-08-23 11:53:35] security.INFO:填充了TokenStorage 带有匿名令牌。
我的Security.yaml
security:
access_denied_url: /
encoders:
App\Entity\User:
algorithm: bcrypt
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
in_memory: { memory: ~ }
our_db_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
http_basic: ~
provider: our_db_provider
anonymous: ~
form_login:
use_referer: true
csrf_token_generator: security.csrf.token_manager
remember_me:
secret: '%kernel.secret%'
lifetime: 604800 # 1 week in seconds
path: /
name: REMEMBERME
remember_me_parameter: _remember_me
logout:
path: /logout
target: /
guard:
authenticators:
- App\Security\LoginFormAuthenticator
# activate different ways to authenticate
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#firewalls-authentication
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
role_hierarchy:
ROLE_ADMIN: [ROLE_USER,ROLE_INVESTOR,ROLE_STARTUP]
ROLE_INVESTOR: [ROLE_USER]
ROLE_STARTUP: [ROLE_USER]
access_control:
- { path: ^/login$,roles: IS_AUTHENTICATED_ANONYMOUSLY }
我的LoginFormAuthenticator.php
class LoginFormAuthenticator extends AbstractFormLoginAuthenticator
{
use TargetPathTrait;
public const LOGIN_ROUTE = 'login';
private $entityManager;
private $urlGenerator;
private $csrfTokenManager;
private $passwordEncoder;
private $flash;
public function __construct(EntityManagerInterface $entityManager,UrlGeneratorInterface $urlGenerator,CsrfTokenManagerInterface $csrfTokenManager,UserPasswordEncoderInterface $passwordEncoder,FlashBagInterface $flash)
{
$this->entityManager = $entityManager;
$this->urlGenerator = $urlGenerator;
$this->csrfTokenManager = $csrfTokenManager;
$this->passwordEncoder = $passwordEncoder;
$this->flash = $flash;
}
public function supports(Request $request)
{
return self::LOGIN_ROUTE === $request->attributes->get('_route')
&& $request->isMethod('POST');
}
public function getCredentials(Request $request)
{
$credentials = [
'email' => $request->request->get('email'),'password' => $request->request->get('password'),'csrf_token' => $request->request->get('_csrf_token'),];
$request->getSession()->set(
Security::LAST_USERNAME,$credentials['email']
);
return $credentials;
}
public function getUser($credentials,UserProviderInterface $userProvider)
{
$token = new CsrfToken('authenticate',$credentials['csrf_token']);
if (!$this->csrfTokenManager->isTokenValid($token)) {
// throw new InvalidCsrfTokenException();
}
$user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => $credentials['email']]);
dump($user);
if (!$user) {
// fail authentication with a custom error
throw new CustomUserMessageAuthenticationException('Email could not be found.');
}
return $user;
}
public function checkCredentials($credentials,UserInterface $user)
{
return $this->passwordEncoder->isPasswordValid($user,$credentials['password']);
}
public function onAuthenticationSuccess(Request $request,TokenInterface $token,$providerKey)
{
if ($targetPath = $this->getTargetPath($request->getSession(),$providerKey)) {
return new RedirectResponse($targetPath);
}
return new RedirectResponse($this->urlGenerator->generate('logged_in'));
}
protected function getLoginUrl()
{
return $this->urlGenerator->generate(self::LOGIN_ROUTE);
}
}
我们非常感谢您的帮助。我正在使用Symfony 4.4
编辑: 因此,登录表单为WORKS-我可以登录和注销。但是,如果我的电子邮件不存在或我的凭据无效,则不会显示任何错误消息。在$ error和$ last_email上执行var_dump总是返回NULL和空字符串。另外,我试图var dump $ this-> passwordEncoder-> isPasswordValid($ user,$ credentials ['password']);从我的LoginFormAuthenticator中的checkCredentials方法中获取,如果我的凭据无效,我可以看到它返回false。这样行得通。但是不知何故,后台似乎有些破损。
解决方法
从您对问题的不同评论中,我认为您应该在每个步骤中查看文档,以检查是否没有忘记什么。 Guard authentification
对于丢失的错误消息,您可以引发自定义异常:Guard customize error
我发现您的onAuthenticationFailure
中没有LoginFormAuthenticator
。
onAuthenticationFailure(请求$ request,AuthenticationException $ exception) 如果身份验证失败,将调用此方法。您的工作是返回应发送到客户端的Symfony \ Component \ HttpFoundation \ Response对象。 $ exception会告诉您验证期间出了什么问题。
您可以添加一个以对认证失败执行操作。