我得到了一个在post中提交的登录表单,但似乎没有进行身份验证,即使我以admin身份登录,我也可以在profiler中看到匿名。
我正在从数据库中获取数据:
| ID | username | password | email | active |
| 1 | admin | admin | a@dm.in| 1 |
存储在数据库中的密码自然是加密的。
安全。yml (app/config/security.yml)
security:
providers:
db_provider:
entity:
class: AppBundle:User
manager_name: customer
property: username
firewalls:
login_firewall:
pattern: ^/login$
anonymous: ~
provider: db_provider
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
provider: db_provider
form_login:
login_path: login
check_path: login
username_parameter: _username
password_parameter: _password
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/profile, roles: ROLE_USER }
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
encoders:
AppBundle'Entity'User:
algorithm: bcrypt
SecurityController.php (src/AppBundle/控制器)
<?php
/**
* Created by PhpStorm.
* User: andreaem
* Date: 17/09/16
* Time: 18:43
*/
namespace AppBundle'Controller;
use Symfony'Bundle'FrameworkBundle'Controller'Controller;
use Symfony'Component'HttpFoundation'Request;
use Sensio'Bundle'FrameworkExtraBundle'Configuration'Route;
class SecurityController extends Controller
{
/**
* @Route("/login", name="login")
* @param Request $request
* @return 'Symfony'Component'HttpFoundation'Response
*/
public function loginAction(Request $request)
{
$authenticationUtils = $this->get('security.authentication_utils');
// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render(
'security/login.html.twig',
array(
// last username entered by the user
'last_username' => $lastUsername,
'error' => $error,
)
);
}
/**
* @Route("/login_check", name="security_login_check")
*/
public function loginCheckAction()
{
// will never be executed
}
}
User.php (src/AppBundle/实体/User.php)
<?php
namespace AppBundle'Entity;
use Doctrine'ORM'Mapping as ORM;
use Symfony'Component'Security'Core'User'UserInterface;
/**
* @ORM'Table(name="app_users")
* @ORM'Entity(repositoryClass="AppBundle'Entity'UserRepository")
*/
class User implements UserInterface, 'Serializable
{
/**
* @ORM'Column(type="integer")
* @ORM'Id
* @ORM'GeneratedValue(strategy="AUTO")
*/
private $id;
/**
* @ORM'Column(type="string", length=25, unique=true)
*/
private $username;
/**
* @ORM'Column(type="string", length=64)
*/
private $password;
/**
* @ORM'Column(type="string", length=60, unique=true)
*/
private $email;
/**
* @ORM'Column(name="is_active", type="boolean")
*/
private $isActive;
public function __construct()
{
$this->isActive = true;
// may not be needed, see section on salt below
// $this->salt = md5(uniqid(null, true));
}
public function getUsername()
{
return $this->username;
}
public function getSalt()
{
// you *may* need a real salt depending on your encoder
// see section on salt below
return null;
}
public function getPassword()
{
return $this->password;
}
public function getRoles()
{
return array('ROLE_USER');
}
public function eraseCredentials()
{
}
/** @see 'Serializable::serialize() */
public function serialize()
{
return serialize(array(
$this->id,
$this->username,
$this->password,
$this->isActive,
// see section on salt below
// $this->salt,
));
}
/** @see 'Serializable::unserialize()
* @param string $serialized
*/
public function unserialize($serialized)
{
list (
$this->id,
$this->username,
$this->password,
$this->isActive,
// see section on salt below
// $this->salt
) = unserialize($serialized);
}
/**
* Get id
*
* @return integer
*/
public function getId()
{
return $this->id;
}
/**
* Set username
*
* @param string $username
*
* @return User
*/
public function setUsername($username)
{
$this->username = $username;
return $this;
}
/**
* Set password
*
* @param string $password
*
* @return User
*/
public function setPassword($password)
{
$this->password = $password;
return $this;
}
/**
* Set email
*
* @param string $email
*
* @return User
*/
public function setEmail($email)
{
$this->email = $email;
return $this;
}
/**
* Get email
*
* @return string
*/
public function getEmail()
{
return $this->email;
}
/**
* Set isActive
*
* @param boolean $isActive
*
* @return User
*/
public function setIsActive($isActive)
{
$this->isActive = $isActive;
return $this;
}
/**
* Get isActive
*
* @return boolean
*/
public function getIsActive()
{
return $this->isActive;
}
public function isAccountNonExpired()
{
return true;
}
public function isAccountNonLocked()
{
return true;
}
public function isCredentialsNonExpired()
{
return true;
}
public function isEnabled()
{
return $this->isActive;
}
}
UserRepository (src/AppBundle/实体/UserRepository.php)
<?php
namespace AppBundle'Entity;
use Doctrine'ORM'EntityRepository;
use Symfony'Bridge'Doctrine'Security'User'UserLoaderInterface;
/**
* UserRepository
*
* This class was generated by the Doctrine ORM. Add your own custom
* repository methods below.
*/
class UserRepository extends EntityRepository implements UserLoaderInterface
{
public function loadUserByUsername($username)
{
return $this->createQueryBuilder('u')
->where('u.username = :username OR u.email = :email')
->setParameter('username', $username)
->setParameter('email', $username)
->getQuery()
->getOneOrNullResult();
}
}
login.html。树枝 (app/资源/视图/安全/login.html.twig)
{% extends 'base.html.twig' %}
{% block body %}
<div class="darker-stripe">
<div class="container">
<div class="row">
<div class="span12">
<ul class="breadcrumb">
<li>
<a href="{{ path('homepage') }}">Home</a>
</li>
<li><span class="icon-chevron-right"></span></li>
<li>
<a href="{{ path('login') }}">Login</a>
</li>
</ul>
</div>
</div>
</div>
</div>
<div class="container">
<div class="push-up top-equal blocks-spacer">
<div class="row blocks-spacer">
<div class="span4"></div>
<div class="span4">
{% if error %}
<div class="alert alert-danger in fade">
<button type="button" class="close" data-dismiss="alert">×</button>
{{ error.messageKey|trans(error.messageData, 'security') }}
</div>
{% endif %}
<br>
<h1 class="title text-center">
Login
</h1>
<br><br>
<form method="post" action="{{ path('login') }}">
<div class="control-group">
<label class="control-label hidden shown-ie8" for="inputEmail">Username</label>
<div class="controls">
<input type="text" class="input-block-level" id="username" name="_username" value="{{ last_username }}" placeholder="Username" required>
</div>
</div>
<div class="control-group">
<label class="control-label hidden shown-ie8" for="password">Password</label>
<div class="controls">
<input type="password" class="input-block-level" id="password" name="_password" placeholder="Password" required>
</div>
</div>
<div class="control-group">
<div class="controls">
<label class="checkbox">
<input type="checkbox">
Remember me
</label>
</div>
</div>
<input type="hidden" name="_target_path" value="/profile" />
<button type="submit" class="btn btn-primary input-block-level bold higher">
SIGN IN
</button>
</form>
<p class="center-align push-down-0">
<a data-toggle="modal" role="button" href="index-grass-green.html#forgotPassModal" data-dismiss="modal">Forgot your password?</a>
</p>
</div>
</div>
</div>
</div>
<br><br><br>
{% endblock body %}
希望就这些,谢谢!
这不会解决我的问题,但我遇到了同样的问题,并认为这应该张贴在这里。在我的例子中是方法
用户::eraseCredentials
设置密码为空。
public function eraseCredentials()
{
// THIS IS WRONG and led to the error in my case
// DON'T DO THIS
$this->password = null
}
希望对别人有所帮助。