我正在遵循Symfony的书和食谱,我遇到了简单登录表单的问题-无论输入的登录/通行证是否有效,都会显示消息-"无效凭据"。用户通过Doctrine(实现UserInterface的用户类)加载。源代码:
安全文件:
providers:
user_provider:
entity:
class: BakaMainBundle:User
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
default:
anonymous: ~
http_basic: ~
provider: user_provider
form_login:
login_path: /login
check_path: /login_check
target_path_parameter: /index/welcome
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
encoders:
Baka'MainBundle'Entity'User:
algorithm: bcrypt
cost: 12
控制器:
class SecurityController extends Controller
{
/**
* @Route("/login", name="login_route")
*/
public function loginAction()
{
$authUtils = $this->get('security.authentication_utils');
$error = $authUtils->getLastAuthenticationError();
$enteredUsername = $authUtils->getLastUsername();
return $this->render('BakaMainBundle::Login.html.twig',
array
(
'last_username' => $enteredUsername,
'error' => $error,
'site' => 'login'
));
}
/**
* @Route("/login_check", name="login_check")
*/
public function loginCheckAction()
{
}
}
用户存储库:
class UserRepository extends 'Doctrine'ORM'EntityRepository implements UserProviderInterface
{
public function loadUserByUsername($username)
{
$user = $this->createQueryBuilder('u')
->where('u.username = :username OR u.email = :email')
->setParameter('username', $username)
->setParameter('email', $username)
->getQuery()
->getOneOrNullResult();
if ($user === null)
{
$returnMessage = sprintf(
'%s - such username of email adress does not exist in database! Try again with other login data.',
$username);
throw new UnsupportedUserException($returnMessage);
}
return $user;
}
public function refreshUser(UserInterface $user)
{
$userClass = get_class($user);
if (!$this->supportsClass($userClass))
{
throw new UnsupportedUserException
(sprintf('Ops! Something goes wrong. Your user class is not supported by security system.'));
}
return $this->find($user->getId());
}
public function supportsClass($userclass)
{
return $this->getEntityName() === $userclass || is_subclass_of($userclass, $this->getEntityName());
}
和表单html标签:
<form action="{{ path('login_check') }}" method="post">
有什么建议吗?如果能解决我的问题,我将不胜感激。
我认为在指定提供程序类时,应该使用类名称空间,而不是bundle名称。此外,您需要指定您将从Entity:中选择哪个property作为"用户名"
security:
providers:
user_provider:
entity:
class: Baka'MainBundle'Entity'User
property: username (this should be an existing property of your entity class)
此外,您的User实体需要实现Symfony'Component'Security'Core'User'UserInterface(或AdvancedUserInterface)。一旦完成了这项工作,如果数据库中的用户拥有正确编码的密码,那么一切都应该正常。
你应该阅读:
- 如何从数据库(实体提供程序)加载安全用户以了解如何从数据库加载用户
- 安全性,以便更好地了解安全组件的工作方式以及应该如何配置它
我已经确定了问题的原因,结果发现这是微不足道的-DB中用作"编码密码"行的字段的长度限制为15个字符:
/**
* @ORM'Column(type="string", length=15)
*/
protected $password;
由于"12轮"bcrypt需要更多的数字来表示普通密码,Doctrine被迫缩短加密通行证,因此以后无法解码。在更改为Symfony建议的尺寸后,问题已经消失:
/**
* @ORM'Column(type="string", length=4096)
*/
protected $password;
感谢大家的支持。