Symfony身份验证(通过教程)错误的凭据

时间:2013-05-19 09:35:57

标签: symfony doctrine-orm

这是app / logs / dev.log:

[2013-05-19 13:29:42] doctrine.DEBUG: SET NAMES UTF8 [] []
[2013-05-19 13:29:42] doctrine.DEBUG: SELECT t0.id AS id1, t0.username AS username2, t0.salt AS salt3, t0.password AS password4, t0.email AS email5, t0.is_active AS is_active6 FROM user t0 WHERE t0.username = ? LIMIT 1 ["administrator"] []
[2013-05-19 13:29:42] security.INFO: Authentication request failed: Bad credentials [] []

这是我创建并加载到DB的夹具:

class FixtureLoader implements FixtureInterface {
     public function load(ObjectManager $manager) {

          $role = new Role();
          $role->setName('Администратор');
          $role->setRole('ROLE_ADMIN');

          $manager->persist($role);

          $user = new User();
          $user->setUsername('administrator');
          $user->setEmail('admin@umahanov.com');
          $user->setSalt(md5(time()));
          $user->setIsActive(false);

          $encoder = new MessageDigestPasswordEncoder('sha512',true,10);
          $password = $encoder->encodePassword('111111', $user->getSalt());
          $user->setPassword($password);
          $user->getUserRoles()->add($role);
          $manager->persist($user);

          $manager->flush();  

     }
}

我的security.yml

security:
    encoders:
      Umahanov\UserBundle\Entity\User:        
        algorithm: sha512
        encode-as-base64: true
        iterations: 10
    providers:
      main:
        entity: { class: UmahanovUserBundle:User, property: username}       
    firewalls:
        insecure:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false
        secure_area:
            pattern:    ^/
            form_login:
                login_path:  /user/login
                check_path:  /user/login_check
            logout:
                path:   /user/logout
                target: /   
            anonymous: ~
    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
    access_control:
        - { path: ^/admin, role: ROLE_ADMIN}      
        - { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }   

我有简单的实体 - 具有多种关系的用户和角色

我的表格:

{% extends '::layout.html.twig' %}
{% block content %}
{% if error %}
<div> {{ error.message }}</div>
{% endif %}
<form action="{{ path('user_check_path')}}" method="post" novalidate="">
     <label for="username">Username:</label>
     <input type="text" id="username" name="_username" value="{{ last_username }}" />
     <label for="password">Password:</label>
     <input type="password" id="password" name="_password" />    
     <button type="submit">войти</button>
</form>
<p><a href="{{ path('user_register') }}">sign up here</a></p>
{% endblock %}

不知道为什么它会显示错误的凭据。也有人可以解释一下,为什么 doctrine.DEBUG查询中没有密码比较?

1 个答案:

答案 0 :(得分:4)

问题在于密码字段的长度(VARCHAR(40))

SHA512生成长度为88个符号的字符串