我是symfony2和doctrine的新手。我正在尝试基于文档和一些教程的身份验证系统。我不知道为什么我这么难找到它。
以下是基于2个单独教程的内容。
我的用户实体:
<?php
// src/Acme/UserBundle/Entity/User.php
namespace Login\LoginBundle\Entity;
use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\UserInterface;
/**
* Login\LoginBundle\Entity\User
*
* @ORM\Table(name="tb_user")
* @ORM\Entity(repositoryClass="Login\LoginBundle\Entity\UserRepository")
*/
class User implements UserInterface, \Serializable
{
/**
* @ORM\Column(type="integer")
* @ORM\Id
* @ORM\GeneratedValue(strategy="AUTO")
*/
private $id;
/**
* @ORM\Column(type="string", length=25, unique=true)
*/
private $username;
/**
* @ORM\Column(type="string", length=32)
*/
private $salt;
/**
* @ORM\Column(type="string", length=64)
*/
private $password;
/**
* @ORM\Column(type="string", length=60, unique=true)
*/
private $email;
/**
* @ORM\Column(name="is_active", type="boolean")
*/
private $isActive;
public function __construct()
{
$this->isActive = true;
$this->salt = md5(uniqid(null, true));
}
/**
* @inheritDoc
*/
public function getUsername()
{
return $this->username;
}
/**
* @inheritDoc
*/
public function getSalt()
{
return $this->salt;
}
/**
* @inheritDoc
*/
public function getPassword()
{
return $this->password;
}
/**
* @inheritDoc
*/
public function getRoles()
{
return array('ROLE_USER');
}
/**
* @inheritDoc
*/
public function eraseCredentials()
{
}
/**
* @see \Serializable::serialize()
*/
public function serialize()
{
return serialize(array(
$this->id,
$this->username,
$this->salt,
$this->password,
));
}
/**
* @see \Serializable::unserialize()
*/
public function unserialize($serialized)
{
list (
$this->id,
$this->username,
$this->salt,
$this->password,
) = unserialize($serialized);
}
/**
* Get id
*
* @return integer
*/
public function getId()
{
return $this->id;
}
/**
* Set username
*
* @param string $username
* @return User
*/
public function setUsername($username)
{
$this->username = $username;
return $this;
}
/**
* Set salt
*
* @param string $salt
* @return User
*/
public function setSalt($salt)
{
$this->salt = $salt;
return $this;
}
/**
* Set password
*
* @param string $password
* @return User
*/
public function setPassword($password)
{
$this->password = $password;
return $this;
}
/**
* Set email
*
* @param string $email
* @return User
*/
public function setEmail($email)
{
$this->email = $email;
return $this;
}
/**
* Get email
*
* @return string
*/
public function getEmail()
{
return $this->email;
}
/**
* Set isActive
*
* @param boolean $isActive
* @return User
*/
public function setIsActive($isActive)
{
$this->isActive = $isActive;
return $this;
}
/**
* Get isActive
*
* @return boolean
*/
public function getIsActive()
{
return $this->isActive;
}
}
我的 security.yml
# app/config/security.yml
security:
encoders:
Login\LoginBundle\Entity\User:
algorithm: sha512
encode_as_base64: true
iterations: 1
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
providers:
administrators:
entity: { class: LoginLoginBundle:User, property: username }
firewalls:
admin_area:
pattern: ^/
anonymous: ~
form_login:
login_path: login
check_path: login_check
logout:
path: /logout
target: /login
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
我的控制器
<?php
namespace Login\LoginBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Login\LoginBundle\Entity\User;
use Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder;
class DefaultController extends Controller
{
public function indexAction($name)
{
$user = new User();
$user->setUsername('aa');
$user->setEmail('admin@umahanov.com');
$user->setSalt(md5(time()));
$user->setIsActive(false);
$encoder = new MessageDigestPasswordEncoder('sha512',true,1);
$password = $encoder->encodePassword('1234', $user->getSalt());
$user->setPassword($password);
$manager = $this->getDoctrine()->getManager();
$manager->persist($user);
$manager->flush();
return $this->render('LoginLoginBundle:Default:index.html.twig', array('name' => $name));
}
}
因此,想法是在调用/hello/me
时插入用户。并在调用admin/hello/me
时执行登录。现在,在第一次迭代后,我的数据库包含此数据
1
d033e22ae348aeb5660fc2140aec35850c4da997
admin
admin@example.com
1
但是当我在登录表单中提供aa
和1234
作为凭据时,它会显示* 错误凭据 。我缺少什么? *是否有简单的教程来简单地使用symfony2描述整个身份验证。还有普通密码。请帮助......请:(
答案 0 :(得分:8)
您正在使用Sha512生成128个字符哈希。密码的数据库存储是40个字符。
尝试使用Sha1或其他哈希算法生成少于40个字符哈希值。或者增加该字段的存储大小。
答案 1 :(得分:0)
注意:如果您在实体(构造)生成盐
public function __construct()
{
...
$this->salt = md5(uniqid(null, true));
}
你不需要再次使用
$user->setSalt(md5(time()));