我在自定义用户类中使用自定义用户提供程序时遇到问题。正如下面的日志中所强调的,我相信问题存在于我的处理程序中(当然,自定义)。它似乎没有抓取电子邮件地址(用于身份验证:system_user_email_address)。
应用/配置/ dev.log
[2014-07-17 09:48:42] request.INFO: Matched route "login_check" (parameters: "_route": "login_check") [] []
[2014-07-17 09:48:42] security.DEBUG: Read SecurityContext from the session [] []
[2014-07-17 09:48:42] security.DEBUG: Reloading user from user provider. [] []
[2014-07-17 09:48:42] doctrine.DEBUG: SELECT t0.system_user_id AS system_user_id1, t0.first_name AS first_name2, t0.last_name AS last_name3, t0.enabled AS enabled4, t0.salt AS salt5, t0.password AS password6, t0.last_login AS last_login7, t0.locked AS locked8, t0.expired AS expired9, t0.expires_at AS expires_at10, t0.confirmation_token AS confirmation_token11, t0.password_requested_at AS password_requested_at12, t0.credentials_expired AS credentials_expired13, t0.credentials_expire_at AS credentials_expire_at14, t0.customer_id AS customer_id15, t0.system_user_phone_number_id AS system_user_phone_number_id16, t0.system_user_email_address_id AS system_user_email_address_id17 FROM system_user t0 WHERE t0.system_user_id = ? [16] []
[2014-07-17 09:48:42] security.DEBUG: Username "" was reloaded from user provider. [] []
[2014-07-17 09:48:42] doctrine.DEBUG: SELECT s0_.system_user_id AS system_user_id0, s0_.first_name AS first_name1, s0_.last_name AS last_name2, s0_.enabled AS enabled3, s0_.salt AS salt4, s0_.password AS password5, s0_.last_login AS last_login6, s0_.locked AS locked7, s0_.expired AS expired8, s0_.expires_at AS expires_at9, s0_.confirmation_token AS confirmation_token10, s0_.password_requested_at AS password_requested_at11, s0_.credentials_expired AS credentials_expired12, s0_.credentials_expire_at AS credentials_expire_at13, s0_.customer_id AS customer_id14, s0_.system_user_phone_number_id AS system_user_phone_number_id15, s0_.system_user_email_address_id AS system_user_email_address_id16 FROM system_user s0_ WHERE s0_.system_user_email_address_id = ? **["NONE_PROVIDED"]** []
[2014-07-17 09:48:42] security.INFO: Authentication request failed: Bad credentials [] []
我正在从SystemUserRepository类中正确获取响应:
{"success":false,"message":"Bad credentials"}
我已经通过了另一个" Bad Credential"帖子,并仔细检查那里列出的问题。我使用SHA512,密码字段足够长,等等。
应用/配置/ security.yml
security:
encoders:
System\Bundle\DataBundle\Entity\SystemUser:
algorithm: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
providers:
administrators:
entity: { class: SystemDataBundle:SystemUser }
firewalls:
dashboard:
pattern: ^/
form_login:
check_path: /Dashboard/Login/Check
login_path: /Dashboard/Login
use_forward: false
success_handler: system_user.security.authentication_handler
failure_handler: system_user.security.authentication_handler
anonymous: true
logout:
path: /Dashboard/Logout
target: /
admin_area:
pattern: ^/admin
http_basic: ~
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: /_wdt/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /_profiler/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/Dashboard/(Login|LoginCheck|Logout)$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
系统/捆绑/实体/ SystemUserRepository.php
namespace System\Bundle\DataBundle\Entity;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
use Doctrine\ORM\EntityRepository;
use Doctrine\ORM\NoResultException;
class SystemUserRepository extends EntityRepository implements UserProviderInterface
{
public function loadUserByUsername($emailAddress)
{
$q = $this
->createQueryBuilder('u')
->where('u.systemUserEmailAddress = :email')
->setParameter('email', $emailAddress)
->getQuery();
try {
// The Query::getSingleResult() method throws an exception
// if there is no record matching the criteria.
$SystemUser = $q->getSingleResult();
} catch (NoResultException $e) {
$message = sprintf(
'Unable to find an active admin AcmeUserBundle:User object identified by "%s".',
$emailAddress
);
throw new UsernameNotFoundException($message, 0, $e);
}
return $user;
}
public function refreshUser(UserInterface $systemUser)
{
$class = get_class($systemUser);
if (!$this->supportsClass($class)) {
throw new UnsupportedUserException(
sprintf(
'Instances of "%s" are not supported.',
$class
)
);
}
return $this->find($systemUser->getSystemUserId());
}
public function supportsClass($class)
{
return $this->getEntityName() === $class
|| is_subclass_of($class, $this->getEntityName());
}
}
系统/捆绑/ UserBundle /安全性/ AuthenticationHandler.php
namespace System\Bundle\UserBundle\Security;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\Routing\RouterInterface;
use Symfony\Component\HttpFoundation\Session\Session;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\SecurityContextInterface;
use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
class AuthenticationHandler implements AuthenticationSuccessHandlerInterface, AuthenticationFailureHandlerInterface
{
private $router;
private $session;
public function __construct( RouterInterface $router, Session $session )
{
$this->router = $router;
$this->session = $session;
}
public function onAuthenticationSuccess( Request $request, TokenInterface $token )
{
// if AJAX login
if ( $request->isXmlHttpRequest() ) {
$array = array( 'success' => true ); // data to return via JSON
$response = new Response( json_encode( $array ) );
$response->headers->set( 'Content-Type', 'application/json' );
return $response;
// if form login
} else {
if ( $this->session->get('_security.main.target_path' ) ) {
$url = $this->session->get( '_security.main.target_path' );
} else {
$url = $this->router->generate( 'dashboard_home_homepage' );
} // end if
return new RedirectResponse( $url );
}
}
public function onAuthenticationFailure( Request $request, AuthenticationException $exception )
{
// if AJAX login
if ( $request->isXmlHttpRequest() ) {
$array = array( 'success' => false, 'message' => $exception->getMessage() ); // data to return via JSON
$response = new Response( json_encode( $array ) );
$response->headers->set( 'Content-Type', 'application/json' );
return $response;
// if form login
} else {
// set authentication exception to session
$request->getSession()->set(SecurityContextInterface::AUTHENTICATION_ERROR, $exception);
return new RedirectResponse( $this->router->generate( 'login_path' ) );
}
}
}
System / Bundle / UserBundle / Controller / SystemUserController / registerAction (点点滴滴)
...
$tempSalt = uniqid(mt_rand());
...
$SystemUser
...
->setSalt($tempSalt)
->setPassword(hash('sha512', $tempSalt . $parameters['password']))
...
我认为这些都是相关文件。我很乐意添加任何可能相关的内容。我觉得我混淆了其中一个参考文献,但是我已经把我的头发撕掉了。有一些杂乱的东西(显然是早期的发展),但没有任何干扰这里的基本操作(我希望!)。并非我的所有路线都已完成,但我很乐意被重定向到错误的地方...
我对典型的网络项目有点过度规范化了:
SystemUser
PK SystemUserID
FK SystemUserEmailAddressID
FK SystemUserPhoneNumberID
...
我没有问题保湿或处理这些对象,并且基于上面的security.DEBUG日志,这些关系似乎是正确的。
如果有更好的salt / hash方法,我也会接受这个建议。
谢谢!