symfony3 guard登录表单不进行身份验证

时间:2017-02-27 11:13:23

标签: symfony guard

我尝试使用guard(symfony 3.2)进行表单登录身份验证,但它不起作用。 验证工作正常,但是当我被重定向到主页(accueil)时,我被重定向到登录页面而没有进行身份验证。
如果我放入主页的控制器

$user = $this->get('security.token_storage')->getToken();
dump($user); die;

我可以看到我的用户,角色,但他没有经过身份验证。

DashboardController.php on line 23:
PostAuthenticationGuardToken {#133 ▼
 -providerKey: "main"
 -user: User {#457 ▶}
 -roles: array:1 [▼
   0 => Role {#120 ▼
     -role: "ROLE_SUPERADMIN"
   }
  ]    
-authenticated: false
-attributes: []
}

我错过了什么?

Security.ym 

security:
encoders:
  EntBundle\Entity\User\User:
    algorithm: bcrypt

providers:
    database:
        entity:
          class: EntBundle:User\User
          property: username

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false

    main:
        pattern:    ^/
        anonymous: ~
        logout: ~
        guard:
          authenticators:
            - ent.login_authenticator

TestAuthenticator.php 

namespace EntBundle\Security;

use Doctrine\ORM\EntityManager;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\RouterInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;

class TestAuthenticator extends AbstractGuardAuthenticator
{
private $em;
private $router;

public function __construct(EntityManager $em, RouterInterface $router)
{
    $this->em = $em;
    $this->router = $router;
}

public function getCredentials(Request $request)
{
    if ($request->getPathInfo() != '/login' || !$request->isMethod('POST'))     {
        return;
    }

    return [
        'username' => $request->request->get('_username'),
        'password' => $request->request->get('_password'),
    ];
}

public function getUser($credentials, UserProviderInterface $userProvider)
{
    $username = $credentials['username'];
    return $this->em->getRepository('EntBundle:User\User')->findOneBy(['username' => $username]);
}

public function checkCredentials($credentials, UserInterface $user)
{
  // this is just for test  
  return true;
}

public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
    $request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
    $url = $this->router->generate('login');
    return new RedirectResponse($url);
}

public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
{
    $url = $this->router->generate('accueil');
    return new RedirectResponse($url);
}

public function start(Request $request, AuthenticationException $authException = null)
{
    $url = $this->router->generate('login');
    return new RedirectResponse($url);
}

public function supportsRememberMe()
{
    return false;
}
}

DashboardController.php 

namespace EntBundle\Controller\Dashboard;

use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;


class DashboardController extends Controller
{
/**
 * @Route("/accueil", name="accueil")
 */
public function indexAction()
{
    $user = $this->get('security.token_storage')->getToken();
    dump($user); die;
    return   $this->render('EntBundle:dashboard:dashboard_structure.html.twig');
}


/**
 * @Route("/login", name="login")
 */
public function loginAction()
{
    $authenticationUtils = $this->get('security.authentication_utils');
    $error = $authenticationUtils->getLastAuthenticationError();
    $lastUsername = $authenticationUtils->getLastUsername();

    return $this->render('EntBundle::login.html.twig', [
        'last_username' => $lastUsername,
        'error' => $error,
    ]);
}

/**
 * @Route("/logout", name="logout")
 */
public function logoutAction()
{
}
}

编辑:
感谢leo_ap的帮助,但问题不是来自那里 配置会话是这样的:

session:
     handler_id:  session.handler.native_file
     save_path:   "%kernel.root_dir%/../var/sessions/%kernel.environment%"

如果我签入保存路径文件夹,我会创建会话文件但未经过身份验证。

_sf2_attributes|a:1:{s:26:"_security.main.target_path";s:29:"http://localhost:8000/accueil";}_sf2_flashes|a:0:{}_sf2_meta|a:3:{s:1:"u";i:1488245179;s:1:"c";i:1488244922;s:1:"l";s:1:"0";}

如果我使用security.yml尝试正常的login_form,它的工作正常......
我尝试使用handler_id和save_path为null但没有成功。

EDIT2:
我已经找到了为什么我总是被重定向到登录页面,因为我已经退出了!

[2017-02-28 09:16:34] security.INFO: The security token was removed due to an AccountStatusException. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AuthenticationExpiredException(code: 0):  at /home/philippe/Documents/symfony/vendor/symfony/symfony/src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php:86)"}

并在GuardAuthenticationProvider.php(86)

   The listener *only* passes PreAuthenticationGuardToken instances.
   This means that an authenticated token (e.g.PostAuthenticationGuardToken)
   is being passed here, which happens if that token becomes "not authenticated" (e.g. happens if the user changes between requests).  
  In this case, the user should be logged out, so we will return an AnonymousToken to accomplish that.

但为什么???

1 个答案:

答案 0 :(得分:0)

可能是您没有持久令牌的会话。检查您的会话配置,在</body>内。在config.yml选项中,有framework。了解如何配置sessionhandler_id。可能是您的php instalation无法处理已配置路径上的会话。尝试将null放到save_pathhandler_id以强制php使用自己的构建配置来处理会话。

config.yml文件:

save_path
相关问题
最新问题