我正在使用Symfony3中的登录表单,但不管我做了什么,我都无法授权用户,而且总是说凭据不正确。
一些细节。
数据库 - 用户表 - 包含以下列列表:id,first_name,last_name,username,email,password,is_admin,code,guid,secret,confirmed,created和status。其中五个很重要,它们是:用户名,电子邮件,密码, is_admin 和状态
我想用用户名或电子邮件和密码授权用户,但如果他们将is_admin设置为false并且状态设置为true,则还要检查。我认为我错过了我的逻辑,但我不知道在哪里和哪里。
security.yml
def country_list = []
country_list =['sg', 'ph', 'hk']
for (String item : country_list) {
println item
if (item.toUpperCase() == "PH")
isPH = true
}
println isPH
login.html.twig
security:
encoders:
AppBundle\Entity\StUser:
algorithm: bcrypt
cost: 12
providers:
our_db_provider:
entity:
class: AppBundle:StUser
property: email
firewalls:
user_secured_area:
pattern: ^/([a-z]{2})/account
form_login:
login_path: login
check_path: login
user_login_area:
anonymous: ~
form_login:
login_path: login
check_path: login
provider: our_db_provider
username_parameter: email
password_parameter: password
csrf_token_generator: security.csrf.token_manager
default:
anonymous: ~
http_basic: ~
AccountController.php
<form action="{{ url }}" method="post">
<div class="field text">
<input type="text" id="email" name="email" value="">
</div>
<div class="field text">
<input type="password" id="password" name="password">
</div>
<div class="field hidden">
<input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}">
</div>
<div class="field button">
<button type="submit">Login</button>
</div>
</form>
StUser.php实体
namespace AppBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
use AppBundle\Entity\StUser;
use AppBundle\Helper\GuidHelper;
use AppBundle\Helper\EmailHelper;
use AppBundle\Helper\SecretHelper;
use AppBundle\Helper\NotificationHelper;
use AppBundle\Helper\Validation\UserActivationValidation;
use AppBundle\Helper\Validation\UserRegistrationValidation;
class AccountController extends Controller
{
public function loginAction(Request $request)
{
$helper = $this->get('security.authentication_utils');
$error = $helper->getLastAuthenticationError();
return $this->render('account/login.html.twig', array( 'error' => $error ));
}
}
当我显示sql查询时,它看起来它检查了电子邮件,没有别的。
我是否必须实施其他内容?也许是UserRepository类?或者我的配置错了?
提前致谢。
答案 0 :(得分:0)
我发现我的security.yml存在一些奇怪的差异。查找并找到:
security:
encoders:
AppBundle\Entity\User:
algorithm: bcrypt
cost: 12
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
our_db_provider:
entity:
class: AppBundle:User
property: email
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: ~
pattern: ^/
provider: our_db_provider
form_login:
login_path: /login
check_path: /login_check
csrf_token_generator: security.csrf.token_manager # FOR SYMFONY 2.7 OR BELOW USE: csrf_provider: security.csrf.token_manager
logout:
path: /logout
target: /
access_control:
# require ROLE_ADMIN for /admin*
- { path: ^/admin, roles: ROLE_ADMIN }