Symfony 3 Ajax登录无效的CSRF令牌

时间:2017-06-07 15:40:45

标签: ajax symfony authentication modal-dialog csrf

我正在尝试使用我的模态登录并发送Ajax请求进行身份验证,但我总是从onAuthenticationFailure函数中得到此错误:

无效的CSRF令牌

这是我的代码: security.yml 

 firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    default:
            anonymous: ~
            pattern: ^/
            form_login:
                provider: picshare_provider
                check_path: /login
                success_handler: acme.security.authentication_handler
                failure_handler: acme.security.authentication_handler
                csrf_token_generator: security.csrf.token_manager
                csrf_parameter: _csrf_token

AuthenticationHandler.php 

class AuthenticationHandler implements AuthenticationSuccessHandlerInterface , AuthenticationFailureHandlerInterface
{
    private $router;
    private $session;
    private $csrfTokenManager;

    /**
     * AuthenticationHandler constructor.
     * @param RouterInterface $router
     * @param Session $session
     */
    public function __construct(RouterInterface $router, Session $session, CsrfTokenManagerInterface $csrfTokenManager)
    {
        $this->router = $router;
        $this->session = $session;
        $this->csrfTokenManager = $csrfTokenManager;
    }

    /**
     * @param Request $request
     * @param TokenInterface $token
     * @return RedirectResponse|Response
     */
    public function onAuthenticationSuccess(Request $request, TokenInterface $token)
    {
        if ($request->isXmlHttpRequest()) {
            $json = array(
                'has_error'   => false,
                'username'    => $token->getUser()->getUsername()
            );
            $response = new Response(json_encode($json));
            $response->headers->set('Content-Type', 'application/json');
            return $response;

        } else {
            $url = $this->router->generate('home');
            return new RedirectResponse($url);
        }

    }

    /**
     * @param Request $request
     * @param AuthenticationException $exception
     * @return Response
     */
    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
    {
        if ( $request->isXmlHttpRequest() ) {
            $array = array( 'success' => false, 'message' => $exception->getMessage() ); // data to return via JSON
            $response = new Response( json_encode( $array ) );
            $response->headers->set( 'Content-Type', 'application/json' );

            return $response;
        }

        else {
            $request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
            return new RedirectResponse($this->router->generate('login'));
        }
    }
}

JavaScript.js 

login_submit.onclick = function () {
    axios.post('/login',
        {
            _username: document.getElementById('login-email').value = 'admin',
            _password: document.getElementById('login-password').value = 'root',
            _csrf_token: document.getElementById('login-csrf').value
        },
        config).then(function (response) {
        console.log(response)
    })
};

控制器:

/**
     * @Route("/login", name="login")
     */
    public function loginAction(Request $request)
    {
        $authenticationUtils = $this->get('security.authentication_utils');
        $csrfToken = $this->has('security.csrf.token_manager')
            ? $this->get('security.csrf.token_manager')->getToken('authenticate')->getValue()
            : null;

        // get the login error if there is one
        $error = $authenticationUtils->getLastAuthenticationError();

        $array = [
            'error' => $error,
            'csrf_token' => $csrfToken,
        ];

        $response = new Response(json_encode($array));

        return $response;
    }

树枝

            <form class="cd-form">
            <p class="fields">
                <label class="email" for=login-email">Benutzername</label>
                <input id="login-email"  name="_username" >
                <i class="fa fa-envelope-o" aria-hidden="true"></i>
            </p>
            <p class="fields">
                <input id="login-password" name="_password" placeholder="Passwort">
                <i class="fa fa-key" aria-hidden="true"></i>
            </p>
            <p class="fields-submit">
                <input class="full-width" id="modal-login-button" value="Anmelden">
            </p>
            <input type="hidden" name="_csrf_token" id="login-csrf"
                   value="{{ csrf_token('authenticate') }}"
            >
        </form>

我错过了什么?

0 个答案:

没有答案
相关问题
最新问题