我正在开发一个包含几个捆绑包的Symfony 3.3 Web应用程序。
我正在尝试定义一种在数据库中注册管理员用户的方法,如下所示。我能够在数据库中创建用户,但之后我无法以该用户身份登录:我总是得到错误的凭据。虽然我知道事情可以以更好的方式安排,但我想了解我没有看到的东西。
所以我有一个AdminBundle,其中我定义了一个User类:
/**
* register main user/admin
*
* @Route("/register/{nameuser}", name="Jus_Admin_register")
* @Method("GET")
* @Template()
*/
public function registerAction($nameuser)
{
$user = new User();
$user->setUsername($nameuser);
$user->setEmail('aaa@aaa.aaa');
$plainPassword = 'pw';
$encoder = $this->get('security.encoder_factory')->getEncoder($user);
$encoded = $encoder->encodePassword($user, $plainPassword);
$user->setPassword($encoded);
$user->setEnabled(TRUE);
$user->setSuperAdmin(TRUE);
$userManager = $this->container->get('fos_user.user_manager');
$userManager->updateUser($user);
return $this->render('myAppAdminBundle:Admin:login.html.twig');
}
和registerAction
security:
encoders:
myApp\AdminBundle\Entity\User:
algorithm: bcrypt
cost: 10
iterations: 1
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
our_db_provider:
entity:
class: myApp\AdminBundle\Entity\User
property: username
....
firewalls:
admin_area:
pattern: ^/myApp/Admin
anonymous: ~
form_login:
login_path: /myApp/Admin/login
check_path: /myApp/Admin/login_check
logout:
path: /myApp/Admin/logout
target: /myApp/Admin/admin
http_basic:
realm: "Admin reserved"
context: primary_auth
我的security.yml有:
fos_user:
db_driver: orm # other valid values are 'mongodb' and 'couchdb'
firewall_name: admin_area
user_class: myApp\AdminBundle\Entity\User\
from_email:
address: "%mailer_user%"
sender_name: "%mailer_user%"
和我的config.yml(确实我不确定我是否需要以下内容):
http://localhost/myApp/Admin/register/admin如果我拨打--
-- Dumping data for table `fos_user`
--
INSERT INTO `fos_user` (`id`, `username`, `username_canonical`, `email`, `email_canonical`, `enabled`, `salt`, `password`, `last_login`, `confirmation_token`, `password_requested_at`, `roles`) VALUES
(1, 'admin', 'admin', 'aaa@aaa.aaa', 'aaa@aaa.aaa', 1, NULL, '$2y........yq', NULL, NULL, NULL, 'a:1:{i:0;s:16:\"ROLE_SUPER_ADMIN\";}');
,则会在表fos_user:
in_memory但是,我无法登录。日志说:
[2017-08- .. ....] security.INFO:身份验证请求失败。 {“exception”:“[object](Symfony \ Component \ Security \ Core \ Exception \ BadCredentialsException(code:0):凭据错误。在/..../vendor/symfony/symfony/src/Symfony/Component/Security /Core/Authentication/Provider/UserAuthenticationProvider.php:91,symfony \ Component \ Security \ Core \ Exception \ BadCredentialsException(code:0):提供的密码无效。在/...../vendor/symfony/symfony/ src / Symfony / Component / Security / Core / Authentication / Provider / DaoAuthenticationProvider.php:67)“} []
谢谢,感谢您的帮助
PS。如果我使用var match = @"<ITEM>([^<\n]+)\n?";
var replace = @"<b>$1</b>";
var ans = Regex.Replace(src, match, replace);
安全提供程序
答案 0 :(得分:1)
无需手动哈希密码。用户经理在更新时进行哈希处理。只需设置普通密码即可。
$user = new User();
...
$user->setPlainPassword('pw');
...
$userManager->updateUser($user);
如果您想手动哈希,请修复encodePassword电话。它接受2个参数:普通密码和盐
$encoded = $encoder->encodePassword('pw', $user->getSalt());
https://github.com/symfony/security-core/blob/master/Encoder/PasswordEncoderInterface.php#L29