在symfony 3.3.9中忽略了json_login

时间:2017-09-22 15:56:47

标签: json symfony authentication login

我想使用新的json_login身份验证端点。 我有一个基本的设置,我想检查“站点”用户是否存在于表SITE中。 似乎json_login身份验证器完全被忽略了。 用户未通过对/ api / login的POST请求进行身份验证。 你看到错误吗? 感谢

security.yml 

providers:
    site:
        id: app.siteUserProvider

firewalls:
    # disables authentication for assets and the profiler, adapt it according to your needs
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false

    api:
        anonymous: ~
        provider: site
        pattern: ^/api/
        json_login:
            check_path: api_login

access_control:
- { path: ^/api/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/cache, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/, roles: ROLE_USER }
- { path: ^/, roles: ROLE_USER }

encoders:
    AppBundle\Security\User\SiteUserProvider: plaintext

services.yml 

services:
    app.siteUserProvider:
        class: AppBundle\Security\User\SiteUserProvider
        arguments: ["@service_container"]

SiteUser.php 

<?php

namespace AppBundle\Security\User;

use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\EquatableInterface;
use AppBundle\Entity\Site;

class SiteUser implements UserInterface, EquatableInterface
{
    private $username;
    private $password;
    private $salt;
    private $roles;
    private $site;

    public function __construct(Site $site)
    {

        $this->username = $site->getSiteCode();
        $this->password = $site->getSiteCode();
        $this->salt = null;
        $this->roles = 'ROLE_USER';
        $this->site = $site;
    }

    public function getSite()
    {
        return $this->site;
    }

    public function getRoles()
    {
        return $this->roles;
    }

    public function getPassword()
    {
        return $this->password;
    }

    public function getSalt()
    {
        return $this->salt;
    }

    public function getUsername()
    {
        return $this->username;
    }

    public function eraseCredentials()
    {
    }

    public function isEqualTo(UserInterface $user)
    {
        if (!$user instanceof SiteUser) {
            return false;
        }

        if ($this->password !== $user->getPassword()) {
            return false;
        }

        if ($this->salt !== $user->getSalt()) {
            return false;
        }

        if ($this->username !== $user->getUsername()) {
            return false;
        }

        return true;
    }
}

SiteUserProvider.php 

<?php

namespace AppBundle\Security\User;

use AppBundle\Abstraction\TraitContainerRepositories;
use AppBundle\Security\User\SiteUser;
use Symfony\Component\DependencyInjection\ContainerAwareInterface;
use Symfony\Component\DependencyInjection\ContainerAwareTrait;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;

class SiteUserProvider implements UserProviderInterface, ContainerAwareInterface
{
    use ContainerAwareTrait;
    use TraitContainerRepositories;

    public function __construct($container)
    {
        $this->container = $container;
    }

    public function loadUserByUsername($username)
    {
        die("good !");
        $site = $this->_getSiteRepository()->findOneByCodeSite($username);
        if ($site !== null) {
            return new SiteUser($site);
        } else {
            throw new UsernameNotFoundException(sprintf('Username "%s" does not exist.', $username));
        }
    }

    public function refreshUser(UserInterface $user)
    {
        if (!$user instanceof SiteUser) {
            throw new UnsupportedUserException(
                sprintf('Instances of "%s" are not supported.', get_class($user))
            );
        }
        return $this->loadUserByUsername($user->getUsername());
    }

    public function supportsClass($class)
    {
        return SiteUser::class === $class;
    }
}

SecurityController.php 

/**
 * @Route("/api/login", name="api_login")
 */
public function apiLoginAction(Request $request, UserInterface $user)
{
    // voir security.yml
    return $this->json(array('status' => 'authentication required'), 403);
}

1 个答案:

答案 0 :(得分:0)

请确保您的POST请求标头包含:

Content-Type:application/json

否则,安全系统不会截获该请求,并且用户将无法通过用户身份验证。

相关问题
最新问题