不断获得错误的凭据

Question

我一直都在不断获得不良证书。我找不到配置中的问题。

该应用程序已经具有用户安全性（/ api路径）。我尝试为新的api捆绑包（/ apimobile路径）制作另一个。

  

Config.yml

fos_user:
    db_driver:     orm
    firewall_name: api_secure_area
    user_class:    APIBundle\Entity\User
    from_email:
        address:        r@re.fr
        sender_name:    Team

  

security.yml

security:

    role_hierarchy:
        ROLE_ANONYMOUS: ROLE_ANONYMOUS
        ROLE_USER:       [ROLE_ANONYMOUS]
        ROLE_ENTITY_M:  [ROLE_USER]
        ROLE_ENTITY_MANAGER: [ROLE_ENTITY_M]
        ROLE_ENTITY_SENIORS_MANAGER: [ROLE_ENTITY_M]
        ROLE_REZOPRO_MANAGER: [ROLE_USER]
        ROLE_MACIF: [ROLE_USER]
        ROLE_ADMIN: [ROLE_MACIF, ROLE_ENTITY_MANAGER, ROLE_ENTITY_SENIORS_MANAGER, ROLE_ENTITY_M, ROLE_REZOPRO_MANAGER]
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    # http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
    providers:
        fos_userbundle:
            id: fos_user.user_provider.username
        auth_token_user_provider:
            id: auth_token_user_provider
        backend:
            entity:
                # class:    AppBundle\Entity\APIUser
                class:    AppBundle\Entity\APIUser
                property: email

    firewalls:
        # disables authentication for assets and the profiler, adapt it according to your needs
        api:
            pattern: ^/api/
            stateless: true
            simple_preauth:
                authenticator: auth_token_authenticator
            provider: auth_token_user_provider
            anonymous: ~

        api_secure_area:
            pattern: ^/apimobile/
            stateless: false
            anonymous: ~
            provider: fos_userbundle
            lexik_jwt: ~
            json_login:
                check_path: /apimobile/login
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure
                require_previous_session: false


        app:
            pattern: ^/
            anonymous: true
            provider:  backend
            form_login:
                login_path: login
                check_path: login_check
            logout:
                path:       logout
                target:     homepage

        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false


    access_control:
        - { path: ^/api, roles: ROLE_ANONYMOUS }
        - { path: ^/admin, roles: ROLE_SUPER_ADMIN }
        - { path: ^/downloads, roles: ROLE_ANONYMOUS }
        - { path: ^/Resources, methods: [GET] }

    encoders:
        AppBundle\Entity\APIUser:
            algorithm: bcrypt
            cost: 12
        APIBundle\Entity\User: sha1

  

routing.yml

api_mobile_login_check:
    path: /apimobile/login

我想知道，当现有的后端用户提供者使用电子邮件时，FOSUser是否需要用户名作为标识符这一事实是否棘手？

因此，请继续获取此信息：

  

curl -X POST -H“内容类型：application / json” http://localhost:8000/apimobile/login -d'{“ username”：“ UserTest”，“ password”：“ test”}'

{"code":401,"message":"Bad credentials"}

感谢您的帮助。

编辑：使用终端中的fos：user命令创建的UserTest。