我正在尝试使用Symfony进行身份验证。不幸的是,无论尝试如何,我都会一遍又一遍地收到错误消息“ Invalid Credentials ”。
我读过其他文章,但都没有派上用场,这可能是什么原因以及如何解决?
我试图修改getUsername()以返回电子邮件而不是用户名,但这没用。我检查了我的注册过程,确保自己的哈希正确无误,并用普通密码转储了password_verify的结果,并且一个来自数据库(这是事实)等等。
我相信我做错了事。
security.yml:
security:
role_hierarchy:
encoders:
AppBundle\Entity\User: bcrypt
# https://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded
providers:
db_provider:
entity:
class: AppBundle\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
provider: db_provider
anonymous: ~
form_login:
username_parameter: _email
check_path: security_login
login_path: security_login
default_target_path: homepage
always_use_default_target_path: true
csrf_token_generator: security.csrf.token_manager
logout:
path: security_logout
target: security_login
access_control:
# this is a catch-all for the admin area
# addition security lices in the controllers
# - { path: '^/(%locale%)/admin', roles: ROLE_ADMIN
# - { path: '^/ucp', roles: [IS_AUTHENTICATED_FULLY] }
login.html.twig
<form name="authenticate" action="{{ path('security_login') }}" method="post" class="loginForm" id="loginForm">
<div class="form-group">
<input type="email" class="form-control" name="_email" value="{{ last_username }}" id="email" placeholder="Имейл адрес"/>
</div>
<div class="form-group">
<input type="password" class="form-control" name=_password" id="password" placeholder="Парола"/>
</div>
<input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}">
<div class="text-center"><button type="submit" id="loginButton">Log in</button></div>
</form>
UserService
class UserService implements UserServiceInterface
{
private $encryptionService;
private $entityManager;
public function __construct(UserPasswordEncoderInterface $encryptionService,
EntityManagerInterface $entityManager)
{
$this->encryptionService = $encryptionService;
$this->entityManager = $entityManager;
}
public function save(User $user): Response
{
$passwordHash = $this->encryptionService->encodePassword($user, $user->getPassword());
$user->setPassword($passwordHash);
$this->entityManager->persist($user);
$this->entityManager->flush();
return new Response();
}
}
答案 0 :(得分:1)
哦,天哪,我已经解决了...不幸的是,这是一个令人尴尬的错误...我刚错过了密码名属性的第一个引号,它是name = _password“
答案 1 :(得分:0)
您可以使用 UserPasswordEncoderInterface 来对您的密码进行明确的哈希处理:
.....
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
......
class UserService implements UserServiceInterface
{
private $userPasswordEncoderInterface;
private $entityManager;
public function __construct(
UserPasswordEncoderInterface $userPasswordEncoderInterface,
EntityManagerInterface $entityManager)
{
$this->userPasswordEncoderInterface = $userPasswordEncoderInterface;
$this->entityManager = $entityManager;
}
public function save(User $user): Response
{
$passwordHash = $this->userPasswordEncoderInterface->encodePassword($user, $user->getPassword());
$user->setPassword($passwordHash);
$this->entityManager->persist($user);
$this->entityManager->flush();
return new Response('password encoded');
}
}
您可以在此链接中查看更多信息:handle register form