0
我大致上遵循了Symfony的Security和How to load Security Users from the Database指令,其中包含一些小的自定義配置,但我無法使用我的數據庫中的用戶登錄! in_memory用戶工作正常!Symfony2.2從數據庫登錄錯誤:「Bad Credentials」
這是我security.yml:
jms_security_extra:
secure_all_services: false
expressions: true
security:
encoders:
NEWS\BlogBundle\Entity\Author: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
providers:
chain_provider:
chain:
providers: [user_db, in_memory]
user_db:
entity: { class: NEWSBlogBundle:Author , property: username }
in_memory:
memory:
users:
admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
firewalls:
admin_area:
pattern: ^/admin
http_basic: ~
secured_area:
pattern: ^/
anonymous: ~
form_login:
login_path: /Login
check_path: /login_check
username_parameter: username
password_parameter: password
logout:
path: /logout
target: /blog
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/newpost, roles: ROLE_USER }
而且我Author.php(用戶)實體(我已刪除的功能註釋,使其更短):
<?php
namespace NEWS\BlogBundle\Entity;
use Doctrine\ORM\Mapping as ORM;
/**
* Author
*/
class Author implements \Symfony\Component\Security\Core\User\AdvancedUserInterface, \Serializable
{
/**
* @var integer
*/
private $id;
/**
* @var string
*/
private $username;
/**
* @var string
*/
private $password;
/**
* @var string
*/
private $Name;
/**
* @var string
*/
private $Surname;
/**
* @var string
*/
private $salt;
/**
* @var boolean
*/
private $isActive;
/**
* @var \NEWS\BlogBundle\Entity\Category
*/
private $category;
/**
* Get id
*
* @return integer
*/
public function getId()
{
return $this->id;
}
public function setUsername($username)
{
$this->username = $username;
return $this;
}
public function getUsername()
{
return $this->username;
}
public function setPassword($password)
{
$this->password = $password;
return $this;
}
public function getPassword()
{
return $this->password;
}
public function setCategory(\NEWS\BlogBundle\Entity\Category $category = null)
{
$this->category = $category;
return $this;
}
public function getCategory()
{
return $this->category;
}
public function setName($name)
{
$this->Name = $name;
return $this;
}
public function getName()
{
return $this->Name;
}
public function setSurname($surname)
{
$this->Surname = $surname;
return $this;
}
public function getSurname()
{
return $this->Surname;
}
public function __construct()
{
$this->isActive = true;
$this-> salt = sha1(uniqid(null, true));
}
public function setSalt($salt)
{
$this->salt = $salt;
return $this;
}
public function getSalt()
{
return $this->salt;
}
public function setIsActive($isActive)
{
$this->isActive = $isActive;
return $this;
}
public function getIsActive()
{
return $this->isActive;
}
public function isAccountNonExpired()
{
// TODO: Implement isAccountNonExpired() method.
return true;
}
public function isAccountNonLocked()
{
// TODO: Implement isAccountNonLocked() method.
return true;
}
public function isCredentialsNonExpired()
{
return true;
}
public function isEnabled()
{
return $this->isActive;
}
public function getRoles()
{
return array('ROLE_USER');
}
public function eraseCredentials()
{
// TODO: Implement eraseCredentials() method.
}
/**
* @var \Doctrine\Common\Collections\Collection
*/
private $posts;
public function addPost(\NEWS\BlogBundle\Entity\Post $posts)
{
$this->posts[] = $posts;
return $this;
}
public function removePost(\NEWS\BlogBundle\Entity\Post $posts)
{
$this->posts->removeElement($posts);
}
public function getPosts()
{
return $this->posts;
}
public function serialize()
{
return serialize(array(
$this->id,
));
}
public function unserialize($serialized)
{
list (
$this->id,
) = unserialize($serialized);
}
}
這是我的Login.html.twig
{# src/NEWS/BlogBundle/Resources/views/Page/Login.html.twig #}
{% extends 'NEWSBlogBundle::layout.html.twig' %}
{% block title %}Login Page{% endblock%}
{% block body %}
<header>
</header>
{% if app.session.hasFlash('blogger-notice') %}
<div class="blogger-notice">
{{ app.session.flash('blogger-notice') }}
</div>
{% endif %}
{% if error %}
<div>{{ error.message }}</div>
{% endif %}
<form action="{{ path('login_check') }}" method="post">
<label for="username">Username:</label>
<input type="text" id="username" name="username" value="{{ last_username }}" />
<label for="password">Password:</label>
<input type="password" id="password" name="password" />
<button type="submit">Login</button>
</form>
{% endblock %}
登錄控制器:
public function LoginAction()
{
$request = $this->getRequest();
$session = $request->getSession();
// get the login error if there is one
if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
$error = $request->attributes->get(
SecurityContext::AUTHENTICATION_ERROR
);
} else {
$error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
$session->remove(SecurityContext::AUTHENTICATION_ERROR);
}
return $this->render(
'NEWSBlogBundle:Page:Login.html.twig',
array(
// last username entered by the user
'last_username' => $session->get(SecurityContext::LAST_USERNAME),
'error' => $error,
)
);
}
與它建立我的登錄表單功能:
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder->add('username', 'text');
$builder->add('password', 'password');
return $builder->getForm();
}
我一直在試圖解決這個三天,但一直沒SUCESSFUL!我非常感謝任何幫助!
我不知道是否需要註冊功能,我現在不包括他們,因爲問題到目前爲止足夠長!
PS:我的登錄路徑故意以大寫字母開頭,我知道我已經從用戶/參數中刪除了'_',我嘗試將它們更改回原始窗體,但stil得到了同樣的錯誤!
錯誤信息:「憑據」返回,當用戶名/密碼不匹配。從你的security.yml我收集你的密碼存儲爲明文,這是正確的,或他們編碼,例如與MD5,SHA1或其他? – dbrumann
我明白,但我不明白爲什麼會發生這種情況! 我目前將它們存儲爲明文,以便我可以跟蹤發生了什麼。 我在數據庫中看到的是一個不編碼的密碼和一個編碼的鹽。 –
檢查您的應用程序/ logs/dev.log以獲取錯誤消息。要檢查你的salt是否沒有引起任何問題,暫時改變getSalt返回null:'getSalt(){return null; }'這樣,你可以確保鹽不是問題。 – dbrumann