2017-02-27 79 views
1

我嘗試使用後衛(symfony 3.2)進行表單登錄身份驗證,但它不起作用。 身份驗證正在工作,但是當我重定向到主頁(accueil)時,我被重定向到登錄頁面而沒有進行身份驗證。
如果我把我的主頁symfony3後衛登錄表單不認證

$user = $this->get('security.token_storage')->getToken(); 
dump($user); die; 

我可以看到我的用戶,角色,但他未通過身份驗證的CONTROLER。

DashboardController.php on line 23: 
PostAuthenticationGuardToken {#133 ▼ 
-providerKey: "main" 
-user: User {#457 ▶} 
-roles: array:1 [▼ 
    0 => Role {#120 ▼ 
    -role: "ROLE_SUPERADMIN" 
    } 
    ]  
-authenticated: false 
-attributes: [] 
} 

我錯過了什麼?

Security.ym

security: 
encoders: 
    EntBundle\Entity\User\User: 
    algorithm: bcrypt 

providers: 
    database: 
     entity: 
      class: EntBundle:User\User 
      property: username 

firewalls: 
    dev: 
     pattern: ^/(_(profiler|wdt)|css|images|js)/ 
     security: false 

    main: 
     pattern: ^/ 
     anonymous: ~ 
     logout: ~ 
     guard: 
      authenticators: 
      - ent.login_authenticator 

TestAuthenticator.php

namespace EntBundle\Security; 

use Doctrine\ORM\EntityManager; 
use Symfony\Component\HttpFoundation\RedirectResponse; 
use Symfony\Component\HttpFoundation\Request; 
use Symfony\Component\HttpFoundation\Response; 
use Symfony\Component\Routing\RouterInterface; 
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; 
use Symfony\Component\Security\Core\Exception\AuthenticationException; 
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException; 
use Symfony\Component\Security\Core\Security; 
use Symfony\Component\Security\Core\User\UserInterface; 
use Symfony\Component\Security\Core\User\UserProviderInterface; 
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator; 

class TestAuthenticator extends AbstractGuardAuthenticator 
{ 
private $em; 
private $router; 

public function __construct(EntityManager $em, RouterInterface $router) 
{ 
    $this->em = $em; 
    $this->router = $router; 
} 

public function getCredentials(Request $request) 
{ 
    if ($request->getPathInfo() != '/login' || !$request->isMethod('POST'))  { 
     return; 
    } 

    return [ 
     'username' => $request->request->get('_username'), 
     'password' => $request->request->get('_password'), 
    ]; 
} 

public function getUser($credentials, UserProviderInterface $userProvider) 
{ 
    $username = $credentials['username']; 
    return $this->em->getRepository('EntBundle:User\User')->findOneBy(['username' => $username]); 
} 

public function checkCredentials($credentials, UserInterface $user) 
{ 
    // this is just for test 
    return true; 
} 

public function onAuthenticationFailure(Request $request, AuthenticationException $exception) 
{ 
    $request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception); 
    $url = $this->router->generate('login'); 
    return new RedirectResponse($url); 
} 

public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) 
{ 
    $url = $this->router->generate('accueil'); 
    return new RedirectResponse($url); 
} 

public function start(Request $request, AuthenticationException $authException = null) 
{ 
    $url = $this->router->generate('login'); 
    return new RedirectResponse($url); 
} 

public function supportsRememberMe() 
{ 
    return false; 
} 
} 

DashboardController.php

namespace EntBundle\Controller\Dashboard; 

use Symfony\Bundle\FrameworkBundle\Controller\Controller; 
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route; 


class DashboardController extends Controller 
{ 
/** 
* @Route("/accueil", name="accueil") 
*/ 
public function indexAction() 
{ 
    $user = $this->get('security.token_storage')->getToken(); 
    dump($user); die; 
    return $this->render('EntBundle:dashboard:dashboard_structure.html.twig'); 
} 


/** 
* @Route("/login", name="login") 
*/ 
public function loginAction() 
{ 
    $authenticationUtils = $this->get('security.authentication_utils'); 
    $error = $authenticationUtils->getLastAuthenticationError(); 
    $lastUsername = $authenticationUtils->getLastUsername(); 

    return $this->render('EntBundle::login.html.twig', [ 
     'last_username' => $lastUsername, 
     'error' => $error, 
    ]); 
} 

/** 
* @Route("/logout", name="logout") 
*/ 
public function logoutAction() 
{ 
} 
} 

編輯:
感謝leo_ap您的幫助,但犯規從那裏來的問題。
的配置會話是這樣的:

session: 
    handler_id: session.handler.native_file 
    save_path: "%kernel.root_dir%/../var/sessions/%kernel.environment%" 

,如果我在保存路徑文件夾查看我的會話文件創建,但沒有通過認證。

_sf2_attributes|a:1:{s:26:"_security.main.target_path";s:29:"http://localhost:8000/accueil";}_sf2_flashes|a:0:{}_sf2_meta|a:3:{s:1:"u";i:1488245179;s:1:"c";i:1488244922;s:1:"l";s:1:"0";} 

如果我嘗試用security.yml正常login_form它的正常工作......
我已經handler_id的和的save_path嘗試空,但沒有成功。

EDIT2:
我發現爲什麼我總是重定向到登錄頁面,因爲我退出了!

[2017-02-28 09:16:34] security.INFO: The security token was removed due to an AccountStatusException. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AuthenticationExpiredException(code: 0): at /home/philippe/Documents/symfony/vendor/symfony/symfony/src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php:86)"} 

和GuardAuthenticationProvider.php(86)

The listener *only* passes PreAuthenticationGuardToken instances. 
    This means that an authenticated token (e.g.PostAuthenticationGuardToken) 
    is being passed here, which happens if that token becomes "not authenticated" (e.g. happens if the user changes between requests). 
    In this case, the user should be logged out, so we will return an AnonymousToken to accomplish that. 

但爲什麼???

回答

0

可能是您的會話不持續令牌。檢查您的會話配置,內部:config.yml。在framework選項中,有session。瞭解如何配置handler_idsave_path。這可能是因爲你的php instalation無法處理配置路徑上的會話。嘗試將null設置爲handler_idsave_path以強制php使用其自己的內部構建來處理會話。

config.yml文件:

framework: 

    { .. Other configurations ..} 

    session: 
     handler_id: null 
     save_path: null 

    { .. More configurations ..} 
+0

leo_ap嗨。看我的編輯... – lemairep