1. 首页
  2. 问答
  3. Symfony3自定义用户提供程序不起作用

Symfony3自定义用户提供程序不起作用

2017-02-27 61 views
2

我试图按Symfony文档实现所有内容,但验证似乎根本不起作用。看看我究竟做了:Symfony3自定义用户提供程序不起作用

security.yml

security: 
    encoders: 
     AppBundle\Entity\StUser: 
      algorithm: bcrypt 
      cost: 12 

    providers: 
     our_db_provider: 
      entity: 
       class: AppBundle:Entity:StUser 

    firewalls: 
     user_secured_area: 
      pattern: ^/([a-z]{2})/account 
      provider: our_db_provider 
      form_login: 
       login_path: login 
       check_path: login_check 
       csrf_token_generator: security.csrf.token_manager 
     default: 
      anonymous: ~ 
      http_basic: ~

StUser.php实体

namespace AppBundle\Entity; 

class StUser implements UserInterface 
{ 
    private $id; 
    private $firstName; 
    private $lastName; 
    private $password; 
    private $username; 
    private $isAdmin = '0'; 
    private $confirmed; 
    private $created = 'CURRENT_TIMESTAMP'; 
    private $status = '1'; 

    public function getId() 
    { 
     return $this->id; 
    } 

    public function setFirstName($firstName) 
    { 
     $this->firstName = $firstName; 

     return $this; 
    } 

    public function getFirstName() 
    { 
     return $this->firstName; 
    } 

    public function setLastName($lastName) 
    { 
     $this->lastName = $lastName; 

     return $this; 
    } 

    public function getLastName() 
    { 
     return $this->lastName; 
    } 

    public function setPassword($password) 
    { 
     $this->password = $password; 

     return $this; 
    } 

    public function getPassword() 
    { 
     return $this->password; 
    } 

    public function setUsername($username) 
    { 
     $this->username = $username; 

     return $this; 
    } 

    public function getUsername() 
    { 
     return $this->username; 
    } 

    public function setIsAdmin($isAdmin) 
    { 
     $this->isAdmin = $isAdmin; 

     return $this; 
    } 

    public function getIsAdmin() 
    { 
     return $this->isAdmin; 
    } 

    public function setConfirmed($confirmed) 
    { 
     $this->confirmed = $confirmed; 

     return $this; 
    } 

    public function getConfirmed() 
    { 
     return $this->confirmed; 
    } 

    public function setCreated($created) 
    { 
     $this->created = $created; 

     return $this; 
    } 

    public function getCreated() 
    { 
     return $this->created; 
    } 

    public function setStatus($status) 
    { 
     $this->status = $status; 

     return $this; 
    } 

    public function getStatus() 
    { 
     return $this->status; 
    } 

    /* ==== Additional =================================================== */ 
    public function __construct($username, $password, $salt, array $roles) 
    { 
     $this->username = $username; 
     $this->password = $password; 
     /* $this->salt = $salt; */ 
     /* $this->roles = $roles; */ 
    } 

    public function getRoles() 
    { 
     return null; 
    } 

    public function getSalt() 
    { 
     return null; 
    } 

    public function eraseCredentials() 
    { 

    } 
}

UserRepository.php库:

namespace AppBundle\Repository; 

use Symfony\Bridge\Doctrine\Security\User\UserLoaderInterface; 
use Doctrine\ORM\EntityRepository; 

class UserRepository extends EntityRepository implements UserLoaderInterface 
{ 
    public function loadUserByUsername($username) 
    { 
     return $this->createQueryBuilder('u') 
      ->where('u.username = :username OR u.email = :email') 
      ->setParameter('username', $username) 
      ->setParameter('email', $username) 
      ->getQuery() 
      ->getOneOrNullResult(); 
    } 
}

AccountController.php

namespace AccountBundle\Controller; 

use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route; 
use Symfony\Bundle\FrameworkBundle\Controller\Controller; 
use Symfony\Component\HttpFoundation\Request; 

class AccountController extends Controller 
{ 
    /** 
    * @Route("{_lang}/login", name="login", requirements={"_lang": "pl"}) 
    */ 
    public function loginAction(Request $request, $_lang = '') 
    { 
     $helper = $this->get('security.authentication_utils'); 
     $error = $helper->getLastAuthenticationError(); 

     var_dump($error); 

     return $this->render('account/login.html.twig', array(
      'projects' => "", 
      'lang' => "pl", 
      'allLangs' => "", 
      'mainLang' => "", 
      'meta_title' => "test", 
      'meta_description' => "", 
      'meta_keywords' => "", 
      'meta_robots' => "", 
      'image_src' => "", 
      'social_title' => "", 
      'social_description' => "", 
      'social_url' => "", 
      'aaaa' => $helper, 

      /* 'last_username' => $lastUsername, 
      'error'   => $error, */ 
     )); 
    } 
}

login.html.twig视图

{% block body %} 
    <form action="{{ path('login', {'_lang': lang}) }}" method="post"> 
     <label for="username">Username:</label> 
     <input type="text" id="username" name="_username" value="" /> 

     <label for="password">Password:</label> 
     <input type="password" id="password" name="_password" /> 

     <input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}"> 

     <button type="submit">login</button> 
    </form> 
{% endblock %}

并没有任何反应,$帮助和$错误是空/空,没有什么我可以在日志中找到。我错过了什么。提前致谢。

来源

2017-02-27 Czadus

回答

0

我试过,但没有成功。它看起来像任何自定义代码永远不会被调用。

我已经更新security.yml(当我设置匿名:〜,那么它允许用户打开exampple帐户页面未经授权):

security: 
    encoders: 
     AppBundle\Entity\StUser: 
      algorithm: bcrypt 
      cost: 12 

    providers: 
     our_db_provider: 
      entity: 
       class: AppBundle:StUser 

    firewalls: 
     user_secured_area: 
      pattern: ^/([a-z]{2})/account 
      # anonymous: ~ 
      provider: our_db_provider 
      form_login: 
       login_path: login 
       check_path: login_check 
       csrf_token_generator: security.csrf.token_manager 
     default: 
      anonymous: ~ 
      http_basic: ~

而且我已经更新了用户实体:

StUser.orm。yml实体:

AppBundle\Entity\StUser: 
    type: entity 
    table: st_user 
    repositoryClass: AppBundle\Repository\UserRepository 
    indexes: 
     status_username_password: 
      columns: 
       - status 
       - username 
       - password 
     status_is_admin_username_password: 
      columns: 
       - status 
       - is_admin 
       - username 
       - password 
    id: 
     id: 
      type: integer 
      nullable: false 
      options: 
       unsigned: false 
      id: true 
      generator: 
       strategy: IDENTITY 
    fields: 
     firstName: 
      type: string 
      nullable: true 
      length: 255 
      options: 
       fixed: false 
      column: first_name 
     lastName: 
      type: string 
      nullable: true 
      length: 255 
      options: 
       fixed: false 
      column: last_name 
     password: 
      type: string 
      nullable: true 
      length: 255 
      options: 
       fixed: false 
     username: 
      type: string 
      nullable: true 
      length: 255 
      options: 
       fixed: false 
     isAdmin: 
      type: boolean 
      nullable: false 
      options: 
       default: '0' 
      column: is_admin 
     confirmed: 
      type: datetime 
      nullable: true 
     created: 
      type: datetime 
      nullable: false 
      options: 
       default: CURRENT_TIMESTAMP 
     status: 
      type: boolean 
      nullable: false 
      options: 
       default: '0' 
    lifecycleCallbacks: { }

来源

2017-02-28 09:04:36 Czadus

+0

关于您的security.yml中的**匿名**键,您应该将其放入,因为您登录且您的login_check路径正在攻击防火墙。如果您拒绝访问匿名用户,您如何才能登录登录页面?然后,您的工作就是使用不同策略(例如注释或ACL)来保护**帐户**路径。 –

+0

此外,尝试将**登录**放入check_path而不是** login_check ** –

+0

而且我认为在防火墙配置中不需要**模式**键,因为您将登录路径名设置为**登录**已经有一个模式和一个要求。登录路径与'^ /([a-z] {2})/ account'的防火墙模式不匹配。请勿使用此模式并使用acl或注释保护您的帐户路线 –

0

在你security.yml您需要添加使用默认值的匿名键和修复提供商键:

security.yml

security: 
    encoders: 
     AppBundle\Entity\StUser: 
      algorithm: bcrypt 
      cost: 12 
    providers: 
     our_db_provider: 
      entity: 
       class: AppBundle:StUser # not necessary to put 'Entity' here if your entities are in the Entity Folder 
    firewalls: 
     user_secured_area: 
      anonymous: ~ 
      pattern: ^/([a-z]{2})/account 
      provider: our_db_provider 
      form_login: 
       login_path: login 
       check_path: login_check 
       csrf_token_generator: security.csrf.token_manager

接下来,在你的的AccountController文件为什么不使用特殊路由参数_locale?请阅读:Special Routing Parameters

然后你用这样的语言环境参数前缀的路由:

AccountController.php

namespace AccountBundle\Controller; 

use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route; 
use Symfony\Bundle\FrameworkBundle\Controller\Controller; 
use Symfony\Component\HttpFoundation\Request; 

class AccountController extends Controller 
{ 
    /** 
    * @Route("/{_locale}/login", name="login", requirements={"_locale": "pl"}) 
    */ 
    public function loginAction(Request $request, $_lang = '') 
    { 
     $helper = $this->get('security.authentication_utils'); 
     $error = $helper->getLastAuthenticationError(); 

     var_dump($error); 

     return $this->render('account/login.html.twig', array(
      'projects' => "", 
      'lang' => "pl", 
      'allLangs' => "", 
      'mainLang' => "", 
      'meta_title' => "test", 
      'meta_description' => "", 
      'meta_keywords' => "", 
      'meta_robots' => "", 
      'image_src' => "", 
      'social_title' => "", 
      'social_description' => "", 
      'social_url' => "", 
      'aaaa' => $helper, 

      /* 'last_username' => $lastUsername, 
      'error'   => $error, */ 
     )); 
    } 
}

我不知道你使用的实体映射策略。注释还是xml? 拿上这个一看(从文件):

不要忘记存储库类添加到mapping definition of your entity

来源

2017-02-28 08:35:15

相关问题

 相关问题