Fatal编程技术网
  • angularjs/
  • 错误凭据-ajax登录-Symfony2/AngularJS/FosUserBundle

错误凭据-ajax登录-Symfony2/AngularJS/FosUserBundle

angularjs symfony

错误凭据-ajax登录-Symfony2/AngularJS/FosUserBundle,angularjs,symfony,csrf,Angularjs,Symfony,Csrf,FosUserBundle可以与普通的web/app_dev.php/login配合使用。我通过以下方式实现了AuthenticationHandler: 我的Angular发送一个JSON请求: _csrf_token: "uSRZfxMycFCLKbxD_d9kgp-7WhM5ECrFyP6vtHDOle0" _password: "welkom" _submit: "security.login.submit" _username: "erwin@eberhard.com" 与FOSUs

FosUserBundle可以与普通的web/app_dev.php/login配合使用。我通过以下方式实现了AuthenticationHandler:

我的Angular发送一个JSON请求:

_csrf_token: "uSRZfxMycFCLKbxD_d9kgp-7WhM5ECrFyP6vtHDOle0"
_password: "welkom"
_submit: "security.login.submit"
_username: "erwin@eberhard.com"
与FOSUserBundle提供的“普通”登录表单相同的数据。CSRF令牌取自cookie:

_csrf_token = $cookies['XSRF-TOKEN'].
这与服务器端的令牌相同。它已由var_dump()检查。 在控制器中设置cookie:

    $engine = $this->container->get('templating');
    $content = $engine->render('ErwinEventManagerBundle:Default:index.html.twig', array('name' => "noname"));
    $csrf = $this->get('form.csrf_provider')->generateCsrfToken('authenticate');
    $response = new Response($content);
    $cookie = new Cookie("XSRF-TOKEN", $csrf, time() + 3600 * 24 , '/', null, false, false);
    $response->headers->setCookie($cookie);
    return $this->render('ErwinEventManagerBundle:Default:index.html.twig', array('name' => "noname"));
答复是:

 {"success":false,"message":"Invalid CSRF token."}
请求标头:

Accept:application/json  
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8,nl;q=0.6
Authorization:null
Connection:keep-alive
Content-Length:153
Content-Type:application/json;charset=UTF-8
Cookie:XSRF-TOKEN=uSRZfxMycFCLKbxD_d9kgp-7WhM5ECrFyP6vtHDOle0;  
PHPSESSID=o9dc41tglf9dkl07fv7pdjp545
Host:erwin.com
Origin:http://erwin.com
Referer:http://erwin.com/Symfony/web/app_dev.php/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)   
Chrome/35.0.1916.153 Safari/537.36
X-Requested-With:XMLHttpRequest
X-XSRF-TOKEN:uSRZfxMycFCLKbxD_d9kgp-7WhM5ECrFyP6vtHDOle0
My config.yml包含:

framework:
#    #esi:             ~
#    #translator:      { fallback: "%locale%" }
    secret:          "%secret%"
router:
    resource: "%kernel.root_dir%/config/routing.yml"
    strict_requirements: ~
form:            ~
csrf_protection: ~
validation:      { enable_annotations: true }
templating:
    engines: ['twig']
    #assets_version: SomeVersionScheme
    packages:
      jquery:
        base_urls:
#          http: [http://my.cdn.url]
          ssl: [ https://code.jquery.com ]
          http: [ http://code.jquery.com ]
      angular:
        base_urls:
          http: [ http://ajax.googleapis.com/ajax/libs/angularjs/1.2.16 ]
          http: [ https://ajax.googleapis.com/ajax/libs/angularjs/1.2.16 ]
default_locale:  "%locale%"
trusted_hosts:   ~
trusted_proxies: ~
session:
    # handler_id set to null will use default session handler from php.ini
    handler_id:  ~
fragments:       ~
http_method_override: true

encoders:
    FOS\UserBundle\Model\UserInterface: sha512

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: ROLE_ADMIN

providers:
    fos_userbundle:
#            id: fos_user.user_provider.username
        id: fos_user.user_provider.username_email

firewalls:
    main:
        pattern: ^/
        form_login:
#                check_path:      security_check_route
            success_handler: erwin_security.authentication_handler
            failure_handler: erwin_security.authentication_handler
            csrf_provider: form.csrf_provider
        logout:       true
        anonymous:    true
My security.yml包含:

framework:
#    #esi:             ~
#    #translator:      { fallback: "%locale%" }
    secret:          "%secret%"
router:
    resource: "%kernel.root_dir%/config/routing.yml"
    strict_requirements: ~
form:            ~
csrf_protection: ~
validation:      { enable_annotations: true }
templating:
    engines: ['twig']
    #assets_version: SomeVersionScheme
    packages:
      jquery:
        base_urls:
#          http: [http://my.cdn.url]
          ssl: [ https://code.jquery.com ]
          http: [ http://code.jquery.com ]
      angular:
        base_urls:
          http: [ http://ajax.googleapis.com/ajax/libs/angularjs/1.2.16 ]
          http: [ https://ajax.googleapis.com/ajax/libs/angularjs/1.2.16 ]
default_locale:  "%locale%"
trusted_hosts:   ~
trusted_proxies: ~
session:
    # handler_id set to null will use default session handler from php.ini
    handler_id:  ~
fragments:       ~
http_method_override: true

encoders:
    FOS\UserBundle\Model\UserInterface: sha512

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: ROLE_ADMIN

providers:
    fos_userbundle:
#            id: fos_user.user_provider.username
        id: fos_user.user_provider.username_email

firewalls:
    main:
        pattern: ^/
        form_login:
#                check_path:      security_check_route
            success_handler: erwin_security.authentication_handler
            failure_handler: erwin_security.authentication_handler
            csrf_provider: form.csrf_provider
        logout:       true
        anonymous:    true
编辑
删除CSRF后,我收到了错误的凭据反馈。Ik在我的页面中添加表单两次。“正常”版本工作正常,而ajax版本工作正常。我希望这会有所帮助。
我也有同样的问题,但与
“正常”表单工作正常,ajax版本则不然。(表单已发布到检查路径)
我所做的:

解决方案1: 我安装了一个Symfony 2事件侦听器,用于解码JSON编码的请求内容

解决方案2:(不好,不要这样做,这是为了调试!-)我修改了这个symfony侦听器:symfony\Component\Security\Http\Firewall\UsernamePasswordFormAuthenticationListener 像这样:

    protected function attemptAuthentication(Request $request) {

   // ...
    if ($request->isXmlHttpRequest()) {
        $request->request->replace(json_decode($request->getContent(), true));
    }
  // ...

  }
在AngularJS中添加:
$http.post('path',凭证,{headers:{'X-request-with':'XMLHttpRequest'}}…