错误凭据-ajax登录-Symfony2/AngularJS/FosUserBundle
FosUserBundle可以与普通的web/app_dev.php/login配合使用。我通过以下方式实现了AuthenticationHandler: 我的Angular发送一个JSON请求:错误凭据-ajax登录-Symfony2/AngularJS/FosUserBundle,angularjs,symfony,csrf,Angularjs,Symfony,Csrf,FosUserBundle可以与普通的web/app_dev.php/login配合使用。我通过以下方式实现了AuthenticationHandler: 我的Angular发送一个JSON请求: _csrf_token: "uSRZfxMycFCLKbxD_d9kgp-7WhM5ECrFyP6vtHDOle0" _password: "welkom" _submit: "security.login.submit" _username: "erwin@eberhard.com" 与FOSUs
_csrf_token: "uSRZfxMycFCLKbxD_d9kgp-7WhM5ECrFyP6vtHDOle0"
_password: "welkom"
_submit: "security.login.submit"
_username: "erwin@eberhard.com"
与FOSUserBundle提供的“普通”登录表单相同的数据。CSRF令牌取自cookie:
_csrf_token = $cookies['XSRF-TOKEN'].
这与服务器端的令牌相同。它已由var_dump()检查。
在控制器中设置cookie:
$engine = $this->container->get('templating');
$content = $engine->render('ErwinEventManagerBundle:Default:index.html.twig', array('name' => "noname"));
$csrf = $this->get('form.csrf_provider')->generateCsrfToken('authenticate');
$response = new Response($content);
$cookie = new Cookie("XSRF-TOKEN", $csrf, time() + 3600 * 24 , '/', null, false, false);
$response->headers->setCookie($cookie);
return $this->render('ErwinEventManagerBundle:Default:index.html.twig', array('name' => "noname"));
答复是:
{"success":false,"message":"Invalid CSRF token."}
请求标头:
Accept:application/json
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8,nl;q=0.6
Authorization:null
Connection:keep-alive
Content-Length:153
Content-Type:application/json;charset=UTF-8
Cookie:XSRF-TOKEN=uSRZfxMycFCLKbxD_d9kgp-7WhM5ECrFyP6vtHDOle0;
PHPSESSID=o9dc41tglf9dkl07fv7pdjp545
Host:erwin.com
Origin:http://erwin.com
Referer:http://erwin.com/Symfony/web/app_dev.php/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/35.0.1916.153 Safari/537.36
X-Requested-With:XMLHttpRequest
X-XSRF-TOKEN:uSRZfxMycFCLKbxD_d9kgp-7WhM5ECrFyP6vtHDOle0
My config.yml包含:
framework:
# #esi: ~
# #translator: { fallback: "%locale%" }
secret: "%secret%"
router:
resource: "%kernel.root_dir%/config/routing.yml"
strict_requirements: ~
form: ~
csrf_protection: ~
validation: { enable_annotations: true }
templating:
engines: ['twig']
#assets_version: SomeVersionScheme
packages:
jquery:
base_urls:
# http: [http://my.cdn.url]
ssl: [ https://code.jquery.com ]
http: [ http://code.jquery.com ]
angular:
base_urls:
http: [ http://ajax.googleapis.com/ajax/libs/angularjs/1.2.16 ]
http: [ https://ajax.googleapis.com/ajax/libs/angularjs/1.2.16 ]
default_locale: "%locale%"
trusted_hosts: ~
trusted_proxies: ~
session:
# handler_id set to null will use default session handler from php.ini
handler_id: ~
fragments: ~
http_method_override: true
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
# id: fos_user.user_provider.username
id: fos_user.user_provider.username_email
firewalls:
main:
pattern: ^/
form_login:
# check_path: security_check_route
success_handler: erwin_security.authentication_handler
failure_handler: erwin_security.authentication_handler
csrf_provider: form.csrf_provider
logout: true
anonymous: true
My security.yml包含:
framework:
# #esi: ~
# #translator: { fallback: "%locale%" }
secret: "%secret%"
router:
resource: "%kernel.root_dir%/config/routing.yml"
strict_requirements: ~
form: ~
csrf_protection: ~
validation: { enable_annotations: true }
templating:
engines: ['twig']
#assets_version: SomeVersionScheme
packages:
jquery:
base_urls:
# http: [http://my.cdn.url]
ssl: [ https://code.jquery.com ]
http: [ http://code.jquery.com ]
angular:
base_urls:
http: [ http://ajax.googleapis.com/ajax/libs/angularjs/1.2.16 ]
http: [ https://ajax.googleapis.com/ajax/libs/angularjs/1.2.16 ]
default_locale: "%locale%"
trusted_hosts: ~
trusted_proxies: ~
session:
# handler_id set to null will use default session handler from php.ini
handler_id: ~
fragments: ~
http_method_override: true
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
# id: fos_user.user_provider.username
id: fos_user.user_provider.username_email
firewalls:
main:
pattern: ^/
form_login:
# check_path: security_check_route
success_handler: erwin_security.authentication_handler
failure_handler: erwin_security.authentication_handler
csrf_provider: form.csrf_provider
logout: true
anonymous: true
编辑删除CSRF后,我收到了错误的凭据反馈。Ik在我的页面中添加表单两次。“正常”版本工作正常,而ajax版本工作正常。我希望这会有所帮助。
我也有同样的问题,但与
“正常”表单工作正常,ajax版本则不然。(表单已发布到检查路径)
我所做的: 解决方案1: 我安装了一个Symfony 2事件侦听器,用于解码JSON编码的请求内容 解决方案2:(不好,不要这样做,这是为了调试!-)我修改了这个symfony侦听器:symfony\Component\Security\Http\Firewall\UsernamePasswordFormAuthenticationListener 像这样:
protected function attemptAuthentication(Request $request) {
// ...
if ($request->isXmlHttpRequest()) {
$request->request->replace(json_decode($request->getContent(), true));
}
// ...
}
在AngularJS中添加:$http.post('path',凭证,{headers:{'X-request-with':'XMLHttpRequest'}}…