Php Symfony2登录SHA512-错误凭据
我已经阅读了关于这个问题的每一篇文章,但是我仍然找不到我的bug。我正在尝试使用sha512登录。我认为密码编码不正确,我已经检查过了。我使用的密码是“asdf”,生成的salt是“fe739a9eafaff0a5b5091d51e1642a34”,存储在数据库中的密码是“HzK/fsfjjlquaguhxbzqapt8cjq0/05pt5zcYoSM4d7Dxd/WDBiJYXIMmFF70I+”。这是我的问题吗?我简直无法摆脱那该死的“坏证书”的事情。我的代码在下面 security.ymlPhp Symfony2登录SHA512-错误凭据,php,authentication,symfony,doctrine-orm,Php,Authentication,Symfony,Doctrine Orm,我已经阅读了关于这个问题的每一篇文章,但是我仍然找不到我的bug。我正在尝试使用sha512登录。我认为密码编码不正确,我已经检查过了。我使用的密码是“asdf”,生成的salt是“fe739a9eafaff0a5b5091d51e1642a34”,存储在数据库中的密码是“HzK/fsfjjlquaguhxbzqapt8cjq0/05pt5zcYoSM4d7Dxd/WDBiJYXIMmFF70I+”。这是我的问题吗?我简直无法摆脱那该死的“坏证书”的事情。我的代码在下面 security.yml
security:
encoders:
MyBundle\MainBundle\Entity\SystemUser:
algorithm: sha512
iterations: 1
role_hierarchy:
ROLE_STUDENT:
ROLE_GUARDIAN:
ROLE_TEACHER:
ROLE_SCHOOL_ADMIN: ROLE_STUDENT, ROLE_GUARDIAN
ROLE_ADMIN: ROLE_SCHOOL_ADMIN, ROLE_STUDENT, ROLE_GUARDIAN
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
users:
entity: { class: MyBundleMainBundle:SystemUser }
firewalls:
secured_area:
pattern: ^/
anonymous: ~
form_login:
login_path: login
check_path: login_check
csrf_provider: form.csrf_provider
csrf_parameter: _csrf_token
always_use_default_target_path: true
default_target_path: /dashboard
logout: true
anonymous: true
然后是我的SystemUser类(很抱歉,它太长了,只想在这里更全面)
我的SystemUserRepository
class SystemUserRepository extends EntityRepository implements UserProviderInterface
{
public function loadUserByUsername($username)
{
$query = $this->createQueryBuilder('su')
->select('su, sr') //SystemUser, SystemRoles
->leftJoin('su.roles', 'sr')
->where('su.username = :username OR su.email = :email')
->setParameter('username', $username)
->setParameter('email', $username)
->getQuery();
try {
$user = $query->getSingleResult();
} catch (NoResultException $e) {
$message = 'Unable to find user \'' . $username . '\'';
throw new UsernameNotFoundException($message, 0, $e);
}
return $user;
}
public function refreshUser(UserInterface $user)
{
$class = get_class($user);
if (!$this->supportsClass($class)) {
throw new UnsupportedUserException(
'Instances of \'' . $class . '\' are not supported'
);
}
return $this->find($user->getId());
}
public function supportsClass($class)
{
return $this->getEntityName() === $class
|| is_subclass_of($class, $this->getEntityName());
}
}
最后是我的登录
public function loginAction() {
$request = $this->getRequest();
$session = $request->getSession();
if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
$error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR);
} else {
$error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
$session->remove(SecurityContext::AUTHENTICATION_ERROR);
}
return $this->render(
'MyBundleMainBundle:Security:login.html.twig',
array(
'last_username' => $session->get(SecurityContext::LAST_USERNAME),
'error' => $error,
'csrf_token' => $this->container->get('form.csrf_provider')->generateCsrfToken('authenticate'),
)
);
}
哦,如果有什么影响的话,我的注册管理员
public function createUserAction(Request $request) {
$entityManager = $this->getDoctrine()->getManager();
$form = $this->createForm('user_registration', new Registration());
$form->handleRequest($request);
if ($form->isValid()) {
$registration = $form->getData();
//Handle encoding here...
$encoderFactory = $this->get('security.encoder_factory');
$encoder = $encoderFactory->getEncoder($registration->getUser());
$password = $encoder->encodePassword($registration->getUser()->getPassword(), $registration->getUser()->getSalt());
$registration->getUser()->setPassword($password);
$entityManager->persist($registration->getUser());
$entityManager->flush();
return $this->redirect($this->generateUrl('dashboard_homepage'));
}
return $this->render(
'MyBundleMainBundle:Security:registration.html.twig',
array(
'form' => $form->createView()
)
);
}
抱歉发了这么长的帖子,希望有人能帮我!非常感谢 更改SystemUser类中的以下代码:
/**
* @var string
*
* @ORM\Column(type="string", length=64)
*/
protected $password;
到
在遵循symfony.com上的指南之后,我偶然发现了与您相同的问题。通过比较哈希密码在持久化到数据库之前和之后的结果,我可以看到哈希密码的长度是88个字符,因此在持久化到数据库之后,它被截断为64个字符
FOSUserBundle在其密码字段中也使用了255长度,因此我认为这是一个合法的更改
我猜你已经解决了这个问题,因为你刚刚发布了这个问题,但我想我会帮助其他人,就像我一样,带着同样的问题来到这里。不,从来没有解决过实际问题,我只是继续,并将它保留在md5上,这实际上是有效的。谢谢你的回答,不过,将尝试在我的下一个项目。肯定会将此标记为已接受!
/**
* @var string
*
* @ORM\Column(type="string", length=64)
*/
protected $password;
/**
* @var string
*
* @ORM\Column(type="string", length=255)
*/
protected $password;