Php 成功身份验证后,未对令牌进行身份验证
我是Symfony 3.2的新手。我需要实现表单身份验证。用户从数据库获取数据。在身份验证成功后Php 成功身份验证后,未对令牌进行身份验证,php,symfony,php-7,symfony-3.2,symfony-security,Php,Symfony,Php 7,Symfony 3.2,Symfony Security,我是Symfony 3.2的新手。我需要实现表单身份验证。用户从数据库获取数据。在身份验证成功后post到/login事件激发,但令牌仍然未经身份验证: 我做错了什么? security.yml User.php 安全日志 [2017-05-26 09:38:03]security.DEBUG:从会话读取现有安全令牌。{“key”:“\u security\u main”}[] [2017-05-26 09:38:03]security.DEBUG:用户已从用户提供程序重新加载。{“use
post/login事件激发,但令牌仍然未经身份验证:
我做错了什么?
security.yml
User.php
安全日志
[2017-05-26 09:38:03]security.DEBUG:从会话读取现有安全令牌。{“key”:“\u security\u main”}[]
[2017-05-26 09:38:03]security.DEBUG:用户已从用户提供程序重新加载。{“username”:“..@mail.ru”,“provider”:“Symfony\\Bridge\\doctor\\Security\\User\\EntityUserProvider”}[]
[2017-05-26 09:38:03]security.DEBUG:检查警卫身份验证凭据。{“防火墙密钥”:“主”、“身份验证器”:1}[]
[2017-05-26 09:38:03]security.DEBUG:在guard configurator上调用getCredentials()。{“防火墙密钥”:“主”、“身份验证程序”:“AppBundle\\Security\\DvmAuthenticator”}[]
[2017-05-26 09:38:03]security.DEBUG:将保护令牌信息传递给GuardAuthenticationProvider{“firewall_key”:“main”,“authenticator”:“AppBundle\\security\\DvmAuthenticator”}[]
[2017-05-26 09:38:03]security.INFO:Guard身份验证成功!{“token”:“[object](Symfony\\Component\\Security\\Guard\\token\\PostAuthenticationGuardToken:PostAuthenticationGuardToken(user=\”…@mail.ru\”,authenticated=true,roles=\“ROLE\u DEVELOPER\”,“authenticator”:“AppBundle\\Security\\DvmAuthenticator”}[]
[2017-05-26 09:38:03]security.DEBUG:防护身份验证程序设置成功响应。{“response:“[object](Symfony\\Component\\HttpFoundation\\RedirectResponse:HTTP/1.0 302已找到\r\n缓存控制:无缓存,专用\r\n日期:2017年5月25日星期四23:38:03 GMT\r\n位置:/\r\n\r\n\n\n\n重定向到/\n\n\n重定向到“,“身份验证程序”:“AppBundle\\Security\\DvmAuthenticator”}[]
[2017-05-26 09:38:03]security.DEBUG:记住我跳过了:它没有为防火墙配置。{“authenticator”:“AppBundle\\security\\DvmAuthenticator”}[]
[2017-05-26 09:38:03]security.DEBUG:AppBundle\security\DvmAuthenticator身份验证器设置响应。以后的任何身份验证器都不会被称为{“authenticator”:“AppBundle\\security\\DvmAuthenticator”}[]
[2017-05-26 09:38:03]security.DEBUG:将安全令牌存储在会话中。{“key”:“\u security\u main”}[]
[2017-05-26 09:38:04]security.DEBUG:从会话读取现有安全令牌。{“key”:“\u security\u main”}[]
[2017-05-26 09:38:04]security.DEBUG:用户已从用户提供程序重新加载。{“用户名”:“..@mail.ru”,“提供程序”:“Symfony\\Bridge\\doctor\\security\\User\\EntityUserProvider”}[]
[2017-05-26 09:38:04]security.DEBUG:检查防护身份验证凭据。{“防火墙\密钥”:“主”、“身份验证程序”:1}[]
[2017-05-26 09:38:04]security.DEBUG:在guard configurator上调用getCredentials()。{“防火墙\密钥”:“主”、“身份验证程序”:“AppBundle\\security\\DvmAuthenticator”}[]
[2017-05-26 09:38:04]security.DEBUG:将安全令牌存储在会话中。{“key”:“\u security\u main”}[]
[2017-05-26 09:41:56]security.DEBUG:从会话读取现有安全令牌。{“key”:“\u security\u main”}[]
onAuthenticationSuccess只返回null
请继续阅读本教程:我想这个函数会造成身份验证问题,因为在您的情况下返回false
public function isEqualTo(UserInterface $user) {
return $this->getUsername() === $user->getUsername()
&& $this->getPassword() === $user->getPassword();
}
请尝试只比较id
public function isEqualTo(UserInterface $user)
{
return $this->id === $user->getId();
}
您不需要$token->setAuthenticated(true);
中的onAuthenticationSuccess
(此处的用户已通过身份验证,并且该令牌由Symfony进行了身份验证)。相反,您应该返回重定向响应(例如返回主页或用户仪表板,或者返回您想要的任何位置)@gp_sflover,thx,但这并不是失败的原因,我已经尝试过了。我一开始就做了本教程中的所有事情,但都不起作用。这段代码是我进一步的体验。
class Authenticator extends AbstractGuardAuthenticator {
public function getCredentials(Request $request) {
if ($request->getPathInfo() != '/login' || !$request->isMethod('POST')) return null;
return ['u' => $request->get('_username'), 'p' => $request->get('_password')];
}
public function getUser($credentials, UserProviderInterface $userProvider) {
if (!$credentials['u']) return null;
return $userProvider->loadUserByUsername($credentials['u']);
}
public function checkCredentials($credentials, UserInterface $user) {
if (!password_verify($credentials['p'], $user->getPassword())) {
dump([$credentials['p'], $user->getPassword()], password_verify($credentials['p'], $user->getPassword()));
die;
}
if (!$credentials['p']) return null;
return password_verify($credentials['p'], $user->getPassword());
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception) {
dump(__FUNCTION__);
}
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) {
dump(__FUNCTION__);
$token->setAuthenticated(true);
}
public function supportsRememberMe() {
return false;
}
public function start(Request $request, AuthenticationException $authException = null) {
return new RedirectResponse('/login');
}
}
[2017-05-26 09:38:03] security.DEBUG: Read existing security token from the session. {"key":"_security_main"} []
[2017-05-26 09:38:03] security.DEBUG: User was reloaded from a user provider. {"username":"...@mail.ru","provider":"Symfony\\Bridge\\Doctrine\\Security\\User\\EntityUserProvider"} []
[2017-05-26 09:38:03] security.DEBUG: Checking for guard authentication credentials. {"firewall_key":"main","authenticators":1} []
[2017-05-26 09:38:03] security.DEBUG: Calling getCredentials() on guard configurator. {"firewall_key":"main","authenticator":"AppBundle\\Security\\DvmAuthenticator"} []
[2017-05-26 09:38:03] security.DEBUG: Passing guard token information to the GuardAuthenticationProvider {"firewall_key":"main","authenticator":"AppBundle\\Security\\DvmAuthenticator"} []
[2017-05-26 09:38:03] security.INFO: Guard authentication successful! {"token":"[object] (Symfony\\Component\\Security\\Guard\\Token\\PostAuthenticationGuardToken: PostAuthenticationGuardToken(user=\"....@mail.ru\", authenticated=true, roles=\"ROLE_DEVELOPER\"))","authenticator":"AppBundle\\Security\\DvmAuthenticator"} []
[2017-05-26 09:38:03] security.DEBUG: Guard authenticator set success response. {"response":"[object] (Symfony\\Component\\HttpFoundation\\RedirectResponse: HTTP/1.0 302 Found\r\nCache-Control: no-cache, private\r\nDate: Thu, 25 May 2017 23:38:03 GMT\r\nLocation: /\r\n\r\n<!DOCTYPE html>\n<html>\n <head>\n <meta charset=\"UTF-8\" />\n <meta http-equiv=\"refresh\" content=\"1;url=/\" />\n\n <title>Redirecting to /</title>\n </head>\n <body>\n Redirecting to <a href=\"/\">/</a>.\n </body>\n</html>)","authenticator":"AppBundle\\Security\\DvmAuthenticator"} []
[2017-05-26 09:38:03] security.DEBUG: Remember me skipped: it is not configured for the firewall. {"authenticator":"AppBundle\\Security\\DvmAuthenticator"} []
[2017-05-26 09:38:03] security.DEBUG: The "AppBundle\Security\DvmAuthenticator" authenticator set the response. Any later authenticator will not be called {"authenticator":"AppBundle\\Security\\DvmAuthenticator"} []
[2017-05-26 09:38:03] security.DEBUG: Stored the security token in the session. {"key":"_security_main"} []
[2017-05-26 09:38:04] security.DEBUG: Read existing security token from the session. {"key":"_security_main"} []
[2017-05-26 09:38:04] security.DEBUG: User was reloaded from a user provider. {"username":"...@mail.ru","provider":"Symfony\\Bridge\\Doctrine\\Security\\User\\EntityUserProvider"} []
[2017-05-26 09:38:04] security.DEBUG: Checking for guard authentication credentials. {"firewall_key":"main","authenticators":1} []
[2017-05-26 09:38:04] security.DEBUG: Calling getCredentials() on guard configurator. {"firewall_key":"main","authenticator":"AppBundle\\Security\\DvmAuthenticator"} []
[2017-05-26 09:38:04] security.DEBUG: Stored the security token in the session. {"key":"_security_main"} []
[2017-05-26 09:41:56] security.DEBUG: Read existing security token from the session. {"key":"_security_main"} []
public function isEqualTo(UserInterface $user) {
return $this->getUsername() === $user->getUsername()
&& $this->getPassword() === $user->getPassword();
}
public function isEqualTo(UserInterface $user)
{
return $this->id === $user->getId();
}