Symfony 3.3.9中忽略了json_login [英] json_login ignored in Symfony 3.3.9

问题描述

我想使用新的json_login身份验证端点. 我有一个基本设置，我要检查表SITE中是否存在站点"用户. 似乎json_login身份验证器被完全忽略了. 未通过对/api/login的POST请求对用户进行身份验证. 看到错误了吗? 谢谢

I want to use the new json_login authentication endpoint. I have a basic setup where I want to check "site" users are present in table SITE. It seems that the json_login authenticator is totally ignored. The user is not authenticated through POST requests to /api/login. Do you see an error ? Thanks

security.yml

security.yml

providers:
    site:
        id: app.siteUserProvider

firewalls:
    # disables authentication for assets and the profiler, adapt it according to your needs
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false

    api:
        anonymous: ~
        provider: site
        pattern: ^/api/
        json_login:
            check_path: api_login

access_control:
- { path: ^/api/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/cache, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/, roles: ROLE_USER }
- { path: ^/, roles: ROLE_USER }

encoders:
    AppBundle\Security\User\SiteUserProvider: plaintext

services.yml

services.yml

services:
    app.siteUserProvider:
        class: AppBundle\Security\User\SiteUserProvider
        arguments: ["@service_container"]

SiteUser.php

SiteUser.php

<?php

namespace AppBundle\Security\User;

use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\EquatableInterface;
use AppBundle\Entity\Site;

class SiteUser implements UserInterface, EquatableInterface
{
    private $username;
    private $password;
    private $salt;
    private $roles;
    private $site;

    public function __construct(Site $site)
    {

        $this->username = $site->getSiteCode();
        $this->password = $site->getSiteCode();
        $this->salt = null;
        $this->roles = 'ROLE_USER';
        $this->site = $site;
    }

    public function getSite()
    {
        return $this->site;
    }

    public function getRoles()
    {
        return $this->roles;
    }

    public function getPassword()
    {
        return $this->password;
    }

    public function getSalt()
    {
        return $this->salt;
    }

    public function getUsername()
    {
        return $this->username;
    }

    public function eraseCredentials()
    {
    }

    public function isEqualTo(UserInterface $user)
    {
        if (!$user instanceof SiteUser) {
            return false;
        }

        if ($this->password !== $user->getPassword()) {
            return false;
        }

        if ($this->salt !== $user->getSalt()) {
            return false;
        }

        if ($this->username !== $user->getUsername()) {
            return false;
        }

        return true;
    }
}

SiteUserProvider.php

SiteUserProvider.php

<?php

namespace AppBundle\Security\User;

use AppBundle\Abstraction\TraitContainerRepositories;
use AppBundle\Security\User\SiteUser;
use Symfony\Component\DependencyInjection\ContainerAwareInterface;
use Symfony\Component\DependencyInjection\ContainerAwareTrait;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;

class SiteUserProvider implements UserProviderInterface, ContainerAwareInterface
{
    use ContainerAwareTrait;
    use TraitContainerRepositories;

    public function __construct($container)
    {
        $this->container = $container;
    }

    public function loadUserByUsername($username)
    {
        die("good !");
        $site = $this->_getSiteRepository()->findOneByCodeSite($username);
        if ($site !== null) {
            return new SiteUser($site);
        } else {
            throw new UsernameNotFoundException(sprintf('Username "%s" does not exist.', $username));
        }
    }

    public function refreshUser(UserInterface $user)
    {
        if (!$user instanceof SiteUser) {
            throw new UnsupportedUserException(
                sprintf('Instances of "%s" are not supported.', get_class($user))
            );
        }
        return $this->loadUserByUsername($user->getUsername());
    }

    public function supportsClass($class)
    {
        return SiteUser::class === $class;
    }
}

SecurityController.php

SecurityController.php

/**
 * @Route("/api/login", name="api_login")
 */
public function apiLoginAction(Request $request, UserInterface $user)
{
    // voir security.yml
    return $this->json(array('status' => 'authentication required'), 403);
}

推荐答案

请确保您的POST请求标头包含:

Please ensure that your POST request header contains:

Content-Type:application/json

否则，安全系统将不会拦截该请求，并且用户也不会获得用户身份验证.

Otherwise, the request will not be intercepted by the security system and the user will not get user authenticated.

这篇关于Symfony 3.3.9中忽略了json_login的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！