2

尝试登录时,Symfony2 告诉我我提供了错误的凭据。第二次尝试有效。任何想法为什么会发生这种情况?要重现该行为,我必须注销、清除 cookie、再次进入登录页面并再次登录。

我正在使用 FOSUserBundle。

配置.yml:

framework:
#esi:             ~
secret:          asdfsadfasdf
#translator:      { fallback: en }
charset:         UTF-8
router:          { resource: "%kernel.root_dir%/config/routing.yml" }
form:            true
csrf_protection: true
validation:      { enable_annotations: true }
templating:      { engines: ['twig'], assets_version: v1.2 } #assets_version: SomeVersionScheme
translator:      { fallback: de }

session:    
    default_locale:  de
    auto_start:     false
    lifetime:       1000000
...

安全性.yml:

security:
encoders:
    Symfony\Component\Security\Core\User\User: plaintext

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]


providers:
    fos_userbundle:
        id: fos_user.user_manager

firewalls:
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false
    login:
        pattern:  ^/login$
        security: false

    public:
        pattern:   ^/.*
        form_login:
            provider: fos_userbundle
            check_path: /login_check
            remember_me: true
        remember_me:
            key:      aaasfasdfasdfsadfsadf
            lifetime: 1296000 #15 days in second
            path:     /
        anonymous: true
        logout: true


access_control:
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY}
    - { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY}
    #- { path: ^/_internal, roles: IS_AUTHENTICATED_ANONYMOUSLY, ip: 127.0.0.1 }
    - { path: ^/events/create, roles: ROLE_USER }
    #...
acl:
    connection: default

路由.yml:

_imagine:
    resource: .
    type:     imagine

_index:
    resource: "@AjadoEventHubBundle/Controller/IndexController.php"
    type:     annotation

fos_comment_api:
    type: rest
    resource: "@FOSCommentBundle/Resources/config/routing.yml"
    prefix: /api

fos_user_security:
    resource: "@FOSUserBundle/Resources/config/routing/security.xml"
...

@FOSUserBundle/Resources/config/routing/security.xml: 

<routes xmlns="http://symfony.com/schema/routing"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://symfony.com/schema/routing http://symfony.com/schema/routing/routing-1.0.xsd">

    <route id="fos_user_security_login" pattern="/login">
        <default key="_controller">FOSUserBundle:Security:login</default>
    </route>

    <route id="fos_user_security_check" pattern="/login_check">
        <default key="_controller">FOSUserBundle:Security:check</default>
    </route>

    <route id="fos_user_security_logout" pattern="/logout">
        <default key="_controller">FOSUserBundle:Security:logout</default>
    </route>

</routes>
4

4 回答 4

2

在我看来,这是您启用匿名身份验证时的预期行为:

  • 您请求您的应用程序 url,而没有被记录 => 使用您的会话 ID 创建会话 cookie
  • 创建匿名令牌
  • 你清除 cookie => 没有更多的会话 id 来识别你
  • 下一个请求,没有令牌附加到您的登录请求...
于 2012-04-27T14:08:55.823 回答
1

我不熟悉 symfony,但是,当身份验证检查寻找有效的 cookie 时,我遇到了同样的问题,但是 cookie 是在检查之后创建的——因此导致它第二次通过,而不是第一次。

于 2012-04-30T03:10:41.443 回答
1

默认情况下,Symfony 要求在提交表单之前必须存在会话

从文档

# by default, a session must exist before submitting an authentication request
# if false, then Request::hasPreviousSession is not called during authentication
# new in Symfony 2.3

为了克服这个问题,您可以在“security.yml”中将“require_previous_session”(默认为true)设置为false,就像在“form_login”下一样:require_previous_session:false

您可以在以下链接SecurityBundle Configuration ("security")中的 Symfony 文档中阅读有关它的更多信息

于 2015-04-30T12:41:30.070 回答
0
于 2017-06-30T16:45:01.417 回答