0

我正在使用 Symfony 2.7,但在登录用户时遇到了问题。我使用自定义实体,并使用适当的变量和方法创建了一个自定义实体“操作员”。我在安全文件中使用了两种登录方法。一个是in_memory,我将它用于正常工作的管理员登录,另一个是user_db. 我使用 bcrypt 算法来加密密码。当我尝试登录用户时,它会显示“无效凭据”消息。我究竟做错了什么?谢谢!

安全.yml

security:
    encoders:
        Symfony\Component\Security\Core\User\User: plaintext
        Application\AdminBundle\Entity\Operator:
            algorithm: bcrypt

providers:
        chain_provider:
            chain:
                providers: [ in_memory, user_db ]

user_db:
            entity:
                class: ApplicationAdminBundle:Operator
                property: username

安全控制器.php

<?php

namespace Application\AdminBundle\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;

class SecurityController extends Controller
{
/**
* @Route("/login", name="login")
*/
public function loginAction(Request $request)
{
    $authenticationUtils = $this->get('security.authentication_utils');

    $error = $authenticationUtils->getLastAuthenticationError();

    return $this->render('ApplicationAdminBundle:security:login.html.twig',
        array(
            'error'         => $error,
        )
    );
}

/**
* @Route("/login_check", name="login_check")
*/
public function loginCheckAction()
{
}

}

“操作员”实体和 setPassword()、getPassword() 方法

public function setPassword($password)
    {
        $this->password = password_hash ($password, PASSWORD_BCRYPT);

        return $this;
    }

    /**
     * Get password
     *
     * @return string 
     */
    public function getPassword()
    {
        return $this->password;
    }
4

2 回答 2

1

Probably you should not use password_hash you have to use symfony's encoder who knows how to handle the encryption of the password. Try to implement something like this in your code ( in register controller usually ) : http://symfony.com/doc/current/book/security.html#dynamically-encoding-a-password

Visit this page http://symfony.com/doc/current/book/security.html to fully understand how symfony2 security works.

于 2015-08-02T14:50:41.987 回答
0

Solution:

All I had done wrong was the database table because the I had set the password field as varchar(25) and the hashed password could not be fully inserted. I changed it to varchar(255) and everything is ok now. Every user can now login.

于 2016-04-11T16:28:03.173 回答