AuthenticationException 即使我有合适的用户
AuthenticationException even though i got the appropriate user
这个问题是这个问题的下一部分:
在 Dylan 的几次修复和帮助之后,我设法从这段代码中得到了
public function getUser($credentials, UserProviderInterface $userProvider)
{
try {
$credentials = str_replace('Bearer ', '', $credentials);
$jwt = (array) JWT::decode(
$credentials,
$this->params->get('jwt_secret'),
['HS256']
);
dump($jwt['user']);
dump($this->em
->getRepository(User::class)//TODO Fix here
->findOneBy(['email' => $jwt['email']]));
return $this->em
->getRepository(User::class)//TODO Fix here
->findOneBy(['username' => $jwt['user']]);
}catch (\Exception $exception) {
throw new AuthenticationException($exception->getMessage());
}
}
倾销 jwt['user'] 和整个 return 我得到了这个:
Return from postman
如您所见,我的两个转储均有效,但仍然出现错误 xd。任何 clues/ideas 为什么?
编辑 1:
security.yaml:
security:
encoders:
App\Entity\User: bcrypt
enable_authenticator_manager: true
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
providers:
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/api
stateless: true
provider: app_user_provider
guard:
authenticators:
- App\Security\JwtAuthenticator
编辑2 JwtAuthenticator.php :
namespace App\Security;
use App\Entity\User;
use App\Repository\UserRepository;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Component\DependencyInjection\ParameterBag\ContainerBagInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
use Firebase\JWT\JWT;
use Symfony\Component\HttpFoundation\JsonResponse;
class JwtAuthenticator extends AbstractGuardAuthenticator
{
private $em;
private $params;
public function __construct(EntityManagerInterface $em, ContainerBagInterface $params)
{
$this->em = $em;
$this->params = $params;
}
public function supports(Request $request)
{
return $request->headers->has('Authorization');
}
public function getCredentials(Request $request)
{
return $request->headers->get('Authorization');
}
public function getUser($credentials, UserProviderInterface $userProvider)
{
try {
$credentials = str_replace('Bearer ', '', $credentials);
$jwt = (array) JWT::decode(
$credentials,
$this->params->get('jwt_secret'),
['HS256']
);
dump($jwt['user']);
dump($this->em
->getRepository(User::class)
->findOneBy(['email' => $jwt['email']]));
return $this->em
->getRepository(User::class)
->findOneBy(['username' => $jwt['user']]);
}catch (\Exception $exception) {
throw new AuthenticationException($exception->getMessage());
}
}
public function checkCredentials($credentials, UserInterface $user)
{
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
return new JsonResponse([
'message' => $exception->getMessage()
], Response::HTTP_UNAUTHORIZED);
}
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey)
{
return;
}
public function supportsRememberMe()
{
return false;
}
public function start(Request $request, AuthenticationException $authException = null)
{
$data = [
'message' => 'Authentication Required'
];
return new JsonResponse($data, Response::HTTP_UNAUTHORIZED);
}
}
这个错误似乎很容易理解。
CheckCredentials 应该 return 为真,连接才有效。
您可能需要检查是否找到 $user。但我相信只写 return true 会起作用,因为如果找不到用户,之前会抛出异常。
例如:
public function checkCredentials($credentials, UserInterface $user)
{
if ($user instanceof User){
return true;
}
return false;
}
类似的是done here。
这个问题是这个问题的下一部分:
在 Dylan 的几次修复和帮助之后,我设法从这段代码中得到了
public function getUser($credentials, UserProviderInterface $userProvider)
{
try {
$credentials = str_replace('Bearer ', '', $credentials);
$jwt = (array) JWT::decode(
$credentials,
$this->params->get('jwt_secret'),
['HS256']
);
dump($jwt['user']);
dump($this->em
->getRepository(User::class)//TODO Fix here
->findOneBy(['email' => $jwt['email']]));
return $this->em
->getRepository(User::class)//TODO Fix here
->findOneBy(['username' => $jwt['user']]);
}catch (\Exception $exception) {
throw new AuthenticationException($exception->getMessage());
}
}
倾销 jwt['user'] 和整个 return 我得到了这个:
Return from postman
如您所见,我的两个转储均有效,但仍然出现错误 xd。任何 clues/ideas 为什么?
编辑 1: security.yaml:
security:
encoders:
App\Entity\User: bcrypt
enable_authenticator_manager: true
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
providers:
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/api
stateless: true
provider: app_user_provider
guard:
authenticators:
- App\Security\JwtAuthenticator
编辑2 JwtAuthenticator.php :
namespace App\Security;
use App\Entity\User;
use App\Repository\UserRepository;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Component\DependencyInjection\ParameterBag\ContainerBagInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
use Firebase\JWT\JWT;
use Symfony\Component\HttpFoundation\JsonResponse;
class JwtAuthenticator extends AbstractGuardAuthenticator
{
private $em;
private $params;
public function __construct(EntityManagerInterface $em, ContainerBagInterface $params)
{
$this->em = $em;
$this->params = $params;
}
public function supports(Request $request)
{
return $request->headers->has('Authorization');
}
public function getCredentials(Request $request)
{
return $request->headers->get('Authorization');
}
public function getUser($credentials, UserProviderInterface $userProvider)
{
try {
$credentials = str_replace('Bearer ', '', $credentials);
$jwt = (array) JWT::decode(
$credentials,
$this->params->get('jwt_secret'),
['HS256']
);
dump($jwt['user']);
dump($this->em
->getRepository(User::class)
->findOneBy(['email' => $jwt['email']]));
return $this->em
->getRepository(User::class)
->findOneBy(['username' => $jwt['user']]);
}catch (\Exception $exception) {
throw new AuthenticationException($exception->getMessage());
}
}
public function checkCredentials($credentials, UserInterface $user)
{
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
return new JsonResponse([
'message' => $exception->getMessage()
], Response::HTTP_UNAUTHORIZED);
}
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey)
{
return;
}
public function supportsRememberMe()
{
return false;
}
public function start(Request $request, AuthenticationException $authException = null)
{
$data = [
'message' => 'Authentication Required'
];
return new JsonResponse($data, Response::HTTP_UNAUTHORIZED);
}
}
这个错误似乎很容易理解。
CheckCredentials 应该 return 为真,连接才有效。
您可能需要检查是否找到 $user。但我相信只写 return true 会起作用,因为如果找不到用户,之前会抛出异常。
例如:
public function checkCredentials($credentials, UserInterface $user)
{
if ($user instanceof User){
return true;
}
return false;
}
类似的是done here。