Failed authentication in silex SecurityServiceProvider

1
votes

I'm trying to place the admin part of a webpage under authentication I've managed to configure a user and password but when I login with the user and respective password the login fails. How can I debug this? What can be the problem?

$app['security.encoder.digest'] = function ($app) {
    // uses the password-compat encryption
    return new BCryptPasswordEncoder(10);
};


$app['security.encoder_factory'] = function ($app) {
    return new EncoderFactory(
        array(
            'Symfony\Component\Security\Core\User\UserInterface' => $app['security.encoder.digest']
        )
    );
};

$app->register(new Silex\Provider\SecurityServiceProvider(), array(   
    'security.firewalls' => array(
        'admin' => array(
            'pattern' => '^/admin',
            'http'  => true,
            'users' => function () use ($app) {
                $dbs = new \FMP\Service\DbService($app);
                return new UserProvider($dbs->getDb(), $app['form.factory']);
            }
        )
    )
));

I set the user password using this:

 $encoder = $encoderFactory->getEncoder($user);

 // compute the encoded password for foo
 $password = $encoder->encodePassword($user->getPassword(), $user->getSalt());

Logs:

[2016-11-24 15:41:51] app.DEBUG: initialized users system [] [] [2016-11-24 15:41:51] app.INFO: Matched route "{route}". {"route":"GET_admin_users","route_parameters":{"_controller":"[object] (Closure: {})","_route":"GET_admin_users"},"request_uri":"http://dev.fmp2/admin/users","method":"GET"} [] [2016-11-24 15:41:51] app.INFO: An AuthenticationException was thrown; redirecting to authentication entry point. {"exception":"[object] (Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException(code: 0): A Token was not found in the TokenStorage. at /home/andref/workspace/fmpsite2/vendor/symfony/security/Http/Firewall/AccessListener.php:53)"} [] [2016-11-24 15:41:51] app.DEBUG: Calling Authentication entry point. [] [] [2016-11-24 15:41:51] app.DEBUG: < 401 [] []

1
phpsilex
How did you set the password for the user? Have you tried using the plain text encoder?mTorres
Going to try itAndy
Even with the PlaintextPasswordEncoder() I can't authenticate. I tried debuging function loadUserByUsername($username) but it doesn't get calledAndy
Add the monolg logger provider, and enable the debug and check the logs, the security component yells tons of them. Paste them here and let's try it again :-) PD: When you change the encoder you must change the password on the DB (the stored password must be encoded with the same encoder configured for the security component), I'm assuming you did that already...mTorres
From the log it does not seem that you are trying to enter a user password, it just looks for a security token (using the security cookie) but all it says is that it cannot find one. There is no user or password being checkedmTorres

1 Answers

1
votes

Was missing

  1 <IfModule mod_rewrite.c>
  2     Options -MultiViews
  3 
  4     RewriteEngine On
  5     #RewriteBase /path/to/app
  6     #RewriteRule ^/admin - [L,NC]
  7     RewriteCond %{HTTP:Authorization} ^(.+)$
  8     RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  9     RewriteCond %{REQUEST_FILENAME} !-d
 10     RewriteCond %{REQUEST_FILENAME} !-f
11     RewriteRule ^ index.php [QSA,L]
12 </IfModule>

lines 7 and 8 of the .htaccess file