Symfony authentication doesn't work

0
votes

I am writing regarding the Symfony authentication problem, which occurred last month and I still cannot find a solution, so I am dependent on you :D 

namespace App\Entity;
use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\UserInterface;

/**
 * @ORM\Table(name="app_users")
 * @ORM\Entity(repositoryClass="App\Repository\UserRepository")
 */
class User implements UserInterface, \Serializable
{
  //id,username,password  

    public function getSalt()
    {
        return null;
    }

    public function getPassword()
    {
        return $this->password;
    }

    public function getRoles()
    {
        return array('ROLE_USER');
    }


    public function eraseCredentials()
    {
    }


    public function serialize()
    {
        return serialize(array(
            $this->id,
            $this->username,
            $this->password,
            // see section on salt below
            // $this->salt,
        ));
    }

    public function unserialize($serialized)
    {
        list (
            $this->id,
            $this->username,
            $this->password,
            // see section on salt below
            // $this->salt
            ) = unserialize($serialized);
        }

}

This is my User entity and now below you can see my security.yaml which I think I configured right: 

security:
    encoders:
        App\Entity\User:
              algorithm: bcrypt
    providers:
         db_provider:
              entity:
                  class: App\Entity\User
                  property: username
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|img|js)/
            security: false
        main:
            anonymous: true
            http_basic: ~
            provider: db_provider
       access_control:
          - { path: ^/admin, roles: ROLE_ADMIN }

Whenever I am trying to access /admin route it shows me http-basic login but whenever I input "admin, admin" nothing happens. IN my database I have one user with username:admin and password admin which is hashed by bcrypt.

Not using authentication then everything works as it should, I get all data from the database as it should be after authentication.

Thanks for your help guys!

1
symfonyauthenticationsymfony4
Your user get ROLE_USERbut need ROLE_ADMIN to access the page - Med

1 Answers

0
votes

Your problem

As Med already pointed out, your User entity has the ROLE_USER role as default:

/* App/Entity/User.php */

public function getRoles()
{
    return array('ROLE_USER');
}

Your access_control configuration on the other hand states that the route /admin can only be accessed with a user that has the ROLE_ADMIN role:

access_control:
      - { path: ^/admin, roles: ROLE_ADMIN }

That means, your user "admin" lacks the sufficient role to access /admin.

Solution

You need to be able to assign multiple roles to the user. One possible way is saving the roles as a concatenated string and returning it as an array:

/* App/Entity/User.php */
/**
 * @ORM\Column(name="roles", type="string")
 * @var string
 */
private $roles;

/**
 * Get the user roles as an array of strings
 * @return array
 */
public function getRoles()
{
    return explode($roles, ',');
}

You can even add some methods to manage your roles via the entity class:

/* App/Entity/User.php */

/**
 * Add a new role
 * @param string $role name of the role
 * @return this
 */
public function addRole($role)
{
    $roles = $this->getRoles();
    if (array_search($role, $roles) === false) {
        $roles[] = $role;
        $this->roles = implode(',', $roles);
    }
    return $this;
}

/**
 * Remove a role
 * @param string $role name of the role
 * @return this
 */
public function removeRole($role)
{
    $roles = $this->getRoles();
    $searchResult = array_search($role, $roles);
    if ($searchResult !== false) {
        unset($roles[$searchResult]);
        $this->roles = implode(',', $roles);
    }
    return $this;
}