2
votes

First of all i tryed the simple way with the in_memory provder like in this documentation: https://symfony.com/doc/current/security.html and it worked for me well, then i continued with this tutorial: https://symfony.com/doc/current/security/entity_provider.html and ended up in an endless loop of browser http basic user data request.

This is my code, maybe someone can find the tiny missing semicolon :D

URL: https://gitlab.com/AceVik/ajoli

Neccessery files. security.yml

security:
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
    our_db_provider:
         entity:
            class: App\Entity\User
    #        property: username
    #in_memory:
    #    memory:
    #        users:
    #            admin:
    #                password: admin
    #                roles: 'ROLE_ADMIN'
firewalls:
    #secured_area:
    #    logout:
    #        path: /logout
    #        target: /
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    main:
    #    pattern:    ^/
        http_basic: ~
        provider: our_db_provider
   #     provider: in_memory
encoders:
    App\Entity\User: plaintext
    #    algorithm: bcrypt
    #    cost: 12
    #Symfony\Component\Security\Core\User\User: plaintext

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
     - { path: ^/admin, roles: ROLE_ADMIN }
     - { path: ^/profile, roles: ROLE_USER }

User.php

<?php

declare(strict_types=1);

namespace App\Entity;

use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\UserInterface;

/**
 * @ORM\Table(name="users")
 * @ORM\Entity(repositoryClass="App\Repository\UserRepository")
 */
class User implements UserInterface, \Serializable
{
    /**
     * @ORM\Column(type="integer")
     * @ORM\Id
     * @ORM\GeneratedValue(strategy="AUTO")
     */
    private $id;

    /**
     * @ORM\Column(type="string", length=25, unique=true)
     */
    private $username;

    /**
     * @ORM\Column(type="string", length=64)
     */
    private $password;

    /**
     * @ORM\Column(type="string", length=254, unique=true)
     */
    private $email;

    /**
     * @ORM\Column(name="is_active", type="boolean")
     */
    private $isActive;

    public function __construct()
    {
        $this->isActive = true;
        // may not be needed, see section on salt below
        // $this->salt = md5(uniqid('', true));
    }

    public function getUsername()
    {
        return $this->username;
    }

    public function setUsername($username) {
        $this->username = $username;
        $this->email = $username . '@example.com';
    }

    public function setPassword($password) {
        $this->password = $password;
    }

    public function getSalt()
    {
        // you *may* need a real salt depending on your encoder
        // see section on salt below
        return null;
    }

    public function getPassword()
    {
        return $this->password;
    }

    public function getRoles()
    {
        return array('ROLE_USER');
    }

    public function eraseCredentials()
    {
    }

    /** @see \Serializable::serialize() */
    public function serialize()
    {
        return serialize(array(
            $this->id,
            $this->username,
            $this->password,
            // see section on salt below
            // $this->salt,
        ));
    }

    /** @see \Serializable::unserialize() */
    public function unserialize($serialized)
    {
        list (
            $this->id,
            $this->username,
            $this->password,
            // see section on salt below
            // $this->salt
            ) = unserialize($serialized, ['allowed_classes' => false]);
    }
}

UserRepository.php

<?php

namespace App\Repository;

use App\Entity\User;
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
use Doctrine\Common\Persistence\ManagerRegistry;
use Symfony\Bridge\Doctrine\Security\User\UserLoaderInterface;

class UserRepository extends ServiceEntityRepository implements UserLoaderInterface
{
    public function __construct(ManagerRegistry $registry)
    {
        parent::__construct($registry, User::class);
    }

    public function loadUserByUsername($username)
    {
        return $this->createQueryBuilder('u')
            ->where('u.username = :username')
            ->setParameter('username', $username)
            ->getQuery()
            ->getOneOrNullResult();
    }
}
2
What url you try to request which ends in an endless loop?u_mulder
Any i try, /profile, /admin and also /Viktor Machnik
Console and log are clear?Eakethet
The symfony var/log folder is empty. The nginx error.log file is emty, and the nginx access.log file contains expected log entries like this: 172.17.0.1 - admin [21/May/2018:10:44:13 +0000] "GET / HTTP/1.1" 401 5 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36"Viktor Machnik

2 Answers

3
votes

Viktor,

There seems to be something wrong with your image. I loaded up my own docker image and it's working for me.

To debug you can open up BasicAuthenticationListener (search for it in vendor directory). And set a breakpoint on } catch (AuthenticationException $e) { Or add exit(var_dump($e)); under it to check what exception gets thrown.

1
votes

Solution found.

I just updates Symfony from 4.0.9 to 4.0.11 and it solved the problem. It seems, it was a Symfony bug: https://symfony.com/blog/symfony-4-0-11-released

Now i have an issue with the logout :D I try to fix it by my self, but if someone see the mistake, tell it me pls. My gitlab repository is still public.