I am developing a website in symfony 4.2. After I put it to production server, I modified APP_ENV to prod, and run composer update --no-dev.
After doing this, I can't logging in. I have got no login error. Log files are empty. I have no idea, what I am doing wrong. I also tried to set APP_DEBUG=1 but nothing... It's only reload the login page, whatever I'm doing
Here is my security.yaml:
security:
access_decision_manager:
strategy: affirmative
encoders:
App\Entity\Account: bcrypt
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
database_users:
entity: { class: App\Entity\Account, property: username }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: true
# activate different ways to authenticate
# http_basic: true
# https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
form_login:
check_path: security_login
login_path: security_login
csrf_token_generator: security.csrf.token_manager
default_target_path: home_index
logout:
path: security_logout
target: security_login
# https://symfony.com/doc/current/security/form_login_setup.html
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPERIOR: ROLE_USER
ROLE_SUPERVISOR: ROLE_USER
ROLE_WORKER: ROLE_USER
Login form:
<form action="{{ path('security_login') }}" method="post" class="panel-body">
{% if error %}
<div class="alert alert-danger">
{{ error.messageKey|trans(error.messageData, 'security') }}
</div>
{% endif %}
<div class="form-group">
<input class="form-control" placeholder="{{ "login.username"|trans }}" type="text" name="_username" id="_username" autofocus />
</div>
<div class="form-group">
<input class="form-control" placeholder="{{ "login.password"|trans }}" type="password" name="_password" id="_password" />
</div>
<input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}" />
<input id="login" type="submit" class="btn btn-lg btn-secondary btn-block" value="{{ "common.button.login"|trans }}" />
<a href="{{ path('security_register') }}" id="register" class="btn btn-lg btn-secondary btn-block">{{ "common.button.registration"|trans }}</a>
</form>
SecurityController:
<?php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
class SecurityController extends AbstractController
{
/**
* @Route("/login", name="security_login")
* @param AuthenticationUtils $authenticationUtils
* @return \Symfony\Component\HttpFoundation\Response
*/
public function index(AuthenticationUtils $authenticationUtils)
{
if ($this->get('security.authorization_checker')->isGranted(["ROLE_USER"])) {
return new RedirectResponse(
$this->generateUrl('home_index')
);
}
$error = $authenticationUtils->getLastAuthenticationError();
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('security/login.html.twig', [
'last_username' => $lastUsername,
'error' => $error
]);
}
/**
* @Route("/logout", name="security_logout")
*/
public function logout()
{
}
}
Thanks for the help!
php bin/console)? Check the file permissions. If you switchAPP_ENVback to dev, does it work? – thomas.drbgcookie_secureis set to true, you MUST setup https for your login form to work, else it won't. Do you use https for your production site ? – tchap