Home > Software design >  with symfony jwt, I get this "invalid credentials" error
with symfony jwt, I get this "invalid credentials" error

Time:03-21

I have a problem to authenticate api platform (symfony 6)

curl -X 'POST' \
  'http://localhost:8001/authentication_token' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "email": "[email protected]",
  "password": "string2222"
}'

I have followed the documentation carefully: [https://api-platform.com/docs/core/jwt/]

here is the error:

{
  "code": 401,
  "message": "Invalid credentials."
}

the user in the database : user

security.yaml

security:
    enable_authenticator_manager: true
    password_hashers:
        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
        App\Entity\User:
            algorithm: auto

    providers:
        app_user_provider:
            entity:
                class: App\Entity\User
                property: email
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        api:
            pattern: ^/api/
            stateless: true
            provider: app_user_provider
            jwt: ~            
        main:
            lazy: true
            provider: app_user_provider

            json_login:
                check_path: /authentication_token
                username_path: email
                password_path: password
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure
            jwt: ~

    access_control:
        - { path: ^/docs, roles: PUBLIC_ACCESS } 
        - { path: ^/authentication_token, roles: PUBLIC_ACCESS }        

User.php

<?php

namespace App\Entity;

use ApiPlatform\Core\Annotation\ApiResource;
use App\Repository\UserRepository;
use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
use Symfony\Component\Security\Core\User\UserInterface;

#[ApiResource]
#[ORM\Entity(repositoryClass: UserRepository::class)]
class User implements UserInterface, PasswordAuthenticatedUserInterface
{
    #[ORM\Id]
    #[ORM\GeneratedValue]
    #[ORM\Column(type: 'integer')]
    private $id;

    #[ORM\Column(type: 'string', length: 180, unique: true)]
    private $email;

    #[ORM\Column(type: 'json')]
    private $roles = [];

    #[ORM\Column(type: 'string')]
    private $password;

    public function getId(): ?int
    {
        return $this->id;
    }

    public function getEmail(): ?string
    {
        return $this->email;
    }

    public function setEmail(string $email): self
    {
        $this->email = $email;

        return $this;
    }

    /**
     * A visual identifier that represents this user.
     *
     * @see UserInterface
     */
    public function getUserIdentifier(): string
    {
        return (string) $this->email;
    }

    /**
     * @see UserInterface
     */
    public function getRoles(): array
    {
        $roles = $this->roles;
        // guarantee every user at least has ROLE_USER
        $roles[] = 'ROLE_USER';

        return array_unique($roles);
    }

    public function setRoles(array $roles): self
    {
        $this->roles = $roles;

        return $this;
    }

    /**
     * @see PasswordAuthenticatedUserInterface
     */
    public function getPassword(): string
    {
        return $this->password;
    }

    public function setPassword(string $password): self
    {
        $this->password = $password;

        return $this;
    }

    /**
     * @see UserInterface
     */
    public function eraseCredentials()
    {

    }
}

I started again with a blank project and I get the same result. thank you for your help because I am blocked for a while

CodePudding user response:

You really have the wrong credentials. Because based on the screenshot of the User line in the database, you store the password in its pure form without hashing, although you indicated in the security.yaml configuration that you will use password_hashers with the algorithm: auto.

To solve this problem create a user with a hashed password as shown below:

public function createUser(UserPasswordHasherInterface $passwordHasher)
{ 
    $user = new User();
    $user->setEmail('[email protected]');
    $plaintextPassword = 'string2222';
    // hash the password (based on the security.yaml config for the $user class)
    $hashedPassword = $passwordHasher->hashPassword(
        $user,
        $plaintextPassword
    );
    $user->setPassword($hashedPassword);
    // and save user in db
    $em =  $this->getDoctrine()->getManager();
    $em->persist($file);
    $em->flush();
}

Symfony doc for password-hasher component

CodePudding user response:

thanks it works yeaaaaahhhhhhh

  • Related