I try to login with a symfony's memory user provider with the official doc.
So i make my user with symfony console make:user, i let defaults and chose "no" to using database.
I add my adminuser in security.yaml and some configuration :
security:
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: "auto"
providers:
app_user_provider:
id: App\Security\UserProvider
backend_users:
memory:
users:
my:
{
password: "$2y$…B3", // i put my true bcrypt generated password
roles: ["ROLE_ADMIN", "ROLE_SUPER_ADMIN"],
}
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
lazy: true
provider: app_user_provider
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/profile, roles: ROLE_USER }
when@test:
security:
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
algorithm: bcrypt
cost: 4 # Lowest possible value for bcrypt
time_cost: 3 # Lowest possible value for argon
memory_cost: 10 # Lowest possible value for argon
I make login action :
#[Route('/{_locale<%app.supported_locales%>}/login', name: 'my_login')]
public function login(AuthenticationUtils $authenticationUtils): Response
{
// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('@MyCore/Core/login.html.twig', [
'controller_name' => 'CoreController',
'last_username' => $lastUsername,
'error' => $error,
]);
}
With associated form as in the doc :
{% extends '@MyCore/layout-default.html.twig' %}
{% block body %}
{% if error %}
<div>{{ error.messageKey|trans(error.messageData, 'security') }}</div>
{% endif %}
<form action="{{ path('my_login') }}" method="post">
<label for="username">Username:</label>
<input type="text" id="username" name="_username" value="{{ last_username }}"/>
<label for="password">Password:</label>
<input type="password" id="password" name="_password"/>
{# If you want to control the URL the user is redirected to on success
<input type="hidden" name="_target_path" value="/account"/> #}
<input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}">
<button type="submit">login</button>
</form>
{% endblock %}
And… Nothing happen. When i try to login, with true user or random false entry, there is no error, no logging, just i go back to "/login" as if nothing happened.
Did i forget something ?
CodePudding user response:
There's no firewall configured to use your backend_users user provider.
If you want to use your in-memory users for the main firewall configure it as follows:
security:
# [..]
providers:
backend_users:
memory:
users: [] # <- add your users here
firewalls:
main:
lazy: true
provider: backend_users # <- use the provider here
CodePudding user response:
You are using the app_user_provider but your need to use 2 providers, the app_user_provider and the backend_users provider in same time. To build this you need to use a provider chain (Symfony Doc) :
# config/packages/security.yaml
security:
# ...
providers:
backend_users:
# ...
app_user_provider:
# ...
all_users:
chain:
providers: ['backend_users', 'app_user_provider']
firewalls:
main:
lazy: true
provider: all_users # all_users => provider chain
CodePudding user response:
Your problem comes from your security configration. If you need to add two users then you should use a chain, take a look at Symfony docs.