How to debug symfony4 authentication failure

Question

I am trying to set up a traditional login and registration form following the symfony 4 documentation.

Using the registration form I seem to be able to register users correctly into the mariaDB database on arch linux.

I am using the symfony development server. When I try to login with a registered user, I get this HTML on the login page

Authentication request could not be processed due to a system problem.

If the user or the password are bad or if I don't fill the fields, I get the same error.

Starting the symfony 4 development with -vvv verboses displays

2018-01-26T16:10:26+00:00 [info] Matched route "login".
2018-01-26T16:10:26+00:00 [info] Authentication request failed.
2018-01-26T16:10:26+00:00 [debug] Authentication failure, redirect triggered.
[Fri Jan 26 17:10:26 2018] 127.0.0.1:52250 [302]: /login
2018-01-26T16:10:26+00:00 [info] Matched route "login".
2018-01-26T16:10:26+00:00 [info] Populated the TokenStorage with an anonymous Token.
[Fri Jan 26 17:10:26 2018] 127.0.0.1:52252 [200]: /login

Using the network inspector of Firefox it seems that the loggin post returns error 302. I don't know how to debug this, or how to obtain more informations.

This is security.yaml

# config/packages/security.yaml                                                                           
security:                                                                                                 
  encoders:                                                                                               
    App\Entity\User:                                                                                      
      algorithm: bcrypt                                                                                   
  providers:                                                                                              
    our_db_provider:                                                                                      
      entity:                                                                                             
        class: App\Entity\User                                                                            
        property: username                                                                                
  firewalls:                                                                                              
    main:                                                                                                 
      provider: our_db_provider                                                                           
      pattern: ^/                                                                                         
      anonymous: ~                                                                                        
      form_login:                                                                                         
        login_path: login                                                                                 
        check_path: login                                                                                 
  access_control:                                                                                         
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }                                              
    - { path: ^/register$, role: IS_AUTHENTICATED_ANONYMOUSLY }                                           
    - { path: ^/, role: ROLE_USER }

I don't use the username, so I removed it from the User class and the register Controller, and made user.getUsername return the user email, as suggested by the doc.

Because 302 is a redirected request, You could use the profiler to see the last request and the logs associated — goto, Jan 26 '18 at 17:01
@NanoPish try changing the check_path with something else like login_check and change the post url in login form login_check. — Archi, Jan 26 '18 at 20:01
I'm currently trying to implement the same thing, but for the moment I let the basic auth to enter username/password. I don't see any error in my case but basic auth is looping again and again, without logging me. See my issue : https://stackoverflow.com/questions/48483993/symfony4-basic-auth-looping-while-using-db-provider — Pete_Gore, Jan 28 '18 at 07:43
@Archi if I replace check_path with login_check I get Unrecognized option "login_check" under "security.firewalls.main.form_login" when starting the server. Where is the other occurence of check_path that I need to edit ? — NanoPish, Feb 01 '18 at 12:27
@NanoPish you have to create empty controller action for the path login_check. — Archi, Feb 01 '18 at 16:07

score 6 · Accepted Answer · answered Feb 01 '18 at 15:21

6

Your problem is the following:

property: username

In security yaml just replace it with email as you don't use the username variable from the user interface.

To find out, use the web helper bundle to analyse the request that returned 302.

answered Feb 01 '18 at 15:21

Epoch

190
7

Azhar Khattak · Answer 2 · 2018-09-11T13:26:16.140

I faced the same problem and would like to add some details to accepted answer by Epoch. Here are the steps to debug using symfony's web debug tool bar

Note: I am using FOSUserBundle but these steps are general for debugging

Open debug tool-bar and click on token next to 302 Request to open profiler as in picture
This will open the profiler with debug information about current request, which in this case was 302. But we need to debug where authentication failure happend. So click on Last 10 from left side menu as shown here in picture
Now this will open a page with Last 10 requests. Find the request which actually performs the authentication. In my case, it's POST request /login_check. Click on token to open debug details for this request
Now, look for the security channel or what you configured for authentication logs/errors.

Now you can look for the details for authentication failure. Hope this helps others having same issue. Thanks!

How to debug symfony4 authentication failure

2 Answers2