1

I'm desperate : I'm using Symfony for years, and today I'm stuck on a basic stuff. As FOSUserBundle is not implemented for Sf4 yet, I decided to create a really basic User entity in DB to load user.

But when I enter my username/password in the BasicAuth windows in my web browser (chrome) it's not logging me and loops over and over.

Here is my security file : 

security:
    encoders:
        App\Entity\User:
            algorithm: bcrypt

    providers:
        native_provider:
            entity:
                class: App\Entity\User
                property: username
                manager_name: native_users

    firewalls:
        main:
            pattern:    ^/
            http_basic: ~
            provider: native_provider

    access_control:
        - { path: ^/, roles: ROLE_USER }

    role_hierarchy:
        ROLE_ADMIN: ROLE_USER

And my User class is exactly the same as the one in the symfony example : https://symfony.com/doc/current/security/entity_provider.html#create-your-user-entity

Finally I created some User fixtures using [nelmio/alice][1] : 

App\Entity\User:
    user_1:
        id: '<uuid()>'
        username: 'admin'
        password: '\$2y\$10\$574w3EitCqOaHmhu4ER49.KPG2EMtcQlYrO0vdPyYW/EuqTHMCB0C'
        email: 'admin@test.com'
        isActive: true

Where '\$2y\$10\$574w3EitCqOaHmhu4ER49.KPG2EMtcQlYrO0vdPyYW/EuqTHMCB0C' reprensent the "admin" word coded in bcrypt.

Despite all these things, basic auth won't work. Any Idea ?

Thanks !

Pete_Gore
  • 594
  • 1
  • 5
  • 20
  • 1
    Master branch of FOSUserBundle actually supports Symfony4. For sure there might still be things to fix/improve but basic usage should be fine. – dlondero Jan 28 '18 at 07:36
  • About your problem can you check that the value you have in the database for the password field is equal to the one you pasted above? Is it `setPassword` doing the encrypt or just setting the plain value? Because in first case you're encrypting the password twice (manually and then through Alice). – dlondero Jan 28 '18 at 07:49
  • Her dlondero, thanks for your help. No I encoded the password mysel using a bcrypt encryption website. I juste check and the password in the DB is the same as in my fixture file. No additionnal encryption there. I also tried to store a plain text password and remove the encoder from my security YAML file and the problem is also there... – Pete_Gore Jan 28 '18 at 07:57
  • And do you actually have an entity manager called `native_users` in `config/packages/doctrine.yaml`? – dlondero Jan 28 '18 at 08:15
  • Also I would suggest you to encrypt the password locally and set that as value, not what you get from a 3rd party site. See https://symfony.com/doc/current/security/password_encoding.html. – dlondero Jan 28 '18 at 08:22
  • I effectively don't have any entity manager called "native_users"... my mistake. But if I remove this and try again, I got the same error, even if I put in plain text password...! I'll try again this afternoon clearing cache and so on but I'm pretty pessimistic. – Pete_Gore Jan 28 '18 at 12:29
  • Add "hide_user_not_found: false" under security: This will at least narrow the problem to either user not found or invalid password. – Cerad Jan 28 '18 at 17:09
  • @Cerad I did but where am I supposed to find the error ? I think I should check my Symfony logging protocol because my `log/` dir is always empty, which seems really strange in dev. – Pete_Gore Jan 28 '18 at 17:39
  • I have not fooled around much with http basic. Usually use a login form. It probably is you password. All I can suggest is to follow the docs exactly and get the in memory example working first then plug in your own user entity and provider. Or maybe just jump to the form login. – Cerad Jan 28 '18 at 17:53

0 Answers0