1

I have a Symfony 4 project where I need to perform secure authentication using LexikJWTAuthenticationBundle.

I implemented the bundle by following its documentation and I get this error when I execute the following command: curl -X POST -H "Content-Type: application/json" http://localhost:8000/api/login_check -d '{"username":"johndoe","password":"test"}'

Error message :

Invalid JSON

This error is of type Bad Request (400) and it takes place at the time of the json_decode in the file :

Symfony\Component\Security\Http\Firewall\UsernamePasswordJsonAuthenticationListener

security.yaml :

providers:
    user:
        entity:
            class: App\Entity\User
            property: email

encoders:
    App\Entity\User: bcrypt

role_hierarchy:
    ROLE_VIP:  ROLE_USER
    ROLE_ADMIN:       [ROLE_USER, ROLE_VIP ]
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_VIP, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

firewalls:
    login:
        pattern:  ^/api/login
        stateless: true
        anonymous: true
        json_login:
            check_path:               /api/login_check
            success_handler:          lexik_jwt_authentication.handler.authentication_success
            failure_handler:          lexik_jwt_authentication.handler.authentication_failure

    api:
        pattern:   ^/api
        stateless: true
        guard:
            authenticators:
                - lexik_jwt_authentication.jwt_token_authenticator


    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    main:
        pattern: ^/
        anonymous: true
        form_login:
            username_parameter: "login_form[email]"
            password_parameter: "login_form[password]"
            login_path: site_accueil
            check_path: site_accueil
            default_target_path: site_espace_vip_index
            remember_me: false
            success_handler: redirect.after.login
        logout:
            path: /deconnexion
            target: /
        guard:
            authenticators:
                - App\Security\LoginFormAuthenticator
access_control:
- { path: ^/connexion-vip, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/interface, roles: [ROLE_ADMIN] }
- { path: ^/profile, roles: [ROLE_VIP, ROLE_ADMIN] }
- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api,       roles: IS_AUTHENTICATED_FULLY }

routes.yaml :

api_login_check:
    path: /api/login_check

lexik_jwt_authentication.yaml :

lexik_jwt_authentication:
secret_key: '%env(resolve:JWT_SECRET_KEY)%'
public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
pass_phrase: '%env(JWT_PASSPHRASE)%'
token_ttl: 3600

The SSH keys were generated.

What's the problem please ?

Valentin Harrang
  • 1,081
  • 2
  • 17
  • 34
  • Important note for Apache users https://github.com/lexik/LexikJWTAuthenticationBundle/blob/master/Resources/doc/index.md#important-note-for-apache-users – habibun Mar 02 '19 at 17:02
  • Yes I read this, I added this line in the .htaccess file of the public folder : `SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1` but it doesn't change anything. – Valentin Harrang Mar 03 '19 at 11:01

1 Answers1

3

Problem solved : curl -X POST -H "Content-Type: application/json" http://localhost:8000/api/login_check -d "{\"username\":\"johndoe\",\"password\":\"test\"}"

Valentin Harrang
  • 1,081
  • 2
  • 17
  • 34