Unable to authenticate, unauthorized in production

Question

I've build my website with api-platform, lexikJWTauthbundle and react-admin that's work like a charm in local dev, but when I've pushed it in production my admin interface login always return the error "401 bad credential" and the token is never stored localy. I don't know why beacause the visitor page display all my stuff that's store in my DB. So i assume the connection is correct.

I have already tried to change the .htaccess with "RewriteRule" "SetEnvIf" ... Here is my code :


//authProvier.js

import {AUTH_LOGIN, AUTH_LOGOUT, AUTH_CHECK} from 'react-admin';

export default (type, params) => {
    if (type === AUTH_LOGIN) {
        const {username, password} = params;
        const request = new Request('/admin/authentication_token', {
            method: 'POST',
            headers: new Headers({
                'Content-Type': 'application/json'
            }),
            body: JSON.stringify({
                username:
                    username,
                    password
            }),
        })
        return fetch(request)
            .then(response => {
                console.log(response)
                if (response.status < 200 || response.status >= 300) {
                    throw new Error(response.statusText);
                }
                return response.json();
            })
            .then(({token}) => {
                localStorage.setItem('token', token);
                return Promise.resolve()
            });
    }
    if (type === AUTH_LOGOUT) {
        localStorage.removeItem('token');
        return Promise.resolve();
    }
    if (type === AUTH_CHECK) {
        return localStorage.getItem('token') ? Promise.resolve() : Promise.reject();
    }
    return Promise.reject('Unknown method');
};

// config/security.yaml

security:
  role_hierarchy:
        ROLE_ADMIN: [ROLE_ADMIN]
  encoders:
    App\Entity\AdminUser:
      algorithm: argon2i


  providers:
    # used to reload user from session & other features (e.g. switch_user)
    app_user_provider:
      entity:
        class: App\Entity\AdminUser
        property: username

  firewalls:
    login:
      pattern: ^/admin/authentication_token
      provider: app_user_provider
      stateless: true
      anonymous: true
      json_login:
        check_path: /admin/authentication_token
        username_path: username
        password_path: password
        success_handler: lexik_jwt_authentication.handler.authentication_success
        failure_handler: lexik_jwt_authentication.handler.authentication_failure
    dev:
      pattern: ^/_(profiler|wdt)
      security: false
    api:
      pattern: ^/api/
      anonymous: true
      stateless: true
      guard:
        authenticators:
          - lexik_jwt_authentication.jwt_token_authenticator


  access_control:
    - { path: ^/admin, roles: ROLE_ADMIN}

When I console.log the request and the response, header is always empty. [![error401][1]][1]

I don't know if the problem came from the "https" url domain or the "Server API" is CGI/FastCGI because on local it was on "http" and "Apache2.0 handler". I can't access to the httpd.conf file... If you have any idea thanks in advance.

score 0 · Accepted Answer · answered Aug 08 '19 at 12:50

0

/!\ If you have this problem check for Argon2i, it was not supported by my web hoster so I changed by bcrypt....

answered Aug 08 '19 at 12:50

onadrog

46
1
4

Unable to authenticate, unauthorized in production

1 Answers1