On login page I get this in dev.log:
**Guard authenticator does not support the request. {"firewall_key":"main","authenticator":"App\\Security\\LoginFormAuthenticator"} []**
Plus on the register page, after submitting I get
**The CSRF token is invalid. Please try to resubmit the form.**
And in dev.log:
**Guard authentication failed. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\InvalidCsrfTokenException(code: 0):**
The same code is working on my colleague's machine cannot get where can be the problem.
security.yaml
firewalls:
static_pages:
pattern: ^/static
security: false
oauth_token:
pattern: ^/oauth/token
security: false
oauth_authorize:
pattern: ^/oauth/auth
security: false
# Add your favorite authentication process here
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
user_checker: security.user_checker
form_login:
provider: app_user
csrf_token_generator: security.csrf.token_manager
default_target_path: app_homepage
logout: true
anonymous: true
guard:
provider: app_user
entry_point: App\Security\LoginFormAuthenticator
authenticators:
- App\Security\GoogleAuthenticator
- App\Security\FacebookAuthenticator
- App\Security\LoginFormAuthenticator
SecurityController.php
<?php
namespace App\Controller\Identity;
use App\Controller\BaseController;
use App\Entity\User;
use App\Security\AuthenticationManager;
use App\Util\UserManager;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\Session\Session;
use Symfony\Component\Security\Core\Encoder\EncoderFactory;
use Symfony\Component\Security\Core\Encoder\NativePasswordEncoder;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
/**
* Class SecurityController
*/
class SecurityController extends BaseController
{
/**
* @Route("/login", name="app_login")
*
* @param AuthenticationUtils $authenticationUtils
*
* @return Response
*/
public function login(AuthenticationUtils $authenticationUtils): Response
{
$error = $authenticationUtils->getLastAuthenticationError();
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('Security/login.html.twig', [
'last_username' => $lastUsername,
'error' => $error
]);
}
/**
* @Route("/admin-login", name="app_security_admin_login", methods={"POST", "GET"})
*
* @param Request $request
*
* @return Response
*/
public function adminLogin(Request $request)
{
/** @var $session Session */
$session = $request->getSession();
$authErrorKey = Security::AUTHENTICATION_ERROR;
$lastUsernameKey = Security::LAST_USERNAME;
// get the error if any (works with forward and redirect -- see below)
if ($request->attributes->has($authErrorKey)) {
$error = $request->attributes->get($authErrorKey);
} elseif (null !== $session && $session->has($authErrorKey)) {
$error = $session->get($authErrorKey);
$session->remove($authErrorKey);
} elseif ($request->query->has('error')) {
$error = $request->query->get('error');
} else {
$error = null;
}
if (!$error instanceof AuthenticationException) {
$error = null; // The value does not come from the security component.
}
// last username entered by the user
$lastUsername = (is_null($session)) ? '' : $session->get($lastUsernameKey);
$tokenManager = $this->getToken();
$csrfToken = $tokenManager
? $tokenManager->getToken('authenticate')->getValue()
: null;
return $this->render('Security/admin_login.html.twig', [
'last_username' => $lastUsername,
'error' => $error,
'csrf_token' => $csrfToken,
]);
}
/**
* @Route("/admin-login-check", name="app_security_admin_login_check", methods={"POST", "GET"})
*
* @param Request $request
* @param UserManager $userManager
*
* @return Response
*/
public function adminLoginCheck(Request $request, UserManager $userManager)
{
$username = $request->request->get('_username');
$password = $request->request->get('_password');
$encoders = new NativePasswordEncoder(13);
$factory = new EncoderFactory([$encoders]);
/** @var User $user */
$user = $userManager->findUserByUsername($username);
if(!$user){
return $this->redirectToRoute('app_security_admin_login',
['error' => 'Username doesnt exists']
);
}
$encoder = $factory->getEncoder(User::class);
$salt = $user->getSalt();
if(!$encoder->isPasswordValid($user->getPassword(), $password, $salt)) {
return $this->render("Security/admin_login.html.twig", [
'error' => 'Username or Password not valid'
]);
}
$token = $this->get(AuthenticationManager::class)->authenticate($user);
return $this->redirectToRoute("admin_homepage");
}
/**
* @Route("/login", name="app_security_login", methods={"POST", "GET"})
*
* @param Request $request
*
* @return Response
*/
public function loginAction(Request $request)
{
/** @var $session Session */
$session = $request->getSession();
$authErrorKey = Security::AUTHENTICATION_ERROR;
$lastUsernameKey = Security::LAST_USERNAME;
/** get the error if any (works with forward and redirect -- see below) */
if ($request->attributes->has($authErrorKey)) {
$error = $request->attributes->get($authErrorKey);
} elseif (null !== $session && $session->has($authErrorKey)) {
$error = $session->get($authErrorKey);
$session->remove($authErrorKey);
} else {
$error = null;
}
if (!$error instanceof AuthenticationException) {
$error = null; // The value does not come from the security component.
}
/** last username entered by the user */
$lastUsername = (is_null($session)) ? '' : $session->get($lastUsernameKey);
$tokenManager = $this->getToken();
$csrfToken = $tokenManager
? $tokenManager->getToken('authenticate')->getValue()
: null;
return $this->render('Security/login.html.twig',[
'last_username' => $lastUsername,
'error' => $error,
'csrf_token' => $csrfToken,
]);
}
/**
* @Route("/login_check", name="app_security_check", methods={"POST"})
*/
public function checkAction()
{
throw new \RuntimeException('You must configure the check path to be handled by the firewall using form_login in your security firewall configuration.');
}
/**
* @Route("/logout", name="app_security_logout", methods={"GET"})
*/
public function logoutAction()
{
throw new \RuntimeException('You must activate the logout in your security firewall configuration.');
}
protected function getToken()
{
return $this->get("security.csrf.token_manager");
}
}
I could provide other files if needed. Thank you.
The solution was to set the path for the session even though the log complained about other things:
# config/packages/framework.yaml
session:
save_path: '%kernel.project_dir%/var/sessions/%kernel.environment%'