Chris Brown Chris Brown - 5 months ago 47
PHP Question

Silex Security Provider - Token failing to be set

I'm working for the first time with Silex's Security Provider and I'm having issues with the process. I currently have the basic HTTP auth working (using the coded example user as shown here in the docs).

When switching HTTP out for the form option however the login form is submitting, and returning to itself. I have created a

UserProvider
class and the
loadUserByUsername
method is being successfully called, however the email isn't being passed in (being set to
"NONE_PROVIDED"
- altered from username). This I found when working through the vendor code is because the token isn't being set (
$app['security']->getToken()
returning null at all points). I've trawled through all the docs I can but I can't find any mention of this.

The main code is included below, let me know if there is anything else, thanks!

Security Provider Configuration

// Protects all routes within /auth, redirecting to /login successfully

$app->register(new SecurityServiceProvider(), array(
'security.firewalls' => array(
'unauth_area' => array(
'pattern' => '^/(?!auth)'
),
'auth_area' => array(
'pattern' => '^/.*$',
'form' => array(
'login_path' => '/login',
'check_path' => '/auth/login_check',
'default_target_path' => '/auth/overview',
),
'users' => $app->share(function () use ($app) {
return new UserProvider($app['db']);
}),
),
),
'access_control' => array(
array('path' => '^/.*$', 'role' => 'ROLE_USER'),
// Include the following line to also secure the /admin path itself
// array('path' => '^/admin$', 'role' => 'ROLE_ADMIN'),
),
));


(My Custom) method - UserProvider class

public function loadUserByUsername($email) {

// Dying at this point shows it reaches here, but $email is null

$stmt = $this->conn->executeQuery('SELECT * FROM user WHERE email = ?', array(strtolower($email)));

if (!$user = $stmt->fetch()) {
throw new UsernameNotFoundException(sprintf('Email "%s" does not exist.', $email));
}

return new User($user['email'], $user['password'], explode(',', $user['roles']), true, true, true, true);
}


Form Class

class LoginType extends AbstractType {

public function buildForm(FormBuilderInterface $builder, array $options) {
$builder
->add('_username', 'text', array(
'required' => true,
'constraints' => array(
new Assert\NotBlank(),
new Assert\Email(),
)
))
->add('_password', 'password', array(
'required' => true,
'constraints' => array(
new Assert\NotBlank(),
),
))
->add('Login', 'submit');
}

public function getName() {
return 'login';
}


}

Silex Security Provider docs

Answer

It has nothing to do with the token… I just had the same problem with

$app->register(new Silex\Provider\SecurityServiceProvider(), array(
    'security.firewalls' => array(
        'admin' => array(
            'pattern' => '^/admin',
            'form' => array(
                'login_path' => '/', 
                'check_path' => '/admin/login_check', 
                'username_parameter'=> 'mail',
                'password_parameter' => 'password',
                 ),
                'logout' => array('logout_path' => '/logout'),
                    //'anonymous' => true,
            'users' => function () use ($app) {
                return new UserProvider($app['db']);
            },
        )
    ),
    'security.access_rules' => array(
            array('^/$', 'IS_AUTHENTICATED_ANONYMOUSLY'),
            array('^/admin', 'ROLE_USER')
        )
));

After a couple hours trying and testing, I checked the name attribute in my form's input… Saw form[mail]

So I tried

'username_parameter'=> 'form[mail]',
'password_parameter' => 'form[password]',

And … ALLELUIA!!!!! had my mail in loadUserByUsername($mail)