Wndrr Wndrr - 1 month ago 32
PHP Question

Silex - UserProviderInterface always returns "Bad credentials"

I am trying to add Users saved in a database to my Silex website using the SecurityProvider.

I registered the security provider

$app['security.firewalls'] = array
(
'admin' => array
(
'pattern' => '^/admin',
'form' => array('login_path' => '/login', 'check_path' => '/admin/login_check'),
'logout' => array('logout_path' => '/admin/logout', 'invalidate_session' => true),
'users' => function() use($app)
{
return new Entity\UserProvider($app);
}
)
);


And the
Entity\UserProvider($app)
class goes as follow (only part of the code is shown)

class UserProvider implements UserProviderInterface
{
public function loadUserByUsername($username)
{
return new User('blabla', 'patate', ['ROLE_ADMIN'], true, true, true, true);
}
}


But even though i return a new User, and do not throw a
UsernameNotFoundException
the login page still gives me a
Bad credentials.
message.

Why am i getting this bad credentials message ? Did i forget something ? Did i mess up some config ?

Thanks

Answer

Password encoder algorytms that are used in silex and on creating user differ.

Encoder in silex is set by parameter security.default_encoder

$app['security.default_encoder'] = function ($app) {
    return $app['security.encoder.bcrypt'];
};
...
$app['security.encoder.bcrypt'] = function ($app) {
    return new BCryptPasswordEncoder($app['security.encoder.bcrypt.cost']);
};

Use bcrypt for password encoding on user creation

return new User(
    'blabla',
    $app['security.encoder.bcrypt']->encodePassword('patate', ''),
    ['ROLE_ADMIN'],
    true, true, true, true
);

Or change silex encoder to plaintext (without encoding) to check if login works

$app['security.default_encoder'] = function ($app) {
    return new \Symfony\Component\Security\Core\Encoder\PlaintextPasswordEncoder();
};
Comments