Wndrr Wndrr - 1 year ago 168
PHP Question

Silex - UserProviderInterface always returns "Bad credentials"

I am trying to add Users saved in a database to my Silex website using the SecurityProvider.

I registered the security provider

$app['security.firewalls'] = array
'admin' => array
'pattern' => '^/admin',
'form' => array('login_path' => '/login', 'check_path' => '/admin/login_check'),
'logout' => array('logout_path' => '/admin/logout', 'invalidate_session' => true),
'users' => function() use($app)
return new Entity\UserProvider($app);

And the
class goes as follow (only part of the code is shown)

class UserProvider implements UserProviderInterface
public function loadUserByUsername($username)
return new User('blabla', 'patate', ['ROLE_ADMIN'], true, true, true, true);

But even though i return a new User, and do not throw a
the login page still gives me a
Bad credentials.

Why am i getting this bad credentials message ? Did i forget something ? Did i mess up some config ?


Answer Source

Password encoder algorytms that are used in silex and on creating user differ.

Encoder in silex is set by parameter security.default_encoder

$app['security.default_encoder'] = function ($app) {
    return $app['security.encoder.bcrypt'];
$app['security.encoder.bcrypt'] = function ($app) {
    return new BCryptPasswordEncoder($app['security.encoder.bcrypt.cost']);

Use bcrypt for password encoding on user creation

return new User(
    $app['security.encoder.bcrypt']->encodePassword('patate', ''),
    true, true, true, true

Or change silex encoder to plaintext (without encoding) to check if login works

$app['security.default_encoder'] = function ($app) {
    return new \Symfony\Component\Security\Core\Encoder\PlaintextPasswordEncoder();
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download