Reputation: 1680
Symfony2 entity user provider overrides custom auth provider
My Symfony2 custom authentication provider now appears to be working.
User Provider
I almost used the FOSUserBundle but I don't even have email addresses for my users and I don't need the added functionality or complication.
So instead I'm just using the entity provider.
I set my encoder to plaintext because the API client library handles that for me, but alas, another snag: it seems like Users are now being authenticated against these User records.
Before I implemented the entity user provider, my login form gave me valid responses: correct credentials yielded no error, bad credentials resulted in my custom "incorrect user/pass error".
Now, even if I supply credentials I know to be correct, all I get is the error message "Bad credentials," as if I'm implementing the UserAuthenticationProvider, but to the best of my knowledge, I'm not. My custom provider directly implements the AuthenticationProviderInterface.
So at the moment I assume I have incorrectly implemented the entity user provider, such that it is somehow overriding my custom authentication provider. What's the correct way to configure the entity user provider and a custom authentication provider, at the same time?
Files
- /app/config/security.yml
- /src/WordRot/PlayBundle/Security/Authentication/Provider/WordnikProvider.php
Relevant section of security.yml
encoders:
WordRot\PlayBundle\Entity\User: plaintext
providers:
wordnik_users:
entity: { class: WordRotPlayBundle:User, property: username }
firewalls:
wordnik_secured:
pattern: ^/play
logout: ~
anonymous: ~
# The next line specifies the custom authentication provider:
wordnik: true
form_login:
provider: wordnik_users
login_path: /login
check_path: /play_check
# on success
always_use_default_target_path: true
default_target_path: /play
EDIT
This might prove useful. It's a diff on the master branch...
- From when the custom auth provider (WordnikProvider) still got executed (a473d354)
- To the most recent commit on the master branch (ddcfeae2), where the auth provider is no longer executed.
EDIT 2
With more break points I discovered:
- On login form POST, WordnikProvider#supports is being called with a UsernamePasswordToken, thus returning
false. - On login form POST,
WordnikListeneris constructed but it's other methods (attemptAuthentication,requiresAuthentication) are never called. And yetWordnikFactory#createListener, too, is never called! It's a wonder that the listener is constructed. - However on
login_checkGET,WordnikListener#requiresAuthenticationIS called.
Upvotes: 7
Views: 1017
Answers (1)
Reputation: 48883
So we had kind of a long discussion on this. The basic problem was that the form_login services was interfering with the wodnik service. Removed form_login and things started working better.
https://chat.stackoverflow.com/rooms/25251/discussion-between-montgomery-jean-and-cerad
Upvotes: 1
Related Questions
- Decouple authentication from your user entity in Symfony 4?
- Symfony custom authentication provider log out on request overlap
- How to use a custom user provider with Symfony 3 authentication
- Symfony 3 - custom user provider - login always showing "bad credentials" instead of "username not found"
- Symfony 2 Custom User Provider & Authentication
- custom authentication provider with anonymous user
- symfony2 custom User Provider prints "Bad credentials"
- Symfony2 custom authentication provider bad credentials
- Symfony2 won't load custom authentication provider, loads DaoAuthenticationProvider
- Symfony 2 custom authentication not using correct provider