Неверные учетные данные на symfony

Question

Вечером у всех, я сталкиваюсь с этой проблемой уже несколько дней, и что бы я ни менял, она остается ... в основном при входе в систему, когда я отправляю неверный адрес электронной почты, он говорит, что электронная почта не найдена, когда я ставлю неверный пароль, он говорит неправильный пароль ( Я, конечно, отредактировал его), но когда они оба верны, он по какой-то причине показывает неверные учетные данные, я действительно разрознен .. помогите мне, пожалуйста, я могу связать любой код страницы, но я на 90% уверен, что код правильный, заранее спасибо

SecurityController. php

<?php

namespace App\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;

class SecurityController extends AbstractController
{
    /**
     * @Route("/login", name="app_login")
     */
    public function login(AuthenticationUtils $authenticationUtils): Response
    {
        if ($this->getUser()) {
            return $this->redirectToRoute('/index');
        }

        // get the login error if there is one
        $error = $authenticationUtils->getLastAuthenticationError();
        // last username entered by the user
        $lastUsername = $authenticationUtils->getLastUsername();

        return $this->render('security/login.html.twig', ['last_username' => $lastUsername, 'error' => $error]);
    }

    /**
     * @Route("/logout", name="app_logout")
     */
    public function logout()
    {
        throw new \LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
    }
}

security.yaml

security:
    encoders:
        
        App\Entity\User5:
            algorithm: bcrypt



    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
    providers:
        
        app_user_provider:
              entity:
                  class: 'App\Entity\User5'
                  property: 'email'
                  
      
                      
     

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            anonymous: ~

            provider: app_user_provider

            form_login: 
                login_path: app_login
                check_path: app_login
                
            guard:
                authenticators:
                    - App\Security\LoginFormAuthenticator
                    
                    
                
                entry_point: App\Security\LoginFormAuthenticator
            logout:
                path: app_logout
                # where to redirect after logout
                # target: app_any_route
   
            
               
            


            # activate different ways to authenticate

            
            # https://symfony.com/doc/current/security.html#firewalls-authentication
            
            # form_login: true
            # https://symfony.com/doc/current/security/form_login_setup.html

            # https://symfony.com/doc/current/security/impersonating_user.html
            # switch_user: true

    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    #access_control:
        # - { path: ^/admin, roles: ROLE_ADMIN }
        # - { path: ^/profile, roles: ROLE_USER }
    # - { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    access_control:
        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api,       roles: IS_AUTHENTICATED_FULLY }

логин. html .twig

{% extends 'home.html.twig' %}

{% block title %}Log in!{% endblock %}

{% block body %}
<form method="post" action="{{ path('app_login')}}">
    {% if error %}
        <div class="alert alert-danger">{{ error.messageKey|trans(error.messageData, 'security') }}</div>
    {% endif %}

    {% if app.user %}
        <div class="mb-3">
            You are logged in as {{ app.user.username }}, <a href="{{ path('app_logout') }}">Logout</a>
        </div>
    {% endif %}

    <h1 class="h3 mb-3 font-weight-normal">Please sign in</h1>
    <label for="inputEmail">Email</label>
    <input type="email" value="{{ last_username }}" name="email" id="inputEmail" class="form-control" required autofocus>
    <label for="inputPassword">Password</label>
    <input type="password" name="password" id="inputPassword" class="form-control" required>

    <input type="hidden" name="_csrf_token"
           value="{{ csrf_token('authenticate') }}"
    >

    {#
        Uncomment this section and add a remember_me option below your firewall to activate remember me functionality.
        See https://symfony.com/doc/current/security/remember_me.html

        <div class="checkbox mb-3">
            <label>
                <input type="checkbox" name="_remember_me"> Remember me
            </label>
        </div>
    #}

    <button class="btn btn-lg btn-primary" type="submit" >
        Sign in
    </button>
</form>
{% endblock %}

LoginFormAuthenticator

<?php

namespace App\Security;

use App\Entity\User5;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Csrf\CsrfToken;
use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator;
use Symfony\Component\Security\Guard\PasswordAuthenticatedInterface;
use Symfony\Component\Security\Http\Util\TargetPathTrait;

class LoginFormAuthenticator extends AbstractFormLoginAuthenticator implements PasswordAuthenticatedInterface
{
    use TargetPathTrait;
    private const LOGIN_ROUTE = 'app_login';

    private $entityManager;
    private $urlGenerator;
    private $csrfTokenManager;
    private $passwordEncoder;

    public function __construct(EntityManagerInterface $entityManager, UrlGeneratorInterface $urlGenerator, CsrfTokenManagerInterface $csrfTokenManager, UserPasswordEncoderInterface $passwordEncoder)
    {
        $this->entityManager = $entityManager;
        $this->urlGenerator = $urlGenerator;
        $this->csrfTokenManager = $csrfTokenManager;
        $this->passwordEncoder = $passwordEncoder;
    }

    public function supports(Request $request)
    {
        return self::LOGIN_ROUTE === $request->attributes->get('_route')
            && $request->isMethod('POST');
    }

    public function getCredentials(Request $request)
    {
        $credentials = [
            'email' => $request->request->get('email'),
            'password' => $request->request->get('password'),
            'csrf_token' => $request->request->get('_csrf_token'),
        ];
        $request->getSession()->set(
            Security::LAST_USERNAME,
            $credentials['email']
        );

        return $credentials;
    }

    public function getUser($credentials, UserProviderInterface $userProvider)
    {
        $token = new CsrfToken('authenticate', $credentials['csrf_token']);
        if (!$this->csrfTokenManager->isTokenValid($token)) {
            throw new InvalidCsrfTokenException();
        }

        $user = $this->entityManager->getRepository(User5::class)->findOneBy(['email' => $credentials['email']]);
       
        

        if (!$user) {
            // fail authentication with a custom error
            throw new CustomUserMessageAuthenticationException('Email could not be found.');
        }
        $user = $this->entityManager->getRepository(User5::class)->findOneBy(['password' => $credentials['password']]);
        

        if (!$user) {
            // fail authentication with a custom error
            throw new CustomUserMessageAuthenticationException('Wrong password.');
        }
        

        return $user;
    }

    public function checkCredentials($credentials, UserInterface $user)
    {
        return $this->passwordEncoder->isPasswordValid($user, $credentials['password']);
        
    }

    /**
     * Used to upgrade (rehash) the user's password automatically over time.
     */
    public function getPassword($credentials): ?string
    {
        return $credentials['password'];
    }

    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
    {
        if ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) {
            return new RedirectResponse($targetPath);
        }

        // For example : return new RedirectResponse($this->urlGenerator->generate('some_route'));
        return new RedirectResponse($this->urlGenerator->generate('index'));
     
        throw new \Exception('TODO: provide a valid redirect inside '.__FILE__);
    }

    protected function getLoginUrl()
    {
        return $this->urlGenerator->generate('app_login');
    }
}

Пользователь5. php

<?php

namespace App\Entity;

use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\UserInterface;
use Doctrine\Common\Collections\Collection;
use Doctrine\Common\Collections\ArrayCollection;
use Doctrine\Component\Validator\Constraints as Assert;
use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;

/**
 * @ORM\Entity()
 * @UniqueEntity("email")
 */

/**
 * @ORM\Entity(repositoryClass="App\Repository\User5Repository")
 * @UniqueEntity(
 * fields={"email"},
 * message="That Email is already taken , try another "
 * )
 */
class User5 implements UserInterface
{
    /**
     * @ORM\Id()
     * @ORM\GeneratedValue()
     * @ORM\Column(type="integer")
     */
    private $id;

    /**
 * @ORM\Column(unique=true, type="string", nullable=false)
 */
    private $email;

    /**
     * @ORM\Column(type="json")
     */
    private $roles = [];

    /**
     * @var string The hashed password
     * @ORM\Column(type="string")
     */
    private $password;

    /**
     * @ORM\ManyToMany(targetEntity="App\Entity\Role", mappedBy="Users")
     */
    private $userRoles;

    public function __construct()
    {
        $this->userRoles = new ArrayCollection();
    }

    public function getId(): ?int
    {
        return $this->id;
    }

    public function getEmail(): ?string
    {
        return $this->email;
    }

    public function setEmail(string $email): self
    {
        $this->email = $email;

        return $this;
    }

    /**
     * A visual identifier that represents this user.
     *
     * @see UserInterface
     */
    public function getUsername(): string
    {
        return (string) $this->email;
    }

    /**
     * @see UserInterface
     */
    public function getRoles(): array
    {
        $roles = $this->roles;
        // guarantee every user at least has ROLE_USER
        $roles[] = 'ROLE_USER';

        return array_unique($roles);
    }

    public function setRoles(array $roles): self
    {
        $this->roles = $roles;

        return $this;
    }

    /**
     * @see UserInterface
     */
    public function getPassword(): string
    {
        return (string) $this->password;
    }

    public function setPassword(string $password): self
    {
        $this->password = $password;

        return $this;
    }

    /**
     * @see UserInterface
     */
    public function getSalt()
    {
        // not needed when using the "bcrypt" algorithm in security.yaml
    }

    /**
     * @see UserInterface
     */
    public function eraseCredentials()
    {
        // If you store any temporary, sensitive data on the user, clear it here
        // $this->plainPassword = null;
    }

    /**
     * @return Collection|Role[]
     */
    public function getUserRoles(): Collection
    {
        return $this->userRoles;
    }

    public function addUserRole(Role $userRole): self
    {
        if (!$this->userRoles->contains($userRole)) {
            $this->userRoles[] = $userRole;
            $userRole->addUser($this);
        }

        return $this;
    }

    public function removeUserRole(Role $userRole): self
    {
        if ($this->userRoles->contains($userRole)) {
            $this->userRoles->removeElement($userRole);
            $userRole->removeUser($this);
        }

        return $this;
    }
    
}

Answer 1

Я решил это сам, по-видимому, вы не можете использовать охрану и форму входа в систему в то же время, когда вам нужно выбрать один из них, потому что оба выполняют одну и ту же работу, одну легко, а другую настраивают, и я забыл кое-что очень важное в функции регистрации забыл закодировать пароль, теперь он работает просто отлично

вот новая функция регистрации

public function register(Request $request , EntityManagerInterface $entityManager, UserPasswordEncoderInterface $encoder)
    {

        $user = new User5();
        
        $form = $this->createForm(Form::class, $user);
        
       $form->handleRequest($request);
       if ($form->isSubmitted() && $form->isValid()) {

        $hashed = $encoder->encodePassword($user, $user->getPassword());

       $user->setPassword($hashed); 
        
       $entityManager->persist($user);
       $entityManager->flush();

       $this->addFlash("success", "Welcome to our application");

       return $this->redirectToRoute("app_login");  
       
       }
        

        
           
        return $this->render('account/registration.html.twig',[
        'form' => $form->createView()
        ]);
            
        
    }

новый security.yaml

security:
    encoders:
        App\Entity\User5:
            algorithm: bcrypt



    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
    providers:
        
        app_user_provider:
              entity:
                  class: 'App\Entity\User5'
                  property: 'email'
                  


    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            anonymous: ~
            provider: app_user_provider

            form_login: 
                login_path: app_login
                check_path: app_login
                 # default_target_path: dashboard
                 
                    
                
            logout:
                path: logout_user
                target: index
                # target: app_any_route
   
            
               
            


            # activate different ways to authenticate

            
            # https://symfony.com/doc/current/security.html#firewalls-authentication
            
            # form_login: true
            # https://symfony.com/doc/current/security/form_login_setup.html

            # https://symfony.com/doc/current/security/impersonating_user.html
            # switch_user: true

    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    #access_control:
        # - { path: ^/admin, roles: ROLE_ADMIN }
        # - { path: ^/profile, roles: ROLE_USER }
    # - { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    access_control:
        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }

        # - { path: ^/api,       roles: IS_AUTHENTICATED_FULLY }

Answer 2

Вы должны удалить эти строки, пароль зашифрован в базе данных, чтобы вы не могли получить пользователя по его паролю, Symfony выполнит эту работу (сравнивая два пароля).

    $user = $this->entityManager->getRepository(User5::class)->findOneBy(['password' => $credentials['password']]);


    if (!$user) {
        // fail authentication with a custom error
        throw new CustomUserMessageAuthenticationException('Wrong password.');
    }