Thanks for your reply Christophe that worked! I just plan on using plaintext while developing for now. Obviously I'll be upgrading that to sha512 when there's data to actually protect. :) Also thanks for telling me what the equals is for, strangely enough it does give me "Bad Credentials" when entering an invalid password even though I'm just passing "true". I guess maybe the equals area is where I could say the account has expired, or is locked, and override the password check.
Once again thanks! Symfony2 is taking a bit to wrap my head around. I've been developing in 1.2-1.4 with Propel for awhile, so this is quite the change for me. Take care, Justin On Feb 4, 11:37 am, Christophe COEVOET <[email protected]> wrote: > Le 02/02/2011 23:51, Justin Fortier a crit : > > > Hey guys, > > > I've been having some issues defining my own Doctrine Entity class. I > > was able to get http-basic authentication working, and then form-login > > to work. Now it's just trouble getting my custom entity to work. All I > > get are "Bad Credentials" back. I'm not sure how Symony2 is > > determining if it's valid. I've tried dying at some of the get methods > > to see what it's accessing, and Symfony2 just continues like no die > > statements were ever there. > > > I'm not sure if it has to do with the implementation of the > > AccountInterface, but I've put in all the methods that were needed. > > Not sure what "equals" is supposed to return however. None of this is > > in the documentation (or it's really well hidden). > > > Anyway, any help would be greatly appreciated > > The equals method is supposed to compare the Account passed as an > argument to your entity to check whether it represents the same account > and is used to check the authentication in the session (so returning > true as you do is really a bad idea and a security hole). > > You have to configure an encoder for your user class to let Symfony know > how it has to check the password. Thus, the login has to be made by the > firewall used to securize the rest of the site as the context is not > shared between the firewalls and your provider configuration is invalid. > > Here is a configuration that should work (assuming the password are > stored as plaintext in the database which is a bad practice): > > <pre> > security.config: > encoder: > Backend\AuthBundle\Entity\Users: plaintext > > providers: > main: > entity: { class: AuthBundle:Users, property: email } > > firewalls: > main: > pattern: .* > form_login: true > anonymous: true > logout: { path: /logout, target: /login } > > access_control: > - { path: /login.*, role: IS_AUTHENTICATED_ANONYMOUSLY } > - { path: /.*, role: ROLE_USER } > </pre> > > Regards > > -- > Christophe | Stof -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
