Le 17/06/2011 02:16, Apostolos Karakoussis a écrit :
I am having trouble setting up a firewall. I am using beta4 so far.
Here is my security.yml:
[code]
security:
providers:
user_db:
entity: { class: mytest\TestBundle\Entity\Account,
property: email }
encoders:
mytest\TestBundle\Entity\Account: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN,
ROLE_ALLOWED_TO_SWITCH]
firewalls:
secured_area:
pattern: ^/ticket
stateless: true
security: true
http_basic:
realm: "Secured Demo Area"
provider: user_db
access_control:
#- { path: /login, roles: IS_AUTHENTICATED_ANONYMOUSLY,
requires_channel: https }
[/code]
As far as I understand so far, I request the lookup to be done using
the e-mail field of the entity "Account" and check the password using
plaintext storage.
So here is my Account class:
[code]
namespace mytest\TestBundle\Entity;
use Doctrine\ORM\Mapping as orm;
use Symfony\Component\Security\Core\User\UserInterface;
/** @orm\Entity @orm\Table(name="accounts") */
class Account implements UserInterface /*extends BaseUser*/ {
/** @orm\Id @orm\Column(type="integer") @orm
\GeneratedValue(strategy="AUTO") */
protected $id;
/** @orm\Column(type="string", length=100) */
protected $email;
/** @orm\Column(type="string", length=16, nullable=true) */
protected $login;
/** @orm\Column(type="string", length=255) */
protected $password;
/** @orm\Column(type="string", length=20) */
private $nameFirst;
/** @orm\Column(type="string", length=20) */
private $nameLast;
/** @orm\Column(type="datetime", nullable=true) */
protected $createdAt;
/** @orm\Column(type="datetime", nullable=true) */
protected $updatedAt;
public function getUsername() { return $this->login; }
public function getSalt() { return "123"; }
public function eraseCredentials() {}
public function getRoles() { return array(new Role('ROLE_USER')); }
public function equals(UserInterface $user) {
if (!$user instanceof Users) {
return false;
}
return (trim(mb_strtolower($user->email)) ==
trim(mb_strtolower($this->email)));
}
}
[/code]
When I try to request the http://hostname/app_dev.php/ticket resource
I get an http_basic popup from my browser, I enter a users e-mail and
the (in plaintext in the db stored) password and all I get is
[code]
Authentication request failed: The presented password is invalid.
[/code]
which is odd considering I am requesting a comparison with the
database password which is a plaintext string.
after seeing this, I googled a bit, then I googled some more and then
some and made the following change:
security.yml:
[code]
encoders:
mytest\TestBundle\Entity\Account:
algorithm: sha1
encode-as-base64: false
iterations: 1
[/code]
which basically tells to use hashing with sha1, without encoding as
base64 on the database. Since the whole procedure requires a salt, now
the function getSalt *SHOULD* be used so the final stored password in
the database should be "password123". I moddified the database record
to store the password as
"cbfdac6008f9cab4083784cbd1874f76618d2a97" (which is what I get using
hash('sha1', 'password123');
The salt is not simply concatenated. You should use the encoder to
encode the password to be sure to have the same encoded password than
when checking it.
Btw, the salt is also used when using plaintext
Now when I try to authenticate using the password 'password' I *STILL*
get the error:
[code]
Authentication request failed: The presented password is invalid.
[/code]
which is getting me to a dead end...
What am I doing wrong? How can I solve this?
--
Christophe | Stof
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
