Authenticator: getUser, checkCredentials & Success/Failure

Hi sunil kumar!

Hmm. So first, yes, your Acme\ApiBundle\Entity\User class must implement UserInterface. It's just one of the rules for security: whatever object you return from the security system (via getUser() in your authenticator) must be an object that implements this interface.

when implement UserInterface in my User entity I get a null response from $this->getUser()

This is odd. The fact that you got the previous error:

Acme\ApiBundle\Security\JwtTokenAuthenticator::getUser() method must return a UserInterface. You returned Acme\ApiBundle\Entity\User"

tells me that your authenticator's getUser() method IS successfully returning the Acme\ApiBundle\Entity\User object. So it's odd that, as soon as you add an interface to that object, it is not set into the security system. Basically, something weird is happening. Here is what I would do:

A) Add the UserInterface. You need this.
B) Verify that you are returning a User object from your authenticator's getUser() method. I would do something like this temporarily:

$user= $this->em
    ->getRepository('AcmeApiBundle:User')
    ->findOneBy(['id' => $user_id]);

dd($user);

return $user;

C) Verify that your authenticator's getCredentials() method returns true - it will literally be return true;.

D) Verify (by placing a temporary dd('here!');) that the onAuthenticationSuccess() method in your authenticator IS being called. We want to make sure that authentication WAS successful.

Let me know if this helps you find anything :).

Cheers!

Hey Florian!

That's almost definitely from the PhpStorm Symfony plugin - make sure you've got it installed AND enabled on this project. It's a bit outdated now, but we talk about it on this tutorial: https://symfonycasts.com/sc...

Cheers!

Hey Alexandros_Spyropoulos!

Apologies for my slow reply! So.... hmm, this is a mystery! First, yes, $this->_security->getUser() should return the User object once your User is authenticated. The idea behind your code here is correct! So, here is my guess: after you redirect, you are somehow losing authentication. This is actually something that can happen if your code isn't setup quite correctly. Basically, you authenticate, redirect, but then there is a problem reloading your User object from the session.

Here is how you can see if this is your problem. In loginAction, instead of checking for $session = $this->get('session');, do the same check that you have in your authenticator - get the security service and call getUser(). If I am correct, you will find that you are being immediately logged out, and so, this will now render the login form.

IF this is your problem, let me know: the issue is with the serialization of your User object. If you have a serialize() method on your User class, that could be the problem. The temporary fix would be to implement an EquatableInterface on your user, which requires you to add a new isEqualTo(UserInterface $user method. Try returning true from this. If it fixes your problem, then my guess is right. Let me know, and then we can talk about the correct solution.

But, if I'm totally wrong, also let me know!

Cheers!

Hi Ryan,

First of all thank you for you reply!
Secondly I did the test that you asked and I also did the whole cycle noticing the security getUser() value. There are happening 3 redirects before accessing Security Controller and loginAction. First is the credentials post, here $this->_security->getUser() is NULL so authentication goes on. On authentication success I should be redirected to WelcomeController again authenticator starts and the $this->_security->getUser() IS AGAIN NULL so I am redirecting back to LoginController. Now in authenticator this time the $this->_security->getUser() has the authenticated user object so no authentication takes place and I am redirecting straight to my LoginController. Here I used the same service as in my authenticator $this->get('security.helper')->getUser() and the user object exists! However due to my session logic I redirect back to WelcomeController. I am again inside authenticator and guess what...? $this->_security->getUser() is NULL AGAIN so I am redirecting back to LoginController to see that $this->get('security.helper')->getUser() has the user. I hope I didn't make you feel dizzy :)

So as you see it seems like something is writing and deleting the security getUser? Also there isn't any serialize() method on my User Class. If you need to provide any extra code please let me know!

Thanks again for your help

Hey @alexandrosspylitopoulos!

Hmm, this is indeed very strange! It's very strange that after the first redirect, you are not authenticated (not user) and then after the second redirect, you are authenticated. Basically, something *very* strange is happening, and I would recommend removing as much code as you can to try to find the problem. A few questions:

A) Did you try to implement EquatableInterface on your User and return true from isEqualTo()? I don't think this will fix the problem, but we need to try it to be sure.

B) Do you have just 1 authenticator or other authenticators?

C) Can you post your security.yml file and authenticator code?

Cheers!

Hey @weaverryan ,

I solved the problem. I didn't need to follow any of the steps provided.
As it seems the problem was most probably due to having two firewalls set up instead of one.

If you check I had the login and the admin firewall so that mean two provider keys. The two provider keys means two different tokens ( check createAuthenticatedToken(UserInterface $user, $providerKey) at GuardAuthenticatorInterface ) and two different session variables. So when I was logged in the first time my request was routing via login firewall ($providerKey) it was creating a token that was then stored in session under key _security_login ( session key pattern is _security_$providerKey). The second time my request was routing through the admin firewall ($providerKey) and was try to find in the session key _security_admin which was empty and thus failing to get the serialized token that contained the User object.

What I did was to creating one firewall and then use the access_control correctly as I had to do from the beginning I suppose :P nevertheless thank you so much for your support!

Hey @alexandrosspylitopoulos!

Bah! Good fix! That was my fault - I completely missed the fact that you had two firewalls! And yes, I like your solution: you rarely need 2 real firewalls.

Thanks for updating me on the fix!