The firewall function of symfony2 security, curl simulates form submission error reporting
PHP中文网
PHP中文网 2017-05-16 16:44:15
0
1
550

hello Hello everyone, due to business needs, I use curl simulation form instead of real form submission. However, when the system log shows that the authentication is successful, an error occurs during the jump. The error log is as follows:

 security.INFO: User "admin" has been authenticated successfully [] []
[2015-06-10 16:50:46] event.DEBUG: Listener "Symfony\Component\Security\Http\Firewall::onKernelRequest" stopped propagation of the event "kernel.request". [] []
[2015-06-10 16:50:46] event.DEBUG: Listener "Symfony\Bundle\AsseticBundle\EventListener\RequestListener::onKernelRequest" was not called for event "kernel.request". [] []
[2015-06-10 16:50:46] event.DEBUG: Listener "Symfony\Component\HttpKernel\EventListener\ErrorsLoggerListener::injectLogger" was not called for event "kernel.request". [] []
[2015-06-10 16:50:46] event.DEBUG: Listener "Symfony\Component\HttpKernel\EventListener\ErrorsLoggerListener::injectLogger" was not called for event "kernel.request". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\Firewall\ContextListener::onKernelResponse". [] []
[2015-06-10 16:50:46] security.DEBUG: Write SecurityContext in the session [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\FirePHPHandler::onKernelResponse". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\ChromePhpHandler::onKernelResponse". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ResponseListener::onKernelResponse". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\RememberMe\ResponseListener::onKernelResponse". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\CacheListener::onKernelResponse". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelResponse". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bundle\WebProfilerBundle\EventListener\WebDebugToolbarListener::onKernelResponse". 
[] [][2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\SaveSessionListener::onKernelResponse". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\StreamedResponseListener::onKernelResponse". [] 
[][2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.terminate" to listener "Symfony\Bundle\SwiftmailerBundle\EventListener\EmailSenderListener::onTerminate". [] []
[2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelRequest". [] []
[2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\FrameworkBundle\EventListener\SessionListener::onKernelRequest". [] []
[2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\FragmentListener::onKernelRequest". [] []
[2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\RouterListener::onKernelRequest". [] []
[2015-06-10 16:50:47] request.INFO: Matched route "home" (parameters: "_controller": "User\UserBundle\Controller\HomeController::index", "_route": "home") [] []
[2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleListener::onKernelRequest". [] []
[2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\Security\Http\Firewall::onKernelRequest". [] []
[2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.exception" to listener "Symfony\Component\Security\Http\Firewall\ExceptionListener::onKernelException". [] []
[2015-06-10 16:50:47] security.INFO: Authentication exception occurred; redirecting to authentication entry point (A Token was not found in the SecurityContext.) [] []
[2015-06-10 16:50:47] security.DEBUG: Calling Authentication entry point [] []

The simulation code is as follows:

The configuration file is the same as the form submission, both are logintest
However, the form submission result is correct, but the curl simulation is incorrect. You can see that the token is not obtained at the end of the log, but jumps directly back to logintest.
My question is, what is the difference between curl simulation and real form submission? Furthermore, how does symfony monitor the submission time? Thank you everyone, please find a solution.

PHP中文网
PHP中文网

认证0级讲师

reply all(1)
过去多啦不再A梦

In Symfony, Form will automatically add a hidden field of CSRF TOKEN (default name is _token) to prevent illegal submissions. When the form is submitted, the system will first detect the validity of _token, so the question When you submit using CURL, you must manually add _token and manually generate CSRF TOKEN:

$intention = 'test string';
$csrf      = $this->get('form.csrf_provider');

Generate CSRF TOKEN and:

$post_data['_token'] = $csrf->generateCsrfToken($intention);

Check whether the CSRF is valid when the form is submitted:

$token = $request->get('_token');

if( $csrf->isCsrfTokenValid($intention, $token) ) {
    return new Response('CSRF Token Invalid');
}

return new Response('Success');

Alternatively, you can disable CSRF directly in configureOptions:

$resolver->setDefaults(array(
    'csrf_protection' => true
));
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template