在 Symfony 中找不到在 null 上调用成员函数 isPasswordValid() 的解决方案
Posted
技术标签:
【中文标题】在 Symfony 中找不到在 null 上调用成员函数 isPasswordValid() 的解决方案【英文标题】:Cannot find solution for Call to a member function isPasswordValid() on null in Symfony 【发布时间】:2021-07-15 05:01:59 【问题描述】:当我尝试登录注册用户时,我无法比这个错误更进一步。 我的身份验证器
<?php
namespace App\Security;
use App\Entity\User;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Csrf\CsrfToken;
use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator;
use Symfony\Component\Security\Http\Util\TargetPathTrait;
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
class UserLoginAuthentificatorAuthenticator extends AbstractFormLoginAuthenticator
use TargetPathTrait;
public const LOGIN_ROUTE = 'app_login';
private $entityManager;
private $urlGenerator;
private $csrfTokenManager;
private $passwordEncoder;
public function __construct(EntityManagerInterface $entityManager, UrlGeneratorInterface $urlGenerator, CsrfTokenManagerInterface $csrfTokenManager)
$this->entityManager = $entityManager;
$this->urlGenerator = $urlGenerator;
$this->csrfTokenManager = $csrfTokenManager;
public function supports(Request $request)
return self::LOGIN_ROUTE === $request->attributes->get('_route')
&& $request->isMethod('POST');
public function getCredentials(Request $request)
$credentials = [
'email' => $request->request->get('email'),
'password' => $request->request->get('password'),
'csrf_token' => $request->request->get('_csrf_token'),
];
$request->getSession()->set(
Security::LAST_USERNAME,
$credentials['email']
);
return $credentials;
public function getUser($credentials, UserProviderInterface $userProvider)
$token = new CsrfToken('authenticate', $credentials['csrf_token']);
if (!$this->csrfTokenManager->isTokenValid($token))
throw new InvalidCsrfTokenException();
$user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => $credentials['email']]);
if (!$user)
// fail authentication with a custom error
throw new CustomUserMessageAuthenticationException('Email could not be found.');
return $user;
public function checkCredentials($credentials, UserInterface $user)
return $this->passwordEncoder->isPasswordValid($user->getPassword(), $credentials['password'],$user->getSalt());
// Check the user's password or other credentials and return true or false
// If there are no credentials to check, you can just return true
//throw new \Exception('TODO: check the credentials inside '.__FILE__);
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey)
if ($targetPath = $this->getTargetPath($request->getSession(), $providerKey))
return new RedirectResponse($targetPath);
// For example : return new RedirectResponse($this->urlGenerator->generate('some_route'));
throw new \Exception('TODO: provide a valid redirect inside '.__FILE__);
protected function getLoginUrl()
return $this->urlGenerator->generate(self::LOGIN_ROUTE);
注册控制器
<?php
namespace App\Security;
use App\Entity\User;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Csrf\CsrfToken;
use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator;
use Symfony\Component\Security\Http\Util\TargetPathTrait;
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
class UserLoginAuthentificatorAuthenticator extends AbstractFormLoginAuthenticator
use TargetPathTrait;
public const LOGIN_ROUTE = 'app_login';
private $entityManager;
private $urlGenerator;
private $csrfTokenManager;
private $passwordEncoder;
public function __construct(EntityManagerInterface $entityManager, UrlGeneratorInterface $urlGenerator, CsrfTokenManagerInterface $csrfTokenManager)
$this->entityManager = $entityManager;
$this->urlGenerator = $urlGenerator;
$this->csrfTokenManager = $csrfTokenManager;
public function supports(Request $request)
return self::LOGIN_ROUTE === $request->attributes->get('_route')
&& $request->isMethod('POST');
public function getCredentials(Request $request)
$credentials = [
'email' => $request->request->get('email'),
'password' => $request->request->get('password'),
'csrf_token' => $request->request->get('_csrf_token'),
];
$request->getSession()->set(
Security::LAST_USERNAME,
$credentials['email']
);
return $credentials;
public function getUser($credentials, UserProviderInterface $userProvider)
$token = new CsrfToken('authenticate', $credentials['csrf_token']);
if (!$this->csrfTokenManager->isTokenValid($token))
throw new InvalidCsrfTokenException();
$user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => $credentials['email']]);
if (!$user)
// fail authentication with a custom error
throw new CustomUserMessageAuthenticationException('Email could not be found.');
return $user;
public function checkCredentials($credentials, UserInterface $user)
return $this->passwordEncoder->isPasswordValid($user->getPassword(), $credentials['password'],$user->getSalt());
// Check the user's password or other credentials and return true or false
// If there are no credentials to check, you can just return true
//throw new \Exception('TODO: check the credentials inside '.__FILE__);
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey)
if ($targetPath = $this->getTargetPath($request->getSession(), $providerKey))
return new RedirectResponse($targetPath);
// For example : return new RedirectResponse($this->urlGenerator->generate('some_route'));
throw new \Exception('TODO: provide a valid redirect inside '.__FILE__);
protected function getLoginUrl()
return $this->urlGenerator->generate(self::LOGIN_ROUTE);
我将安全设置为自动算法 安全.yalm
security:
enable_authenticator_manager: true
encoders:
App\Entity\User:
algorithm: auto
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
users_in_memory: memory: null
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: false
lazy: true
provider: users_in_memory
guard:
authenticators:
- App\Security\UserLoginAuthentificatorAuthenticator
logout:
path: app_logout
# where to redirect after logout
# target: app_any_route
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#firewalls-authentication
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
# allow unauthenticated users to access the login form
- path: ^/admin/login, roles: PUBLIC_ACCESS
- path: ^/admin, roles: ROLE_ADMIN
- path: ^/profile, roles: ROLE_USER
我是 Symfony 的初学者,我不止一次阅读 Symfony 安全章节。我一定错过了什么。如果有人可以帮助我,那就太好了
【问题讨论】:
您似乎忘记在身份验证器的构造函数中分配$this->passwordEncoder = $passwordEncoder。
感谢您的帮助
enable_authenticator_manager: true 表示您正在使用新的身份验证器功能。它与保护身份验证器不兼容。即使你有一些工作,你也应该开始一个新的项目,决定是否要使用新的身份验证系统,然后再次运行 make:auth。
@Cerad,你说得对
【参考方案1】:
在 Authenticator 中而不是这个:
public function checkCredentials($credentials, UserInterface $user)
return $this->passwordEncoder->isPasswordValid($user->getPassword(), $credentials['password'],$user->getSalt());
使用这个:
public function checkCredentials($credentials, UserInterface $user)
return $this->passwordEncoder->isPasswordValid($user, $credentials['password']);
在 security.yaml 中而不是这个:
providers:
users_in_memory: memory: null
使用这个:
providers:
app_user_provider:
entity:
class: App\Entity\User
property: email
而不是这个:
main:
anonymous: false
lazy: true
provider: users_in_memory
guard:
authenticators:
- App\Security\UserLoginAuthentificatorAuthenticator
使用这个:
main:
anonymous: true
lazy: true
provider: app_user_provider
guard:
authenticators:
- App\Security\UserAuthenticator
并在您的控制器中添加:
$this->passwordEncoder = $passwordEncoder;
之后:
$this->csrfTokenManager = $csrfTokenManager;
像这样:
public function __construct(EntityManagerInterface $entityManager, UrlGeneratorInterface $urlGenerator, CsrfTokenManagerInterface $csrfTokenManager, UserPasswordEncoderInterface $passwordEncoder)
$this->entityManager = $entityManager;
$this->urlGenerator = $urlGenerator;
$this->csrfTokenManager = $csrfTokenManager;
$this->passwordEncoder = $passwordEncoder;
【讨论】:
感谢您的帮助,就是这样。我之前尝试过这些修改,但我没有向好的提供者寻址,也没有分配 $passwordEncoder。我不得不删除 security.yalm 中的 anonymous=true。我有一个错误,告诉我没有使用匿名,我必须删除它。 @phil 如果它解决了您的问题或对找到您的解决方案最有帮助,请接受此答案以上是关于在 Symfony 中找不到在 null 上调用成员函数 isPasswordValid() 的解决方案的主要内容,如果未能解决你的问题,请参考以下文章
Symfony:在 SecurityContext 中找不到用于防火墙后路由的令牌
Symfony - Sonata “在管理池中找不到管理服务“app.admin.post”。”
Symfony 2 Assetic 致命错误:在资产转储中找不到类“Assetic\Util\PathUtils”
Symfony 错误:在链配置的命名空间 App\Entity 中找不到类 xxx [重复]
在链配置的命名空间 App\Entity [Symfony 5.3][PHPUnit 8.5] 中找不到类 Mock_*