search

nucleos / NucleosUserBundle

👤 Lightweight user management for symfony.
https://docs.nucleos.rocks/projects/user-bundle/
MIT License
59 stars 18 forks source link

csrf error with symfony5 on login #197

Closed mote0230 closed 3 years ago

mote0230 commented 3 years ago

Environment

linux

Packages

composer/package-versions-deprecated 1.11.99.1          1.11.99.1          Composer plugin that provides efficien...
doctrine/annotations                 1.11.1             1.11.1             Docblock Annotations Parser
doctrine/cache                       1.10.2             1.10.2             PHP Doctrine Cache library is a popula...
doctrine/collections                 1.6.7              1.6.7              PHP Doctrine Collections library that ...
doctrine/common                      3.1.0              3.1.0              PHP Doctrine Common project is a libra...
doctrine/dbal                        2.12.1             3.0.0              Powerful PHP database abstraction laye...
doctrine/doctrine-bundle             2.2.2              2.2.2              Symfony DoctrineBundle
doctrine/event-manager               1.1.1              1.1.1              The Doctrine Event Manager is a simple...
doctrine/inflector                   2.0.3              2.0.3              PHP Doctrine Inflector is a small libr...
doctrine/instantiator                1.4.0              1.4.0              A small, lightweight utility to instan...
doctrine/lexer                       1.2.1              1.2.1              PHP Doctrine Lexer parser library that...
doctrine/orm                         2.8.1              2.8.1              Object-Relational-Mapper for PHP
doctrine/persistence                 2.1.0              2.1.0              The Doctrine Persistence project is a ...
doctrine/sql-formatter               1.1.1              1.1.1              a PHP SQL highlighting library
dompdf/dompdf                        v1.0.2             v1.0.2             DOMPDF is a CSS 2.1 compliant HTML to ...
egulias/email-validator              2.1.25             3.0.0              A library for validating emails agains...
incenteev/composer-parameter-handler v2.1.4             v2.1.4             Composer script handling your ignored ...
jms/metadata                         2.4.0              2.4.0              Class/method/property metadata managem...
mbence/opentbs-bundle                dev-master 6e6be4b dev-master 6e6be4b OpenTBS Bundle for Symfony - create Op...
monolog/monolog                      2.2.0              2.2.0              Sends your logs to files, sockets, inb...
nucleos/dompdf-bundle                dev-main e48eb6e   dev-main e48eb6e   This bundle provides a wrapper for usi...
nucleos/user-bundle                  1.6.1              1.6.1              Lightweight user management for symfony
paragonie/random_compat              v9.99.100          v9.99.100          PHP 5.x polyfill for random_bytes() an...
phenx/php-font-lib                   0.5.2              0.5.2              A library to read, parse, export and m...
phenx/php-svg-lib                    v0.3.3             v0.3.3             A library to read, parse and export to...
psr/cache                            1.0.1              1.0.1              Common interface for caching libraries
psr/container                        1.0.0              1.0.0              Common Container Interface (PHP FIG PS...
psr/event-dispatcher                 1.0.0              1.0.0              Standard interfaces for event handling.
psr/link                             1.0.0              1.0.0              Common interfaces for HTTP links
psr/log                              1.1.3              1.1.3              Common interface for logging libraries
sabberworm/php-css-parser            8.3.1              8.3.1              Parser for CSS Files written in PHP
sensio/framework-extra-bundle        v5.6.1             v5.6.1             This bundle provides a way to configur...
stfalcon/tinymce-bundle              v3.0.1             v3.0.1             This Bundle integrates TinyMCE WYSIWYG...
swiftmailer/swiftmailer              v6.2.5             v6.2.5             Swiftmailer, free feature-rich PHP mailer
symfony/contracts                    v2.3.1             v2.3.1             A set of abstractions extracted out of...
symfony/monolog-bundle               v3.6.0             v3.6.0             Symfony MonologBundle
symfony/phpunit-bridge               v4.4.18            v5.2.1             Symfony PHPUnit Bridge
symfony/polyfill-ctype               v1.22.0            v1.22.0            Symfony polyfill for ctype functions
symfony/polyfill-iconv               v1.22.0            v1.22.0            Symfony polyfill for the Iconv extension
symfony/polyfill-intl-grapheme       v1.22.0            v1.22.0            Symfony polyfill for intl's grapheme_*...
symfony/polyfill-intl-icu            v1.22.0            v1.22.0            Symfony polyfill for intl's ICU-relate...
symfony/polyfill-intl-idn            v1.22.0            v1.22.0            Symfony polyfill for intl's idn_to_asc...
symfony/polyfill-intl-normalizer     v1.22.0            v1.22.0            Symfony polyfill for intl's Normalizer...
symfony/polyfill-mbstring            v1.22.0            v1.22.0            Symfony polyfill for the Mbstring exte...
symfony/polyfill-php72               v1.22.0            v1.22.0            Symfony polyfill backporting some PHP ...
symfony/polyfill-php73               v1.22.0            v1.22.0            Symfony polyfill backporting some PHP ...
symfony/polyfill-php80               v1.22.0            v1.22.0            Symfony polyfill backporting some PHP ...
symfony/polyfill-uuid                v1.22.0            v1.22.0            Symfony polyfill for uuid functions
symfony/swiftmailer-bundle           v3.5.1             v3.5.1             Symfony SwiftmailerBundle
symfony/symfony                      v5.2.1             v5.2.1             The Symfony PHP framework
twig/intl-extra                      v3.2.1             v3.2.1             A Twig extension for Intl
twig/twig                            v3.2.1             v3.2.1             Twig, the flexible, fast, and secure t...
vich/uploader-bundle                 1.16.0             1.16.0             Ease file uploads attached to entities

PHP version

$ php -v
PHP 7.4.3 (cli) (built: Oct  6 2020 15:47:56) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.3, Copyright (c), by Zend Technologies

Subject

After upgrading to symfony 5.2 from 4.4, login stopped working. I had another fresh project that started on symfony5 and tried adding nucleosuserbundle there but ran into the same problem.

Steps to reproduce

Add bundle to symfony5.2

Expected results

login with correct credentials gets logged in

Actual results

login with correct credetentials gets redirected to login form

Workaround

In security.yml, under firewalls.main.form_login comment out csrf_token_generator: security.csrf.token_manager

Error, from Log messages

Authentication request failed.
Hide context    Show trace

[▼
  "exception" => Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException {#92 ▼
    -token: null
    #message: "Invalid CSRF token."
    #code: 0
    #file: "/home/a/www/symfony/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php"
    #line: 76
    trace: {▼
      /home/a/www/symfony/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php:76 {▶}
      /home/a/www/symfony/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php:132 {▶}
      /home/a/www/symfony/vendor/symfony/symfony/src/Symfony/Bundle/SecurityBundle/Debug/WrappedLazyListener.php:49 {▶}
      /home/a/www/symfony/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AbstractListener.php:26 {▶}
      /home/a/www/symfony/vendor/symfony/symfony/src/Symfony/Bundle/SecurityBundle/Debug/TraceableFirewallListener.php:62 {▶}
      /home/a/www/symfony/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall.php:86 {▶}
      /home/a/www/symfony/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/Debug/WrappedListener.php:117 {▶}
      /home/a/www/symfony/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/EventDispatcher.php:230 {▶}
      /home/a/www/symfony/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/EventDispatcher.php:59 {▶}
      /home/a/www/symfony/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/Debug/TraceableEventDispatcher.php:151 {▶}
      /home/a/www/symfony/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php:133 {▶}
      /home/a/www/symfony/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php:79 {▶}
      /home/a/www/symfony/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Kernel.php:195 {▶}
      /home/a/www/symfony/web/app_dev.php:45 {▶}
core23 commented 3 years ago

Can you try the latest dev-main version. #190 should have fixed the issue

core23 commented 3 years ago

Please check the latest 1.7.0 release and reopen if the error still exists