Symfony 4 JWT – Auth works only if i reset password

first time here.

I’m using LexikJWTBundle in a Symfony 4 API.

I created a Symfony command that at some point creates users.

Now, authentication works just fine on my local web server. But on production server, i got a {"code":401,"message":"Invalid credentials."}. However, if i reset the password (via another API endpoint), then i can log in.

curl -X POST -H "Content-Type: application/json" http://production-url/api/login -d '{"username":"PM-03792","password":"edc772cd"}'

My user freshly created.

The password edc772cd, generated at the user’s creation, is matching with the hash $argon2id$v=19$m=65536,t=4,p=1$MDZEZy9VaEx6ZkhkM0ViWg$H+jkLemeDZG+3KrJ891qHw0J3g/2RP3M8EQlhOzExZI.

The production server’s log

[error] AH10039: FastCGI: server "/homez.947/xqeknef/www/reservetacaisse/public/index.php" stderr: PHP message: [info] Matched route "login".
[error] AH10039: FastCGI: server "/homez.947/xqeknef/www/reservetacaisse/public/index.php" stderr: PHP message: [debug] SELECT t0.id AS id_1, t0.username AS username_2, t0.roles AS roles_3, t0.password AS password_4, t0.no_agent AS no_agent_5, t0.mail AS mail_6 FROM rtv_user t0 WHERE t0.username = ? LIMIT 1
[error] AH10039: FastCGI: server "/homez.947/xqeknef/www/reservetacaisse/public/index.php" stderr: PHP message: [info] Authentication request failed.

I use this code to generate my user, using the UserPasswordEncoderInterface and i reset his password the same way :

// [...]
$randomPassword = substr(sha1(random_bytes(5)), 0,8);
$user->setUsername($username)
     ->setMail($mail)
     ->setPassword($this->encoder->encodePassword($user, $randomPassword))
     ->setNoAgent($noAgent)
;
$this->em->persist($user);
// [...]

My configuration :

# security.yaml

security:
    encoders:
        AppEntityUser:
            algorithm: auto

    providers:
        app_user_provider:
            entity:
                class: AppEntityUser
                property: username
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        login:
            pattern:  ^/api/login
            stateless: true
            anonymous: true
            provider: app_user_provider
            json_login:
                check_path: /api/login
                username_path: username
                password_path: password
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure
        refresh:
            pattern:  ^/api/token/refresh
            stateless: true
            anonymous: true
        api:
            pattern: ^/api
            stateless: true
            provider: app_user_provider
            guard:
                authenticators:
                    - lexik_jwt_authentication.jwt_token_authenticator
        main:
            anonymous: ~

    access_control:
        - { path: ^/api/docs, roles: IS_AUTHENTICATED_ANONYMOUSLY } # Allows accessing the Swagger UI
        - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api/reset-password, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api/token/refresh, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/politique-de-confidentialite, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/documentation, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/, roles: IS_AUTHENTICATED_FULLY }
  • .env is in dev mode
  • I cleared cache
  • I regenerated RSA keys

I don’t understand why auth works after resetting the password while (i think) nothing has changed but the hash who was already valid.

I’m a bit lost on what to do.

Thank you for your time

Source: Symfony Questions

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *