Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

401 JWT Token not found

I provided two versions of the security.yaml file. The second version according to API Platform documentation. API Platform sends to the creation a custom user provider. For the second option security.yaml recommended at API Platform docs, I need to create two additional files. I did not attach them to the topic, but will do it if necessary.

But I think that problem it is in JWT.

Environment:

  • node v8.9.4
  • chrome 64.0.3282.119
  • Ubuntu 16.04
  • axios version: 0.16.2
  • Vue.js 2.4.2
  • vue-axios 2.0.2
  • api-platform/api-pack: 1.0
  • Symfony 4.0.4

User.php

<?php

namespace App\Entity;

use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\UserInterface;

/**
 * @ORM\Table(name="app_users")
 * @ORM\Entity(repositoryClass="App\Repository\UserRepository")
 */
class User implements UserInterface, \Serializable
{
    /**
     * @ORM\Column(type="integer")
     * @ORM\Id
     * @ORM\GeneratedValue(strategy="AUTO")
     */
    private $id;

    /**
     * @ORM\Column(type="string", length=25, unique=true)
     */
    private $username;

    /**
     * @ORM\Column(type="string", length=64)
     */
    private $password;

    /**
     * @ORM\Column(type="string", length=60, unique=true)
     */
    private $email;

    /**
     * @ORM\Column(name="is_active", type="boolean")
     */
    private $isActive;

    public function __construct() // add $username
    {
        $this->isActive = true;
    }

    public function getUsername()
    {
        return $this->username;
    }

    public function getSalt()
    {
        // you *may* need a real salt depending on your encoder
        // see section on salt below
        return null;
    }

    public function getPassword()
    {
        return $this->password;
    }

    public function getRoles()
    {
        return array('ROLE_ADMIN');
    }

    public function eraseCredentials()
    {
    }

    /** @see \Serializable::serialize() */
    public function serialize()
    {
        return serialize(array(
            $this->id,
            $this->username,
            $this->password,
            // see section on salt below
            // $this->salt,
        ));
    }

    /** @see \Serializable::unserialize() */
    public function unserialize($serialized)
    {
        list (
            $this->id,
            $this->username,
            $this->password,
            // see section on salt below
            // $this->salt
        ) = unserialize($serialized);
    }
}

First option security.yaml

security:

    encoders:
        App\Entity\User:
            algorithm: bcrypt

    providers:

        our_db_provider:
            entity:
                class: App\Entity\User
                property: username

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        login:
            pattern:  ^/api/login
            stateless: true
            anonymous: true
            form_login:
                check_path:               /api/login_check
                success_handler:          lexik_jwt_authentication.handler.authentication_success
                failure_handler:          lexik_jwt_authentication.handler.authentication_failure
                require_previous_session: false

        api:
            pattern:   ^/api
            stateless: true
            provider: our_db_provider
            guard:
                authenticators:
                    - lexik_jwt_authentication.jwt_token_authenticator

    access_control:
        - { path: ^/admin, roles: ROLE_ADMIN }
        - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api,       roles: IS_AUTHENTICATED_FULLY }

Second option security.yaml

security:

    encoders:
        App\Entity\User:
            algorithm: bcrypt

        App\Security\User\WebserviceUser: bcrypt

    providers:

        our_db_provider:
            entity:
                class: App\Entity\User
                property: username

        webservice:
            id: App\Security\User\WebserviceUserProvider

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        login:
            pattern:  ^/api/login
            stateless: true
            anonymous: true
            provider: webservice
            form_login:
                check_path:               /api/login_check
                success_handler:          lexik_jwt_authentication.handler.authentication_success
                failure_handler:          lexik_jwt_authentication.handler.authentication_failure
                require_previous_session: false

        api:
            pattern:   ^/api
            stateless: true
            provider: our_db_provider
            guard:
                authenticators:
                    - lexik_jwt_authentication.jwt_token_authenticator
    access_control:
        - { path: ^/admin, roles: ROLE_ADMIN }
        - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api,       roles: IS_AUTHENTICATED_FULLY }

Headers

headers

curl

curl

curl with headers

curl with headers

In browser

in browser

.env

###> lexik/jwt-authentication-bundle ###
# Key paths should be relative to the project directory 
JWT_PRIVATE_KEY_PATH=var/jwt/private.pem
JWT_PUBLIC_KEY_PATH=var/jwt/public.pem
JWT_PASSPHRASE=d70414362252a41ce772dff4823d084d
###< lexik/jwt-authentication-bundle ###

lexik_jwt_authentication.yaml

lexik_jwt_authentication:
    private_key_path: '%kernel.project_dir%/%env(JWT_PRIVATE_KEY_PATH)%'
    public_key_path:  '%kernel.project_dir%/%env(JWT_PUBLIC_KEY_PATH)%'
    pass_phrase:      '%env(JWT_PASSPHRASE)%'
like image 650
Dmitry S. Avatar asked Feb 07 '18 15:02

Dmitry S.


Video Answer


2 Answers

My solutions was to add this in .htaccess

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
like image 119
cosy Avatar answered Jan 03 '23 14:01

cosy


Problem be is encrypted private key.

Private key is normally encrypted and protected with a passphrase or password before the private key is transmitted or sent. When you receive an encrypted private key, you must decrypt the private key in order to use the private key.

To identify whether a private key is encrypted or not, open the private key in any text editor. An encrypted key has the first few lines that similar to the following, with the ENCRYPTED word:

---BEGIN RSA PRIVATE KEY---
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,AB8E2B5B2D989271273F6730B6F9C687
------
------
------
---END RSA PRIVATE KEY---

On the other hand, an unecrypted key will have the following format:

---BEGIN RSA PRIVATE KEY---
------
------
------
---END RSA PRIVATE KEY---

Encrypted key cannot be used directly in applications in most scenario. It must be decrypted first.

OpenSSL in Linux is the easiest way to decrypt an encrypted private key. Use the following command to decrypt an encrypted RSA key:

openssl rsa -in ssl.key.secure -out ssl.key

Make sure to replace the “server.key.secure” with the filename of your encrypted key, and “server.key” with the file name that you want for your encrypted output key file.

If the encrypted key is protected by a passphrase or password, enter the pass phrase when prompted.

Once done, you will notice that the ENCRYPTED wording in the file has gone.

If be I did not use Postman, then I would not have seen the error of Symfony, which helped me find the root of the problem. It would be nice if be Lesik LexikJWTAuthenticationBundle processed this error.

like image 42
Dmitry S. Avatar answered Jan 03 '23 15:01

Dmitry S.