I have 2 user types on a website: Users and Vendors. Each of those types will use own login form. Therefore I've decided to create 2 separate firewalls in security.yaml:
security:
encoders:
App\Entity\Main\User:
algorithm: bcrypt
App\Entity\Main\Vendor:
algorithm: bcrypt
providers:
users_provider:
entity:
class: App\Entity\Main\User
property: email
vendors_provider:
entity:
class: App\Entity\Main\Vendor
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
anonymous: ~
provider: users_provider
form_login:
check_path: security_login
login_path: security_login
csrf_token_generator: security.csrf.token_manager
csrf_parameter: _csrf_token
csrf_token_id: authenticate
use_referer: true
target_path_parameter: go_to
logout:
path: security_logout
vendor:
pattern: ^/vendor/
anonymous: ~
provider: vendors_provider
form_login:
check_path: security_vendor_login
login_path: security_vendor_login
csrf_token_generator: security.csrf.token_manager
csrf_parameter: _csrf_token
csrf_token_id: authenticate
use_referer: true
target_path_parameter: go_to
logout:
path: security_logout
access_control:
- { path: ^/%locales%/login, roles: ['IS_AUTHENTICATED_ANONYMOUSLY'] }
- { path: ^/%locales%/vendor, roles: ['IS_AUTHENTICATED_ANONYMOUSLY'] }
- { path: ^/%locales%, roles: ['IS_AUTHENTICATED_ANONYMOUSLY'] }
Login form for User user-login.html.twig:
{% extends 'main/base.html.twig' %}
{% block content %}
<form action="{{ path('security_login') }}"
method="POST">
<input type="text"
id="email-field"
class="form-control"
name="_username"
value="{{ form._username.vars.value }}">
<input type="password" id="password-field" class="form-control"
name="_password">
<input type="hidden" id="csrf" name="_csrf_token"
value="{{ csrf_token('authenticate') }}">
</form>
{% endblock %}
Login form for Vendor vendor-login.html.twig:
{% extends 'main/base.html.twig' %}
{% block content %}
<form action="{{ path('security_vendor_login') }}"
method="POST">
<input type="text"
id="email-field"
class="form-control"
name="_username"
value="{{ form._username.vars.value }}">
<input type="password" id="password-field" class="form-control"
name="_password">
<input type="hidden" id="csrf" name="_csrf_token"
value="{{ csrf_token('authenticate') }}">
</form>
{% endblock %}
Routes for login are defined in routes.yaml:
security_login:
path: /login
controller: App\Controller\Main\SecurityController:loginAction
methods: [GET, POST]
security_vendor_login:
path: /vendor/login
controller: App\Controller\Main\SecurityController:vendorLoginAction
methods: [GET, POST]
And the login methods in SecurityController:
public function userLoginAction(Request $request)
{
$error = $this->authenticationUtils->getLastAuthenticationError();
$lastUsername = $this->authenticationUtils->getLastUsername();
$form = $this->formFactory->create(LoginForm::class, [
'_username' => $lastUsername
]);
return new Response(
$this->twigService->render(
'main/security/user-login.html.twig',
[
'form' => $form->createView(),
'error' => $error,
]
),
200
);
}
public function vendorLoginAction(Request $request)
{
$error = $this->authenticationUtils->getLastAuthenticationError();
$lastUsername = $this->authenticationUtils->getLastUsername();
$form = $this->formFactory->create(LoginForm::class, [
'_username' => $lastUsername
]);
return new Response(
$this->twigService->render(
'main/security/vendor-login.html.twig',
[
'form' => $form->createView(),
'error' => $error,
]
),
200
);
}
When I use the /login route then I'll be successfully logged in as User. However if I go to /vendor/login page and submit email and password the page just refreshes without any error messages and I'll not be authenticated. And in var/log/dev.log I see this
[2020-01-23 17:12:05] security.INFO: Populated the TokenStorage with an anonymous Token. []
Any ideas why this is happening?