Symfony 4在login_check之后以匿名身份登录
[英]Symfony 4 logs in as anonymous after login_check
问题描述
In Symfony 4, when I log in as a user via a login form, it posts the data to /login_check it identifies and authentificates the user correctly and then, when it redirects the user to the target path, it reauthentificates as an Anonymous user. 
在Symfony 4中,当我通过登录表单以用户身份登录时,它将数据发布到/ login_check,它正确标识并认证了用户,然后在将用户重定向到目标路径时,将其重新认证为匿名用户。
I have looked and followed with xdebug all the authentification process and it actually logs in the user, redirects the user and reauthentificates as an anon user. 我查看了xdebug并随后进行了所有身份验证过程,它实际上登录了用户,重定向了该用户,并以匿名用户身份重新进行身份验证。 I have no clue as per what could cause this. 我不知道是什么原因造成的。
When using the Remember me functionality everything works as expected so this is only when not using it. 使用“ 记住我”功能时,所有功能均按预期工作,因此仅在不使用时可以使用。
The 302 Redirect "POST @login (2c1c05)" is actually logged in as shown here below 302重定向“ POST @login(2c1c05)”实际上已登录,如下所示
And the security tab displays the user correctly: 安全选项卡正确显示用户:
However, the redirect logs out the user and reauthentificates as an anon user: 但是,重定向注销该用户,并以匿名用户身份重新认证:
My security configuration looks like this: 我的安全配置如下所示:
security:
encoders:
App\Entity\Current\CurrentUser:
algorithm: sha512
iterations: 5000
encode_as_base64: true
App\Entity\Legacy\User:
algorithm: sha512
iterations: 0
encode_as_base64: false
id: app.security.legacy_digest
Symfony\Component\Security\Core\User\User:
algorithm: sha512
providers:
chain_provider:
chain:
providers: [in_memory_provider, legacy_entity_provider, current_entity_provider]
in_memory_provider:
memory:
users:
bar:
password: sX49rzTmjz3+u9XFIkpphfNxjKHMrPWP7Y6l7sKkadWIgOFuYo+Ixjj6iMCeWr0LlUh9EXfi5nw5lgz4W5LDKA==
roles: [ROLE_USER, ROLE_ADMIN]
legacy_entity_provider:
entity:
class: App\Entity\Legacy\User
manager_name: legacy
property: username
current_entity_provider:
entity:
class: App\Entity\Current\CurrentUser
property: username
manager_name: current
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
provider: chain_provider
anonymous: true
form_login:
login_path: /login
check_path: /login
username_parameter: _username
password_parameter: _password
logout:
path: logout
target: /
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
role_hierarchy:
ROLE_ADMIN: [ROLE_USER]
My login form: 我的登录表格:
<form id="login-form" action="/login" method="post">
<fieldset>
<label for="login">{% trans %}label.login{% endtrans %}</label>
<input class="form-control" type="text" id="username" name="_username" value="{{ last_username }}"/>
<label for="password">{% trans %}label.password{% endtrans %}</label>
<input type="password" class="form-control mb-2" id="password" name="_password"/>
<input type="hidden" name="_target_path" value="{{ path(('myaccount_fr_fr' )) }}"/>
<button id="login-button" type="submit" class="btn mb-2 btn-secondary btn-block btn-submit_FX text-uppercase">
{% trans %}button.loginSubmit{% endtrans %}
</button>
</fieldset>
</form>
The login route path: 登录路由路径:
login:
path: /login
controller: App\Controller\SecurityController::login
The SecurityController: SecurityController:
class SecurityController extends Controller
{
public function login(Request $request, AuthenticationUtils $authenticationUtils)
{
$error = $authenticationUtils->getLastAuthenticationError();
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('user/login.html.twig', array (
'last_username' => $lastUsername,
'error' => $error,
));
}
}
1 个解决方案
解决方案1
0 已采纳 2018-05-22 13:24:46
There are curious behaviours sometimes when wrongly configuring a set of features for our applications and instead of having some sort of error that we need to decypher we only have some sort of collateral effect or behaviour in our application. 当错误地为我们的应用程序配置一组功能时,有时会出现奇怪的行为,而不会出现我们需要解密的某种错误,而在我们的应用程序中只有某种附带影响或行为。 In this case, when logging in, it would automatically log out the user without giving any further error of whatsoever. 在这种情况下,登录时,它将自动注销用户,而不会出现任何其他错误。
When using AdvancedUserInterface there are 4 extra functions that the User Entity needs to implement 使用AdvancedUserInterface时,用户实体需要实现4个附加功能
public function isAccountNonExpired();
public function isAccountNonLocked();
public function isCredentialsNonExpired();
public function isEnabled();
Note that this user implementation is now deprecated from 4.1 onwards and the use of User Checkers is now advised instead. 请注意,此用户实现从4.1开始不推荐使用,建议改为使用用户检查器 。
If you follow the documentation you will notice that within the first example you will find this: 如果遵循文档,您会发现在第一个示例中您会发现以下内容:
On the first example: 在第一个示例中:
/**
* @ORM\Column(name="is_active", type="boolean")
*/
private $isActive;
public function __construct()
{
$this->isActive = true;
// may not be needed, see section on salt below
// $this->salt = md5(uniqid('', true));
}
And then lower down, in the section Forbid Inactive Users (AdvancedUserInterface) 然后在“禁止不活动的用户(AdvancedUserInterface)”部分中降低
public function isEnabled()
{
return $this->isActive;
}
Well this does not work as you would expect it to work. 好吧,这不起作用,就像您期望的那样。 On subsequent requests, when the user is hydrated by the ORM the object is not fully constructed and isActive returns null. 在随后的请求中,当用户被ORM充水时,对象未完全构建,isActive返回null。 You need to get isActive from the database itself or force it from the constant itself: 您需要从数据库本身获取isActive或从常量本身强制它:
private $isActive = true;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.