Symfony2：使用 Doctrine2 实体进行身份验证 - 保存实体后密码设置为空白值

Question

I've hit a dead end here. When I save any kind of entity in my controller, the password and salt of the user that is currently logged in is blanked out in the database.

This is a relevant portion of my security configuration:

security:
    encoders:
        ISE\LoginBundle\Entity\User:
            algorithm: sha1
            iterations: 1
            encode_as_base64: false
    providers:
        main:
            entity:
                class: ISE\LoginBundle\Entity\User
                property: username

This is the eraseCredentials method of my user class. I suspect that at some point this method is called and then the user object is saved to the database with these changes. But I have no idea where that could be:

class User implements UserInterface {
    // ...
    public function eraseCredentials() {
        $this->password = null;
        $this->salt = null;
    }
    // ...
}

And this is an example of how I save an entity in one of my controllers, in this case it's the ProductController. Just a reminder: I am not manipulating the User object in my code in any way:

public function createAction() {
    // ...
    if ($form->isValid()) {
        $em = $this->get('doctrine')->getEntityManager();
        $em->persist($product);
        $em->flush();
        return $this->redirect($this->generateUrl('product_create', array('created' => true)));
    }
    // ...
}

I wouldn't expect any of this code to delete the user's password or salt in the database, yet exactly that happens. Can anyone help me beat my code into submission?

Answer 1

Symfony has a difference between plaintext and hashed credetials. In "eraseCredentials" you are supposed to delete all the plaintext information, not the hashed credetials that are saved to the database.