Symfony4根据remember me cookie找不到用户

【问题标题】:Symfony4 does not find user according to remember me cookieSymfony4根据remember me cookie找不到用户
【发布时间】:2021-02-04 09:04:27
【问题描述】:

我已经配置 symfony 4 在用户选中复选框时设置一个记住我的 cookie。这可以正常工作。但是当我重新启动浏览器并返回网站时,网站会删除 cookie。 symfony 日志如下所示:

[Application] Oct 21 14:14:12 |DEBUG  | SECURI Remember-me cookie detected. 
[Application] Oct 21 14:14:12 |INFO   | SECURI User for remember-me cookie not found. 
[Application] Oct 21 14:14:12 |DEBUG  | DOCTRI SELECT t0.id AS id_1, t0.email AS email_2, t0.roles AS roles_3, t0.password AS password_4, t0.is_verified AS is_verified_5, t0.pending_surfpoints AS pending_surfpoints_6, t0.surfpoints_total AS surfpoints_total_7, t0.balance AS balance_8, t0.username AS username_9, t0.ref_earning AS ref_earning_10, t0.ref_id AS ref_id_11 FROM user t0 WHERE t0.email = ? LIMIT 1 0="myUsername"
[Application] Oct 21 14:14:12 |DEBUG  | SECURI Clearing remember-me cookie. name="REMEMBERME"

我将用户登录配置为使用电子邮件和用户名(我的更改如下所述)。我认为现在的问题是,记住我的 cookie 正在我的数据库的用户名部分中搜索用户名。

我更改了 UserAuthentificatorAuthenticator.php 中的 getUser 函数来查找电子邮件,如果用户名失败:

public function getUser($credentials, UserProviderInterface $userProvider)
    {
        $token = new CsrfToken('authenticate', $credentials['csrf_token']);
        if (!$this->csrfTokenManager->isTokenValid($token)) {
            throw new InvalidCsrfTokenException();
        }

        $user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => $credentials['email']]);


        if (!$user) {
            //Email could not be found - try username
            $user = $this->entityManager->getRepository(User::class)->findOneBy(['username' => $credentials['email']]);
            if (!$user){
                // fail authentication with a custom error
                throw new CustomUserMessageAuthenticationException('Email/Username konnten nicht gefunden werden.');
            }

        }
        if (!$user->isVerified()){
            throw new CustomUserMessageAuthenticationException('Der Account wurde noch nicht aktiviert.');

        }

        return $user;
    }

我现在可以在哪里调整 cookie 身份验证器以使其工作?

编辑: 我的security.yaml

security:
    encoders:
        App\Entity\User:
            algorithm: auto

    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
    providers:
        # used to reload user from session & other features (e.g. switch_user)
        app_user_provider:
            entity:
                class: App\Entity\User
                property: email

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            anonymous: true
            lazy: true
            provider: app_user_provider
            guard:
                authenticators:
                    - App\Security\UserAuthentificatorAuthenticator
            logout:
                path: app_logout
                # where to redirect after logout
                target: app_default_start
            remember_me:
                secret:   '%kernel.secret%'
                lifetime: 604800 # 1 week in seconds
                path:     /

【问题讨论】:

  • 你在 securtiy.yaml 中有什么配置?确保您的配置必须正确,您可以阅读更多相关信息here

标签: php symfony cookies symfony4 remember-me


【解决方案1】:

您正在使用的内置EntityUserProvider 现在根据配置中指定的属性查找User 对象。记住我功能使用Provider 查找用户,并且您的用户可以使用emailusername 登录,当仅通过email 查找时,找不到默认用户.您应该将查找逻辑移出Authenticator 并移入UserProvider

将以下函数添加到您的UserRepository 并使其成为implement UserLoaderInterface

public function loadUserByUsername($identifier)
{
    $qb = $this->createQueryBuilder('u');
    return $qb->where('u.username = :identifier')
        ->orWhere('u.email = :identifier')
        ->setParameter('identifier', $identifier)
        ->getQuery()
        ->getOneOrNullResult();
}

security.yaml 中,删除property

app_user_provider:
    entity:
        class: App\Entity\User

更改您的身份验证器:

$token = new CsrfToken('authenticate', $credentials['csrf_token']);
if (!$this->csrfTokenManager->isTokenValid($token)) {
    throw new InvalidCsrfTokenException();
}

$user = $userProvider->loadUserByUsername($credentials['email']);

if (!$user) {
    throw new CustomUserMessageAuthenticationException('Email/Username konnten nicht gefunden werden.');
}

if (!$user->isVerified()){
    throw new CustomUserMessageAuthenticationException('Der Account wurde noch nicht aktiviert.');
}

return $user;

【讨论】:

    猜你喜欢
    • 2012-04-29
    • 2013-12-23
    • 2011-04-11
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2010-12-07
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode