FOSUser Bundle-防止禁用的用户登录[英] FOSUser Bundle - Prevent Disabled users from logging in

本文是小编为大家收集整理的关于FOSUser Bundle-防止禁用的用户登录的处理/解决方法,可以参考本文帮助大家快速定位并解决问题,中文翻译不准确的可切换到English标签页查看源文。

问题描述

我已经创建了一个loginSuccessHandler.php,并且正在检查用户是否启用!

  public function onAuthenticationSuccess(Request $request, TokenInterface $token)
    {

            $user = $token->getUser();
            if(!$user->isEnabled())
            {//do not pass go

                $request->getSession()->invalidate();
                $this->security->setToken(null);
               //$token->setToken(null);
                return new RedirectResponse($this->router->generate('account_disabled'));
            }

这条线

 $request->getSession()->invalidate();

引起以下错误:

Warning: SessionHandler::write(): Parent session handler is not open in /var/www...

但我无法将其删除,因为如果用户单击"记住我"复选框,他们仍将登录.

我在登录时也有同样的问题,但我将其添加到config

    logout:
        invalidate_session: false

推荐答案

你做错了. Symfony已经具有内置机制来实现这一目标:

  1. 实施 AdvancedUserInterface AdvancedUserInterface User class.
  2. ...就是这样.有关更多信息,请阅读/Current/cookbook/security/entity_provider.html#forbid inactive-users

本文地址:https://www.itbaoku.cn/post/2090819.html

问题描述

I have created a loginsuccesshandler.php and am checking if the user is !enabled like this

  public function onAuthenticationSuccess(Request $request, TokenInterface $token)
    {

            $user = $token->getUser();
            if(!$user->isEnabled())
            {//do not pass go

                $request->getSession()->invalidate();
                $this->security->setToken(null);
               //$token->setToken(null);
                return new RedirectResponse($this->router->generate('account_disabled'));
            }

This line

 $request->getSession()->invalidate();

is causing the following error:

Warning: SessionHandler::write(): Parent session handler is not open in /var/www...

But I cant remove it because if the user clicks the remember me checkbox, they will still be logged in.

I had the same problem with FOS logging out, but I added this to the config

    logout:
        invalidate_session: false

推荐答案

You're doing it wrong. Symfony has already built-in mechanism to achieve that:

  1. Implement AdvancedUserInterface for your User class.
  2. ...and that's it. For more, read http://symfony.com/doc/current/cookbook/security/entity_provider.html#forbid-inactive-users