Symfony FOSUserBundle Remeber me不起作用[英] Symfony FOSUserBundle Remeber me doesn't work

本文是小编为大家收集整理的关于Symfony FOSUserBundle Remeber me不起作用的处理/解决方法,可以参考本文帮助大家快速定位并解决问题,中文翻译不准确的可切换到English标签页查看源文。

问题描述

我正在使用带有电子邮件作为用户名的fosuserbundle.

tryin'使用remame_me功能,但它不起作用.我已经阅读了此 symfony2:"记住我"试图通过电子邮件instad进行身份验证

这是一篇很旧的文章,数据库中的用户名字段设置为具有与电子邮件相同的值,因此我不明白为什么它不起作用.

与Google Chrome Inspector检查Rememme Cookie已设置...

有人可以帮忙吗?

这是我的安全.yaml

providers:
        fos_userbundle:
            id: fos_user.user_provider.username_email

    firewalls:
        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                csrf_token_generator: security.csrf.token_manager
            logout:       true
            anonymous:    true
            remember_me:
                secret:   '%secret%'
                lifetime: 604800 # 1 week in seconds
                path:     /
        # disables authentication for assets and the profiler, adapt it according to your needs
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

    access_control:
        - { path: ^/$, role: IS_AUTHENTICATED_FULLY }
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/account/*, role: IS_AUTHENTICATED_FULLY }
        - { path: ^/admin/*, role: ROLE_ADMIN }

推荐答案

好的,这是角色配置问题.

根据文档:

  • is_authenticated_anymly :所有用户(甚至是匿名的)都有此

  • is_authenticated_remembered :所有登录用户都有此功能,即使他们由于"记住我的cookie"而被登录.即使你 不要使用记住我的功能,您可以使用它来检查是否 用户已登录.

  • is_authenticated_ly_ly :这类似于is_authenticated_remembered,但更强.登录
    的用户 仅仅因为"记住我的饼干"才会有
    is_authenticated_remembed,但不会有is_authentication__ly.

so,在我的security.yml中,由于 is_authenticatiCated___authenticated_ly.ly request <<<<<<<<<<<<<<<<<<<<<<

我已经将其更改为此

access_control:
        - { path: ^/$, roles: IS_AUTHENTICATED_REMEMBERED }
        - { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/account/*, roles: IS_AUTHENTICATED_FULLY }
        - { path: ^/admin/*, roles: [IS_AUTHENTICATED_FULLY, ROLE_ADMIN] }

现在,我可以使用rememmme cookie访问"^/$"路径,但不能访问"^/account/"和"^/admin/em>",它们由于敏感数据而更加限制(这正是我想要的).

本文地址:https://www.itbaoku.cn/post/2090843.html

问题描述

I'm using FOSUserBundle with email as username.

Tryin' to use the remember_me functionality but it's not working. I've read this Symfony2: "Remember me" tries to authenticate by username instad of email

It's quite an old article and the username field in the database is set with the same value as the email so i don't understand why it is not working.

Checking with Google Chrome Inspector the REMEMBERME cookie is set...

Can someone help?

This is my security.yaml

providers:
        fos_userbundle:
            id: fos_user.user_provider.username_email

    firewalls:
        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                csrf_token_generator: security.csrf.token_manager
            logout:       true
            anonymous:    true
            remember_me:
                secret:   '%secret%'
                lifetime: 604800 # 1 week in seconds
                path:     /
        # disables authentication for assets and the profiler, adapt it according to your needs
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

    access_control:
        - { path: ^/$, role: IS_AUTHENTICATED_FULLY }
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/account/*, role: IS_AUTHENTICATED_FULLY }
        - { path: ^/admin/*, role: ROLE_ADMIN }

推荐答案

Ok, it's a role configuration problem.

According to the documentation:

  • IS_AUTHENTICATED_ANONYMOUSLY: All users (even anonymous ones) have this

  • IS_AUTHENTICATED_REMEMBERED: All logged in users have this, even if they are logged in because of a "remember me cookie". Even if you don't use the remember me functionality, you can use this to check if the user is logged in.

  • IS_AUTHENTICATED_FULLY: This is similar to IS_AUTHENTICATED_REMEMBERED, but stronger. Users who are logged in
    only because of a "remember me cookie" will have
    IS_AUTHENTICATED_REMEMBERED but will not have IS_AUTHENTICATED_FULLY.

So, in my security.yml, trying to access to path "^/$" and "^/account/*" after closing the browser was not possible because of the IS_AUTHENTICATED_FULLY request.

I've changed it into this

access_control:
        - { path: ^/$, roles: IS_AUTHENTICATED_REMEMBERED }
        - { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/account/*, roles: IS_AUTHENTICATED_FULLY }
        - { path: ^/admin/*, roles: [IS_AUTHENTICATED_FULLY, ROLE_ADMIN] }

Now i can access to "^/$" path with the REMEMBERME cookie but not to "^/account/" and "^/admin/" that are more restrictive because of the sensitive data (and it's exactly what i wanted).