symfony 3.4“不推荐刷新未经身份验证的用户" [英] symfony 3.4 "Refreshing a deauthenticated user is deprecated"

问题描述

在尝试将现有的 symfony 项目从 3.3.10 升级到应该是 LTS 的 3.4.x 时，我设法通过 Composer 升级了组件.升级后一切正常，但单元测试显示弃用错误

while trying to upgrade existing symfony project from 3.3.10 to 3.4.x which should be LTS, I managed to upgrade components through composer. after upgrade all things works as expected, but unit tests shows deprecation error

Refreshing a deauthenticated user is deprecated as of 3.4 and will trigger a logout in 4.0: 77x

一些谷歌搜索指向我可能显示更改的提交https://github.com/showpad/Symfony-Security/pull/1/commits/3663bbec5fc60565de476fc180f85e1121339072

some googling around points me to the commits probably showing the change https://github.com/showpad/Symfony-Security/pull/1/commits/3663bbec5fc60565de476fc180f85e1121339072

所以我试图解决它，在挖掘代码后，我在 security.xml 中添加了一个新设置

so I tried to resolve it, and after digging in code I put a new setting into security.xml

         main:
+            logout_on_user_change: true
             anonymous: ~

这解决了弃用警告，但完全破坏了使用自定义实体的身份验证，用户根本没有经过身份验证并且日志显示错误:

this resolves a deprecation warning, but completely breakes the authentication using custom entity, user is not authenticated at all and log shows error:

[2017-12-07 15:48:24] security.DEBUG: Token was deauthenticated after trying to refresh it. {"username":"aaa","provider":"Symfony\\Bridge\\Doctrine\\Security\\User\\EntityUserProvider"} []

所以问题是如何正确解决弃用问题"?

so the question is "how to properly resolve the deprecation issue" ?

推荐答案

认证失效的问题<代码>2017-12-07 15:48:24] security.DEBUG:尝试刷新令牌后，令牌被取消身份验证.{"username":"aaa","provider":"Symfony\\Bridge\\Doctrine\\Security\\User\\EntityUserProvider"} []

是，我没有遵循文档https://symfony.com/doc/3.4/security/entity_provider.html#create-your-user-entity 它说，应该还有密码字段(我不会让 symfony 将凭据放在磁盘上太多次了).在 symfony 3.3 中没问题，在 symfony 3.4 中该字段必须存在......

was, that I was not following the documentation https://symfony.com/doc/3.4/security/entity_provider.html#create-your-user-entity which says, that there should be also password field (I would not let symfony to put credentials on disk too many times). In symfony 3.3 it was ok, in symfony 3.4 the field must be present ...

diff --git a/src/GuserBundle/Entity/User.php b/src/GuserBundle/Entity/User.php
index 4adeaf9..b1b33fd 100644
--- a/src/GuserBundle/Entity/User.php
+++ b/src/GuserBundle/Entity/User.php
@@ -152,13 +152,13 @@ class User implements AdvancedUserInterface, \Serializable {
        /** @see \Serializable::serialize() */
        public function serialize() {
-               return serialize(array($this->id, $this->username, $this->active,));
+               return serialize(array($this->id, $this->username, $this->password, $this->active, $this->locked));
        }
        /** @see \Serializable::unserialize() */
        public function unserialize($serialized) {
-               list($this->id, $this->username, $this->active,) = unserialize($serialized);
+               list($this->id, $this->username, $this->password, $this->active, $this->locked) = unserialize($serialized);
        }

这篇关于symfony 3.4“不推荐刷新未经身份验证的用户"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！