Symfony FOSUserBundle提醒我不起作用 [英] Symfony FOSUserBundle Remeber me doesn't work

问题描述

我正在使用FOSUserBundle，并将电子邮件作为用户名.

尝试使用"remember_me"功能，但无法正常工作.我已阅读此 Symfony2:记住我"尝试通过电子邮件的用户名instad进行身份验证

这是一篇很老的文章，数据库中的用户名字段设置为与电子邮件相同的值，所以我不明白为什么它不起作用.

正在使用Google Chrome Inspector检查REMEMBERME cookie是否已设置...

有人可以帮忙吗?

这是我的security.yaml

providers:
        fos_userbundle:
            id: fos_user.user_provider.username_email

    firewalls:
        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                csrf_token_generator: security.csrf.token_manager
            logout:       true
            anonymous:    true
            remember_me:
                secret:   '%secret%'
                lifetime: 604800 # 1 week in seconds
                path:     /
        # disables authentication for assets and the profiler, adapt it according to your needs
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

    access_control:
        - { path: ^/$, role: IS_AUTHENTICATED_FULLY }
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/account/*, role: IS_AUTHENTICATED_FULLY }
        - { path: ^/admin/*, role: ROLE_ADMIN }

解决方案

好的，这是一个角色配置问题.

根据

IS_AUTHENTICATED_FULLY :这类似于IS_AUTHENTICATED_REMEMBERED，但功能更强大.登录的用户
仅因为有一个记住我的cookie"
IS_AUTHENTICATED_REMEMBERED，但不会具有IS_AUTHENTICATED_FULLY.

因此，在我的security.yml中，由于 IS_AUTHENTICATED_FULLY 请求，无法在关闭浏览器后尝试访问路径"^/$"和"^/account/*". /p>

我已将其更改为此

access_control:
        - { path: ^/$, roles: IS_AUTHENTICATED_REMEMBERED }
        - { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/account/*, roles: IS_AUTHENTICATED_FULLY }
        - { path: ^/admin/*, roles: [IS_AUTHENTICATED_FULLY, ROLE_ADMIN] }

现在，我可以使用REMEMBERME cookie访问"^/$"路径，但由于敏感数据而无法访问限制性更高的"^/account/"和"^/admin/" (这正是我想要的).

I'm using FOSUserBundle with email as username.

Tryin' to use the remember_me functionality but it's not working. I've read this Symfony2: "Remember me" tries to authenticate by username instad of email

It's quite an old article and the username field in the database is set with the same value as the email so i don't understand why it is not working.

Checking with Google Chrome Inspector the REMEMBERME cookie is set...

Can someone help?

This is my security.yaml

providers:
        fos_userbundle:
            id: fos_user.user_provider.username_email

    firewalls:
        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                csrf_token_generator: security.csrf.token_manager
            logout:       true
            anonymous:    true
            remember_me:
                secret:   '%secret%'
                lifetime: 604800 # 1 week in seconds
                path:     /
        # disables authentication for assets and the profiler, adapt it according to your needs
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

    access_control:
        - { path: ^/$, role: IS_AUTHENTICATED_FULLY }
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/account/*, role: IS_AUTHENTICATED_FULLY }
        - { path: ^/admin/*, role: ROLE_ADMIN }

解决方案

Ok, it's a role configuration problem.

According to the documentation:

• IS_AUTHENTICATED_ANONYMOUSLY: All users (even anonymous ones) have this

• IS_AUTHENTICATED_REMEMBERED: All logged in users have this, even if they are logged in because of a "remember me cookie". Even if you don't use the remember me functionality, you can use this to check if the user is logged in.

• IS_AUTHENTICATED_FULLY: This is similar to IS_AUTHENTICATED_REMEMBERED, but stronger. Users who are logged in
  only because of a "remember me cookie" will have
  IS_AUTHENTICATED_REMEMBERED but will not have IS_AUTHENTICATED_FULLY.

So, in my security.yml, trying to access to path "^/$" and "^/account/*" after closing the browser was not possible because of the IS_AUTHENTICATED_FULLY request.

I've changed it into this

access_control:
        - { path: ^/$, roles: IS_AUTHENTICATED_REMEMBERED }
        - { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/account/*, roles: IS_AUTHENTICATED_FULLY }
        - { path: ^/admin/*, roles: [IS_AUTHENTICATED_FULLY, ROLE_ADMIN] }

Now i can access to "^/$" path with the REMEMBERME cookie but not to "^/account/" and "^/admin/" that are more restrictive because of the sensitive data (and it's exactly what i wanted).

这篇关于Symfony FOSUserBundle提醒我不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！