Symfony 4 记住我不能在没有用户名的情况下工作 [英] Symfony 4 Remember me not working without username

问题描述

在创建 cookie 并将其存储在浏览器中时，我们如何配置 Symfony 4 记住我的功能以使用电子邮件而不是用户名(默认设置)?

How can we configure Symfony 4 Remember me functionality to use email instead of username (as set by default) when creating the cookie and storing it in the browser?

我的问题是，通过在 S4 中使用电子邮件进行身份验证，cookie 是使用用户名而不是其哈希中的电子邮件创建的，存储在浏览器中，但是当 S4 检查我的 cookie 以查看是否 IS_AUTHENTICATED_REMEMBERED 是真的，它会根据存储在数据库中的用户名进行检查，这没有意义.它应该根据电子邮件进行检查.所以我的记住我功能不起作用.如果我使用用户名登录，那么它可以工作，但这不是我想要的，我希望我的用户使用他们的电子邮件地址登录.

My issue is that by using email to authenticate in S4, the cookie is created with the username instead of the email in its hash, stored in the browser but when S4 check my cookie to see if IS_AUTHENTICATED_REMEMBERED is true, it checks it against the username stored in the DB which doesn’t make sens. It should check it against email. So my remember me functionality doesn’t work. If I use the username to login, then it works, but that’s not what I want, I’d like my users to log in with their email address.

我已将登录配置为使用电子邮件而不是默认用户名行为，但我不记得我是那样工作的.

I’ve configurered the login to work with email instead of the default username behavior, but I can’t have remember me working that way.

我在 security.yaml

security:
    encoders:
        App\Entity\User:
            algorithm: bcrypt
    providers:
        user_provider:
            entity:
                class: App\Entity\User
                property: email
        in_memory: { memory: ~ }
        our_db_provider:
            entity:
                class: App\Entity\User
                property: email
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            pattern:    ^/
            http_basic: ~
            provider: our_db_provider
            anonymous: ~
            form_login:
                login_path: login
                check_path: login
                default_target_path: dashboard
                username_parameter: email
                password_parameter: password
                remember_me: true
            remember_me:
                secret:   '%kernel.secret%'
                lifetime: 31536000 # 1 week in seconds
                path: /
                domain: ~
                secure:   true
                name:     REMEMBERME
                remember_me_parameter: remember_me
                always_remember_me: true
            logout:
                path:  /logout
                target: /

但是这不会让您参数记住用于生成存储在 cookie 中的哈希的字段.

but this doesn’t let you parameter what field remember is using to generate the hash stored in the cookie.

如果您已成功设置登录/身份验证和记住我使用的字段不同于用户名，请分享 :)

If you’ve managed to set up your login / authentication & remember me working with a field different than username, please share :)

更新:我在服务上用以下几行尝试了 Ahmed 的回答，但它不起作用:

UPDATE: I tried Ahmed answer with the following lines on services but it’s not working:

App\Security\TokenBasedRememberMeServices:
      decorates: Symfony\Component\Security\Http\RememberMe\TokenBasedRememberMeServices

它说你请求了一个不存在的服务Symfony\Component\Security\Http\RememberMe\TokenBasedRememberMeServices".

推荐答案

安全组件使用getUsername() getter构建token的问题https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php#L74

The problem that security component use getUsername() getter to build the token https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php#L74

所以我们需要覆盖负责创建remember-me cookie的服务，希望是security.authentication.rememberme.services.simplehash.class.

So we need to overide the service responosible for creating the remember-me cookie, wish is security.authentication.rememberme.services.simplehash.class.

Firstable:更新 onLoginSuccess 方法 L74 使其使用电子邮件而不是用户名.

Firstable: Update the onLoginSuccess method L74 so it uses the email instead of the username.

namespace App\Security;
...
class TokenBasedRememberMeServices extends AbstractRememberMeServices
{
    ....
    protected function onLoginSuccess(Request $request, Response $response, TokenInterface $token)
    {
      ...
        $value = $this->generateCookieValue(\get_class($user), $user->getEmail(), $expires, $user->getPassword());
      ...
    }
...

第二:将您的课程注册为服务.

Second: Register your class as a service.

 App\Security\TokenBasedRememberMeServices:
     decorates: 'security.authentication.rememberme.services.simplehash.class'

或者你可以在 UserInterface 它定义并返回用于验证用户的用户名.在我们的例子中，它是 email 属性.

Or you can flow the contract under UserInterface It define and returns the username used to authenticate the user. In our case it's the email property.

public function getUsername()
{
    return $this->email;
}

这篇关于Symfony 4 记住我不能在没有用户名的情况下工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！