sfGuardUser中的auth问题（安全过滤器）Symfony [英] auth problems (security filters) in sfGuardUser Symfony

问题描述

我使用Symfony 1.2.7和sfGuardUser插件。我可以查看所有的页面，登录和注销。但是，当我尝试编辑（只是去表单）或更新对象（保存更改）有时我有问题的auth，symfony重定向到编辑表单页面。我对有时加了一些强调，因为它使我疯狂：）

用户有cookie和remember_cookie。

在filters.yml中，我有以下内容：

我使用cookie域.domain.com

  security：〜
 
记住：
 class：sfGuardBasicSecurityFilter 
  
 
 
 
过滤器是许多人使用的过滤器：
  class sfGuardBasicSecurityFilter extends sfFilter 
 {
 public function execute（$ filterChain）
 {
 if（$ this-> isFirstCall（）&&！$ this-> ; getContext（） - > getUser（） - > isAuthenticated（））
 {
 if（$ cookie = $ this-> getContext（） - > getRequest（） - > getCookie sfConfig :: get（'app_sf_guard_plugin_remember_cookie_name'，'sfRemember'）））
 {
 $ q = Doctrine_Query :: create（）
  - > from（'sfGuardRememberKey r'）
  - > innerJoin（'r.sfGuardUser u'）
  - >其中（'r.remember_key =？'，$ cookie）; 
 
 if（$ q-> count（））
 {
 $ this-> getContext（） - > getUser > fetchOne（） - > sfGuardUser）; 
} 
} 
} 
 
 $ filterChain-> execute（）; 
} 
} 
  
 
 
在模块/ config / security.yml 
 
 
 
 编辑：
 is_secure：on 
 
更新：
 is_secure：on 
  
看看http标头，它回传一个HTTP 302答案。如果我看看引起重定向的代码;我注意到它似乎就在编辑或更新操作之前无法识别用户：
  Jul 08 19 ：03：15 symfony [info] {sfFilterChain}执行过滤器sfBasicSecurityFilter
 Jul 08 19:03:15 symfony [info] {sfFilterChain}执行过滤器sfRenderingFilter
 Jul 08 19:03:15 symfony [信息] {sfFilterChain}执行过滤器sfGuardBasicSecurityFilter
 Jul 08 19:03:15 symfony [info] {sfDoctrineLogger} executeQuery：SELECT COUNT（*）AS num_results FROM（SELECT s.id，s.ip_address FROM sf_guard_remember_key s ... 
 Jul 08 19:03:16 symfony [info] {sfDoctrineLogger} executeQuery：SELECT s.id AS s__id，s.user_id AS s__user_id，s.remember_key AS s__remember_key，s.ip_address ... 
 Jul 08 19:03:16 symfony [info] {myUser}用户已通过身份验证
 Jul 08 19:03:16 symfony [info] {sfDoctrineLogger} executeQuery：SELECT s.id AS s__id，s。 name AS s__name，s.description AS s__description，s.created_at AS .... 
 Jul 08 19:03:16 symfony [info] {sfDoctrineLogger} executeQuery：SELECT s.id AS s__id，s.name AS s__name ，s.description AS s__description，s.created_at AS .... 
 Jul 08 19:03:16 symfony [info] {myUser}添加凭证
 Jul 08 19:03： 16 symfony [info] {sfDoctrineLogger} executeQuery：UPDATE sf_guard_user SET last_login =？，updated_at =？ WHERE id =？ - （... 
 Jul 08 19:03:16 symfony [info] {sfFilterChain}执行过滤器subdomainFilter
  
有什么想法，我可以继续寻找或如何解决它？
 
 
 
非常感谢！
 
 <解决方案

固定，这是一个问题，有两个服务器同时运行我们已改变为使用Memcache的cookie存储。

I'm using Symfony 1.2.7, and sfGuardUser Plugin. I'm able to view all the pages, login and logout. However when I try to edit (just going to the form) or update an object (saving the changes) sometimes I have problems of auth, and symfony redirects me to the edit form page again. I put some emphasys on sometimes because it's what it's driving me crazy :)

Users have cookies and the remember_cookie. I'm using the cookie domain ".domain.com" for both cookies because we work with subdomains.

On filters.yml I have the following:

security: ~

remember:
  class:   sfGuardBasicSecurityFilter

that filter is the one used by many:

class sfGuardBasicSecurityFilter extends sfFilter
{
  public function execute ($filterChain)
  {
    if ($this->isFirstCall() && !$this->getContext()->getUser()->isAuthenticated())
    {
      if ($cookie = $this->getContext()->getRequest()->getCookie(sfConfig::get('app_sf_guard_plugin_remember_cookie_name', 'sfRemember')))
      {
        $q = Doctrine_Query::create()
              ->from('sfGuardRememberKey r')
              ->innerJoin('r.sfGuardUser u')
              ->where('r.remember_key = ?', $cookie);

        if ($q->count())
        {
          $this->getContext()->getUser()->signIn($q->fetchOne()->sfGuardUser);
        }
      }
    }

    $filterChain->execute();
  }
}

On the module/config/security.yml

edit:
  is_secure:   on

update:
  is_secure:   on

Looking at http headers, it returs me a HTTP 302 answer. If I look at the code that provokes that redirection; I've noticed that it seems like just before the edit or update action it doesn't recognize the user:

Jul 08 19:03:15 symfony [info] {sfFilterChain} Executing filter "sfBasicSecurityFilter"
Jul 08 19:03:15 symfony [info] {sfFilterChain} Executing filter "sfRenderingFilter"
Jul 08 19:03:15 symfony [info] {sfFilterChain} Executing filter "sfGuardBasicSecurityFilter"
Jul 08 19:03:15 symfony [info] {sfDoctrineLogger} executeQuery : SELECT COUNT(*) AS num_results FROM (SELECT s.id, s.ip_address FROM sf_guard_remember_key s ...
Jul 08 19:03:16 symfony [info] {sfDoctrineLogger} executeQuery : SELECT s.id AS s__id, s.user_id AS s__user_id, s.remember_key AS s__remember_key, s.ip_address ...
Jul 08 19:03:16 symfony [info] {myUser} User is authenticated
Jul 08 19:03:16 symfony [info] {sfDoctrineLogger} executeQuery : SELECT s.id AS s__id, s.name AS s__name, s.description AS s__description, s.created_at AS ....
Jul 08 19:03:16 symfony [info] {sfDoctrineLogger} executeQuery : SELECT s.id AS s__id, s.name AS s__name, s.description AS s__description, s.created_at AS ....
Jul 08 19:03:16 symfony [info] {myUser} Add credential(s) ""
Jul 08 19:03:16 symfony [info] {sfDoctrineLogger} executeQuery : UPDATE sf_guard_user SET last_login = ?, updated_at = ? WHERE id = ? - (...
Jul 08 19:03:16 symfony [info] {sfFilterChain} Executing filter "subdomainFilter"

Any idea on where can I keep looking or how I can fix it?

Thanks a lot!

解决方案

fixed, it was a problem of having two servers running at the same time. We have changed to use Memcache for cookie storing.

这篇关于sfGuardUser中的auth问题（安全过滤器）Symfony的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！