我有一个我在Symfony 2.2中成功使用的自定义用户提供程序和用户实体。但现在我升级到2.3,我意识到“记住我”的功能已被破坏。所以我创建了一个新的sf2应用程序和一个功能测试。当我使用Acme \ DemoBundle默认值时,测试通过了。但是当我添加我的提供者时,它又开始失败了。这是测试:
<?php
namespace Acme\DemoBundle\Tests\Controller;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
use Symfony\Component\BrowserKit\Cookie;
class DemoControllerTest extends WebTestCase
{
public function testRemember()
{
$client = static::createClient();
$securedPageUri = '/user/settings/account';
$securedPageFilter = 'html:contains("New Password")';
$loginPageFilter = 'html:contains("Login")';
$username = 'test@test.com';
$password = 'test';
/*
$securedPageUri = '/demo/secured/hello/World';
$securedPageFilter = 'html:contains("Hello resource secured for admin only.")';
$loginPageFilter = 'html:contains("Login")';
$username = 'admin';
$password = 'adminpass';
*/
// Go to Secured page, and be redirected to Login page
$client->request('GET', $securedPageUri);
$crawler = $client->followRedirect();
$this->assertGreaterThan(0, $crawler->filter($loginPageFilter)->count());
// Try to log in, and be redirected to Secured page
$form = $crawler->selectButton('Login')->form();
$form['_username'] = $username;
$form['_password'] = $password;
$form['_remember_me'] = 1;
$client->submit($form);
$crawler = $client->followRedirect();
$this->assertGreaterThan(0, $crawler->filter($securedPageFilter)->count());
// Remove all the cookies, but keep the "remember me" cookie
$remembermeCookie = $client->getCookieJar()->get('REMEMBERME');
$client->restart();
$client->getCookieJar()->set($remembermeCookie);
// Go to Secured page, this time we should be allowed in
$client->followRedirects();
$crawler = $client->request('GET', $securedPageUri);
//$this->assertTrue($client->getResponse()->isSuccessful());
$this->assertEquals(0, $crawler->filter($loginPageFilter)->count(), "Redirected to Login page"); // THIS IS WHERE THE TEST FAILS
$this->assertGreaterThan(0, $crawler->filter($securedPageFilter)->count());
}
}
测试工作正常,我也尝试过手动测试:我登录,删除会话cookie,并尝试使用记住我的cookie访问受保护的页面。记住我的cookie被删除,我被重定向到登录页面:S
为什么会发生这种情况的任何想法?我的提供者没有做任何奇怪的事情,它只是像往常一样从数据库中抓取用户。为什么地球上这会影响“记住我”的功能?有没有我不知道的变化?我没有使用自定义身份验证提供程序,只是用户提供程序。
哦,这是日志,使用grep security
[2013-07-17 15:18:49] security.DEBUG: Username "test@test.com" was reloaded from user provider. [] []
[2013-07-17 15:18:49] security.DEBUG: Write SecurityContext in the session [] []
[2013-07-17 15:18:49] security.DEBUG: Remember-me cookie detected. [] []
[2013-07-17 15:18:49] security.WARNING: User class for remember-me cookie not supported. [] []
[2013-07-17 15:18:49] security.DEBUG: Clearing remember-me cookie "REMEMBERME" [] []
[2013-07-17 15:18:49] security.INFO: Populated SecurityContext with an anonymous Token [] []
[2013-07-17 15:18:49] security.DEBUG: Access is denied (user is not fully authenticated) by "/srv/www/dev/public/remember/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php" at line 73; redirecting to authentication entry point [] []
[2013-07-17 15:18:49] security.DEBUG: Calling Authentication entry point [] []
[2013-07-17 15:18:49] security.DEBUG: Write SecurityContext in the session [] []
[2013-07-17 15:18:49] security.INFO: Populated SecurityContext with an anonymous Token [] []
[2013-07-17 15:18:49] security.DEBUG: Write SecurityContext in the session [] []
更新:只有当我粘贴日志时,我才注意到这个警告。无论如何,你知道如何解决这个问题吗?
更新2 :如果我使用默认用户提供程序,但仍然是我自己的User类,它可以正常工作。错误消息非常容易引起误解。
答案 0 :(得分:1)
查看安全警告来自的Symfony\Component\Security\Http\RememberMe\AbstractRememberMeServices.php#L130。
服务仅提供抽象方法processAutoLoginCookie,您可能需要将其添加到提供程序以处理cookie。