在尝试将现有的symfony项目从3.3.10升级到3.4.x时应该是LTS,我设法通过composer升级组件。升级后,所有内容都按预期工作,但单元测试显示弃用错误
Refreshing a deauthenticated user is deprecated as of 3.4 and will trigger a logout in 4.0: 77x
所以我试图解决它,在挖掘代码后我将一个新设置放入security.xml
main:
+ logout_on_user_change: true
anonymous: ~
这解决了弃用警告,但完全破坏了使用自定义实体的身份验证,用户根本没有经过身份验证,并且日志显示错误:
[2017-12-07 15:48:24] security.DEBUG: Token was deauthenticated after trying to refresh it. {"username":"aaa","provider":"Symfony\\Bridge\\Doctrine\\Security\\User\\EntityUserProvider"} []
所以问题是“如何正确解决弃用问题”?
答案 0 :(得分:1)
认证失败的问题
diff --git a/src/GuserBundle/Entity/User.php b/src/GuserBundle/Entity/User.php
index 4adeaf9..b1b33fd 100644
--- a/src/GuserBundle/Entity/User.php
+++ b/src/GuserBundle/Entity/User.php
@@ -152,13 +152,13 @@ class User implements AdvancedUserInterface, \Serializable {
/** @see \Serializable::serialize() */
public function serialize() {
- return serialize(array($this->id, $this->username, $this->active,));
+ return serialize(array($this->id, $this->username, $this->password, $this->active, $this->locked));
}
/** @see \Serializable::unserialize() */
public function unserialize($serialized) {
- list($this->id, $this->username, $this->active,) = unserialize($serialized);
+ list($this->id, $this->username, $this->password, $this->active, $this->locked) = unserialize($serialized);
}
是,我没有按照文档https://symfony.com/doc/3.4/security/entity_provider.html#create-your-user-entity说,还应该有密码字段(我不会让symfony将凭证放在磁盘上太多次)。在symfony 3.3中没关系,在symfony 3.4中,字段必须存在......
{{1}}