我配置了Facebook,Odnoklassniki和Vkontakte提供程序。首次授权时,将创建用户并将其保留在数据库中。一切都按预期工作,但vkontakte授权的行为很奇怪。当vkontakte oAuth过程完成时,用户数据保留在DB中,但是不会自动登录。页面只是重新加载。在我能够使用现有用户数据登录后,将其保留在DB中。 Odnoklassniki和Facebook会在第一时间自动登录,没有任何问题。我也发现PHPSESSID cookie值是在第一次认证时设置的,然后在页面自动重载时消失。 Issue video
有人可以帮忙吗?
版本
“ symfony /框架捆绑”:“ 4.2。*” “ friendsofsymfony /用户捆绑”:“〜2.0” “ hwi / oauth-bundle”:“ ^ 0.6.3”
我的FOSUBUserProvider.php
<?php
namespace App\Security;
use HWI\Bundle\OAuthBundle\OAuth\Response\UserResponseInterface;
use HWI\Bundle\OAuthBundle\Security\Core\User\FOSUBUserProvider as BaseFOSUBProvider;
use Symfony\Component\Security\Core\User\UserInterface;
class FOSUBUserProvider extends BaseFOSUBProvider
{
public function connect(UserInterface $user, UserResponseInterface $response)
{
$property = $this->getProperty($response);
$userEmail = $response->getEmail();
$existingUser = $this->userManager->findUserByEmail($userEmail);
if (null !== $existingUser) {
$this->accessor->setValue($existingUser, $property, null);
$this->userManager->updateUser($existingUser);
}
$this->userManager->updateUser($user);
}
public function loadUserByOAuthUserResponse(UserResponseInterface $response)
{
$userEmail = $response->getEmail();
$user = $this->userManager->findUserByEmail($userEmail);
if (null === $user) {
$username = $response->getUsername();
$userRealName = $response->getRealName();
$service = $response->getResourceOwner()->getName();
$setter = 'set' . ucfirst($service);
$setter_id = $setter . 'Id';
$setter_token = $setter . 'AccessToken';
$user = $this->userManager->createUser();
$user->$setter_id($username);
$user->$setter_token($response->getAccessToken());
$user->setUsername($username);
$user->setSocialName($userRealName);
$user->setEmail($userEmail);
$user->setPassword($username);
$user->setLastLogin(new \DateTime());
$user->setEnabled(true);
$this->userManager->updateUser($user);
return $user;
}
$serviceName = $response->getResourceOwner()->getName();
$setter = 'set' . ucfirst($serviceName) . 'AccessToken';
$user->$setter($response->getAccessToken());
return $user;
}
}
我的hwi_oauth.yaml
hwi_oauth:
# list of names of the firewalls in which this bundle is active, this setting MUST be set
firewall_names: [main]
connect:
account_connector: my_user_provider
# https://github.com/hwi/HWIOAuthBundle/blob/master/Resources/doc/2-configuring_resource_owners.md
resource_owners:
facebook:
type: facebook
client_id: '%env(FB_ID)%'
client_secret: '%env(FB_SECRET)%'
scope: 'email'
options:
display: popup
csrf: false
vk:
type: vkontakte
client_id: '%env(VK_ID)%'
client_secret: '%env(VK_SECRET)%'
scope: 'email'
options:
csrf: false
ok:
type: odnoklassniki
client_id: '%env(OK_ID)%'
client_secret: '%env(OK_SECRET)%'
scope: 'GET_EMAIL'
options:
application_key: '%env(OK_APP_KEY)%'
mailru:
type: mailru
client_id: '%env(MAILRU_ID)%'
client_secret: '%env(MAILRU_SECRET)%'
yandex:
type: yandex
client_id: '%env(YANDEX_ID)%'
client_secret: '%env(YANDEX_SECRET)%'
我的security.yaml
# config/packages/security.yaml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
logout: true
anonymous: true
oauth:
resource_owners:
facebook: '/login/check-facebook'
vk: '/login/check-vk'
ok: '/login/check-ok'
mailru: '/login/check-mailru'
yandex: '/login/check-yandex'
login_path: /login
use_forward: false
failure_path: /login
oauth_user_provider:
service: my_user_provider
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/recipe/add, role: ROLE_USER }
- { path: ^/lifehack/add, role: ROLE_USER }
- { path: ^/admin/, role: ROLE_ADMIN }
编辑:
在开发环境下的日志中找到了这个
20:04:07] security.DEBUG: Read existing security token from the session. {"key":"_security_main","token_class":"HWI\\Bundle\\OAuthBundle\\Security\\Core\\Authentication\\Token\\OAuthToken"} []
_Omitted SELECT statement_
[2019-02-21 20:04:07] security.DEBUG: Cannot refresh token because user has changed. {"username":"_Omitted user id_","provider":"FOS\\UserBundle\\Security\\EmailUserProvider"} []
[2019-02-21 20:04:07] security.DEBUG: Token was deauthenticated after trying to refresh it. [] []
[2019-02-21 20:04:07] security.INFO: Populated the TokenStorage with an anonymous Token. [] []