5

我有一个在 Symfony 2.2 中成功使用的自定义用户提供程序和用户实体。但现在我升级到 2.3,我意识到“记住我”功能坏了。所以我创建了一个新的 sf2 应用程序和一个功能测试。当我使用 Acme\DemoBundle 默认值时,测试通过了。但是当我添加我的提供者时,它又开始失败了。这是测试:

<?php

namespace Acme\DemoBundle\Tests\Controller;

use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
use Symfony\Component\BrowserKit\Cookie;

class DemoControllerTest extends WebTestCase
{
    public function testRemember()
    {
        $client = static::createClient();

        $securedPageUri = '/user/settings/account';
        $securedPageFilter = 'html:contains("New Password")';
        $loginPageFilter = 'html:contains("Login")';
        $username = 'test@test.com';
        $password = 'test';
        /*
        $securedPageUri = '/demo/secured/hello/World';
        $securedPageFilter = 'html:contains("Hello resource secured for admin only.")';
        $loginPageFilter = 'html:contains("Login")';
        $username = 'admin';
        $password = 'adminpass';
        */

        // Go to Secured page, and be redirected to Login page
        $client->request('GET', $securedPageUri);
        $crawler = $client->followRedirect();
        $this->assertGreaterThan(0, $crawler->filter($loginPageFilter)->count());

        // Try to log in, and be redirected to Secured page
        $form = $crawler->selectButton('Login')->form();
        $form['_username'] = $username;
        $form['_password'] = $password;
        $form['_remember_me'] = 1;
        $client->submit($form);
        $crawler = $client->followRedirect();
        $this->assertGreaterThan(0, $crawler->filter($securedPageFilter)->count());

        // Remove all the cookies, but keep the "remember me" cookie
        $remembermeCookie = $client->getCookieJar()->get('REMEMBERME');
        $client->restart();
        $client->getCookieJar()->set($remembermeCookie);

        // Go to Secured page, this time we should be allowed in
        $client->followRedirects();
        $crawler = $client->request('GET', $securedPageUri);
        //$this->assertTrue($client->getResponse()->isSuccessful());
        $this->assertEquals(0, $crawler->filter($loginPageFilter)->count(), "Redirected to Login page"); // THIS IS WHERE THE TEST FAILS
        $this->assertGreaterThan(0, $crawler->filter($securedPageFilter)->count());
    }
}

测试工作正常,我也尝试过手动测试:我登录,删除会话 cookie,并尝试使用记住我的 cookie 访问安全页面。记住我的 cookie 被删除,我被重定向到登录页面:S

任何想法为什么会发生这种情况?我的提供者没有做任何奇怪的事情,它只是像往常一样从数据库中获取用户。为什么这会影响“记住我”功能?有没有我不知道的变化?我没有使用自定义身份验证提供程序,只是用户提供程序。

哦,这是日志,具有 grep 安全性

[2013-07-17 15:18:49] security.DEBUG: Username "test@test.com" was reloaded from user provider. [] []
[2013-07-17 15:18:49] security.DEBUG: Write SecurityContext in the session [] []
[2013-07-17 15:18:49] security.DEBUG: Remember-me cookie detected. [] []
[2013-07-17 15:18:49] security.WARNING: User class for remember-me cookie not supported. [] []
[2013-07-17 15:18:49] security.DEBUG: Clearing remember-me cookie "REMEMBERME" [] []
[2013-07-17 15:18:49] security.INFO: Populated SecurityContext with an anonymous Token [] []
[2013-07-17 15:18:49] security.DEBUG: Access is denied (user is not fully authenticated) by "/srv/www/dev/public/remember/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php" at line 73; redirecting to authentication entry point [] []
[2013-07-17 15:18:49] security.DEBUG: Calling Authentication entry point [] []
[2013-07-17 15:18:49] security.DEBUG: Write SecurityContext in the session [] []
[2013-07-17 15:18:49] security.INFO: Populated SecurityContext with an anonymous Token [] []
[2013-07-17 15:18:49] security.DEBUG: Write SecurityContext in the session [] []

更新:只有当我粘贴日志时,我才注意到该警告。无论如何,你知道如何解决这个问题吗?

更新 2:如果我使用默认用户提供程序,但仍然是我自己的用户类,它工作正常。该错误消息非常具有误导性。

4

1 回答 1

1

查看安全警告来自的Symfony\Component\Security\Http\RememberMe\AbstractRememberMeServices.php#L130 。

该服务仅提供一个抽象方法processAutoLoginCookie,您可能需要将其添加到您的提供程序以处理 cookie。

于 2013-07-17T18:47:09.747 回答