3

在尝试将现有的 symfony 项目从 3.3.10 升级到应该是 LTS 的 3.4.x 时,我设法通过 composer 升级了组件。升级后一切正常,但单元测试显示弃用错误

Refreshing a deauthenticated user is deprecated as of 3.4 and will trigger a logout in 4.0: 77x

一些谷歌搜索将我指向可能显示更改的提交 https://github.com/showpad/Symfony-Security/pull/1/commits/3663bbec5fc60565de476fc180f85e1121339072

所以我尝试解决它,在挖掘代码后,我将一个新设置放入 security.xml

         main:
+            logout_on_user_change: true
             anonymous: ~

这解决了弃用警告,但完全破坏了使用自定义实体的身份验证,用户根本没有经过身份验证,并且日志显示错误:

[2017-12-07 15:48:24] security.DEBUG: Token was deauthenticated after trying to refresh it. {"username":"aaa","provider":"Symfony\\Bridge\\Doctrine\\Security\\User\\EntityUserProvider"} []

所以问题是“如何正确解决弃用问题”?

4

1 回答 1

1

认证失败的问题 2017-12-07 15:48:24] security.DEBUG: Token was deauthenticated after trying to refresh it. {"username":"aaa","provider":"Symfony\\Bridge\\Doctrine\\Security\\User\\EntityUserProvider"} []

是,我没有遵循文档https://symfony.com/doc/3.4/security/entity_provider.html#create-your-user-entity说,应该还有密码字段(我不会让 symfony将凭据放在磁盘上太多次)。在 symfony 3.3 中没问题,在 symfony 3.4 中该字段必须存在...

diff --git a/src/GuserBundle/Entity/User.php b/src/GuserBundle/Entity/User.php
index 4adeaf9..b1b33fd 100644
--- a/src/GuserBundle/Entity/User.php
+++ b/src/GuserBundle/Entity/User.php
@@ -152,13 +152,13 @@ class User implements AdvancedUserInterface, \Serializable {
        /** @see \Serializable::serialize() */
        public function serialize() {
-               return serialize(array($this->id, $this->username, $this->active,));
+               return serialize(array($this->id, $this->username, $this->password, $this->active, $this->locked));
        }
        /** @see \Serializable::unserialize() */
        public function unserialize($serialized) {
-               list($this->id, $this->username, $this->active,) = unserialize($serialized);
+               list($this->id, $this->username, $this->password, $this->active, $this->locked) = unserialize($serialized);
        }
于 2018-03-17T11:34:07.417 回答