Cho*_*per 5 symfony symfony-2.3
我有一个我在Symfony 2.2中成功使用的自定义用户提供程序和用户实体.但现在我升级到2.3,我意识到"记住我"的功能已被破坏.所以我创建了一个新的sf2应用程序和一个功能测试.当我使用Acme\DemoBundle默认值时,测试通过了.但是当我添加我的提供者时,它又开始失败了.这是测试:
<?php
namespace Acme\DemoBundle\Tests\Controller;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
use Symfony\Component\BrowserKit\Cookie;
class DemoControllerTest extends WebTestCase
{
public function testRemember()
{
$client = static::createClient();
$securedPageUri = '/user/settings/account';
$securedPageFilter = 'html:contains("New Password")';
$loginPageFilter = 'html:contains("Login")';
$username = 'test@test.com';
$password = 'test';
/*
$securedPageUri = '/demo/secured/hello/World';
$securedPageFilter = 'html:contains("Hello resource secured for admin only.")';
$loginPageFilter = 'html:contains("Login")';
$username = 'admin';
$password = 'adminpass';
*/
// Go to Secured page, and be redirected to Login page
$client->request('GET', $securedPageUri);
$crawler = $client->followRedirect();
$this->assertGreaterThan(0, $crawler->filter($loginPageFilter)->count());
// Try to log in, and be redirected to Secured page
$form = $crawler->selectButton('Login')->form();
$form['_username'] = $username;
$form['_password'] = $password;
$form['_remember_me'] = 1;
$client->submit($form);
$crawler = $client->followRedirect();
$this->assertGreaterThan(0, $crawler->filter($securedPageFilter)->count());
// Remove all the cookies, but keep the "remember me" cookie
$remembermeCookie = $client->getCookieJar()->get('REMEMBERME');
$client->restart();
$client->getCookieJar()->set($remembermeCookie);
// Go to Secured page, this time we should be allowed in
$client->followRedirects();
$crawler = $client->request('GET', $securedPageUri);
//$this->assertTrue($client->getResponse()->isSuccessful());
$this->assertEquals(0, $crawler->filter($loginPageFilter)->count(), "Redirected to Login page"); // THIS IS WHERE THE TEST FAILS
$this->assertGreaterThan(0, $crawler->filter($securedPageFilter)->count());
}
}
测试工作正常,我也尝试过手动测试:我登录,删除会话cookie,并尝试使用记住我的cookie访问受保护的页面.记住我的cookie被删除,我被重定向到登录页面:S
任何想法为什么会发生这种情况?我的提供者没有做任何奇怪的事情,它只是像往常一样从数据库中抓取用户.为什么地球上这会影响"记住我"的功能?有没有我不知道的变化?我没有使用自定义身份验证提供程序,只是用户提供程序.
哦,这是日志,有grep安全性
[2013-07-17 15:18:49] security.DEBUG: Username "test@test.com" was reloaded from user provider. [] []
[2013-07-17 15:18:49] security.DEBUG: Write SecurityContext in the session [] []
[2013-07-17 15:18:49] security.DEBUG: Remember-me cookie detected. [] []
[2013-07-17 15:18:49] security.WARNING: User class for remember-me cookie not supported. [] []
[2013-07-17 15:18:49] security.DEBUG: Clearing remember-me cookie "REMEMBERME" [] []
[2013-07-17 15:18:49] security.INFO: Populated SecurityContext with an anonymous Token [] []
[2013-07-17 15:18:49] security.DEBUG: Access is denied (user is not fully authenticated) by "/srv/www/dev/public/remember/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php" at line 73; redirecting to authentication entry point [] []
[2013-07-17 15:18:49] security.DEBUG: Calling Authentication entry point [] []
[2013-07-17 15:18:49] security.DEBUG: Write SecurityContext in the session [] []
[2013-07-17 15:18:49] security.INFO: Populated SecurityContext with an anonymous Token [] []
[2013-07-17 15:18:49] security.DEBUG: Write SecurityContext in the session [] []
更新:只有当我粘贴日志时,我注意到了警告.无论如何,你知道如何解决这个问题吗?
更新2:如果我使用默认用户提供程序,但仍然是我自己的User类,它可以正常工作.错误消息非常误导.
看一下Symfony\Component\Security\Http\RememberMe\AbstractRememberMeServices.php#L130安全警告的来源。
该服务仅提供一个抽象方法processAutoLoginCookie,您可能需要将其添加到您的提供程序中才能处理 cookie。
| 归档时间: |
|
| 查看次数: |
1268 次 |
| 最近记录: |