kRi*_*cha 12 php symfony hwioauthbundle symfony-3.3
我有一个实体用户表单,其中包含电子邮件字段:
->add('email', EmailType::class, [
'constraints' => [
new NotBlank(),
new Email([
'checkMX' => true,
])
],
'required' => true
])
当我正在编辑类似的电子邮件test@gmail.com1并提交表单时,它会显示错误"此值不是有效的电子邮件地址".没关系,但是在那之后symfony将错误的电子邮件填充到令牌中,当我要去任何其他页面或只是重新加载页面时,我得到了这个:
警告安全性在所选用户提供程序中找不到用户名.
我认为问题是:为什么symfony填充错误的电子邮件验证失败的令牌以及我如何防止它?
控制器:
public function meSettingsAction(Request $request)
{
$user = $this->getUser();
$userUnSubscribed = $this->getDoctrine()->getRepository('AppBundle:UserUnsubs')->findOneBy(
[
'email' => $user->getEmail(),
]
);
$form = $this->createForm(UserSettingsType::class, $user);
$form->get('subscribed')->setData(!(bool)$userUnSubscribed);
$form->handleRequest($request);
if ($form->isSubmitted() && $form->isValid()) {
/**
* @var $user User
*/
$user = $form->getData();
/** @var UploadedFile $avatar */
$avatar = $request->files->get('user_settings')['photo'];
$em = $this->getDoctrine()->getManager();
if ($avatar) {
$avatar_content = file_get_contents($avatar->getRealPath());
$avatarName = uniqid().'.jpg';
$oldAvatar = $user->getPhoto();
$user
->setState(User::PHOTO_STATE_UNCHECKED)
->setPhoto($avatarName);
$gearmanClient = $this->get('gearman.client');
$gearmanClient->doBackgroundDependsOnEnv(
'avatar_content_upload',
serialize(['content' => $avatar_content, 'avatarName' => $avatarName, 'oldAvatar' => $oldAvatar])
);
}
$subscribed = $form->get('subscribed')->getData();
if ((bool)$userUnSubscribed && $subscribed) {
$em->remove($userUnSubscribed);
} elseif (!(bool)$userUnSubscribed && !$subscribed) {
$userUnSubscribed = new UserUnsubs();
$userUnSubscribed->setEmail($form->get('email')->getData())->setTs(time());
$em->persist($userUnSubscribed);
}
$user->setLastTs(time());
$em = $this->getDoctrine()->getManager();
$em->persist($user);
$em->flush();
$this->get('user.manager')->refresh($user);
return $this->redirectToRoute('me');
}
return $this->render(
':user:settings.html.twig',
[
'form' => $form->createView(),
]
);
}
UPD: 如果我更改OAuthProvider,它可以正常工作:
/**
* @param \Symfony\Component\Security\Core\User\UserInterface $user
*
* @return \Symfony\Component\Security\Core\User\UserInterface
*/
public function refreshUser(UserInterface $user)
{
return $this->loadUserByUsername($user->getName());
}
至:
/**
* @param \Symfony\Component\Security\Core\User\UserInterface $user
*
* @return \Symfony\Component\Security\Core\User\UserInterface
*/
public function refreshUser(UserInterface $user)
{
return $this->userManager($user->getId());
}
但它似乎是肮脏的黑客.
谢谢.
这是一个棘手的问题,感谢存储库,更容易隔离问题。您将身份验证令牌中的用户对象绑定到该createForm()方法。之后
$form->handleRequest($request)
调用电子邮件关闭令牌用户对象已更新。
我首先想到通过在实体中实现EquatableInterface.html来解决这个问题,User但这不起作用,因为比较对象已经设置了错误的电子邮件地址。
实现 EquatableInterface 接口也可能很有用,该接口定义了一个方法来检查用户是否等于当前用户。该接口需要 isEqualTo() 方法。)
我考虑过强制从数据库重新加载用户并重置安全令牌,但我想到的是,如果表单失败,只需从数据库刷新当前用户对象就足够了:
$this->get('doctrine')->getManager()->refresh($this->getUser());`
在您的控制器中,这可以解决您的问题。
/**
* @Route("/edit_me", name="edit")
* @Security("has_role('ROLE_USER')")
*/
public function editMyselfAction(Request $request) {
$form = $this->createForm(User::class, $this->getUser());
if ($request->isMethod(Request::METHOD_POST)) {
$form->handleRequest($request);
if ($form->isSubmitted() && $form->isValid()) {
$user = $form->getData();
$em = $this->getDoctrine()->getManager();
$em->persist($user);
$em->flush();
} else {
$this->get('doctrine')->getManager()->refresh($this->getUser());
}
}
return $this->render(':security:edit.html.twig',['form' => $form->createView()]);
}
替代解决方案
Symfony 存储库中的问题导致了一些关于避免表单中的实体和 解耦您的安全用户的宝贵意见,这为解决您的问题提供了更复杂的方法。