From 9c5e79d4592ce0b50dc5106363107ccb584090eb Mon Sep 17 00:00:00 2001 From: flo Date: Mon, 11 Jun 2018 21:51:49 +0200 Subject: [PATCH 1/4] Token was deauthenticated Error Symfony 4 We should no long used Serializable interface in Symfony 4 it's caused error when you log with a user 'Token was deauthenticated after trying to refresh it' we should use EquatableInterface and isEqualTo method --- security/entity_provider.rst | 41 ++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/security/entity_provider.rst b/security/entity_provider.rst index 7a417b2fa80..5624267fecd 100644 --- a/security/entity_provider.rst +++ b/security/entity_provider.rst @@ -42,12 +42,13 @@ with the following fields: ``id``, ``username``, ``password``, use Doctrine\ORM\Mapping as ORM; use Symfony\Component\Security\Core\User\UserInterface; + use Symfony\Component\Security\Core\User\EquatableInterface; /** * @ORM\Table(name="app_users") * @ORM\Entity(repositoryClass="App\Repository\UserRepository") */ - class User implements UserInterface, \Serializable + class User implements UserInterface, EquatableInterface { /** * @ORM\Column(type="integer") @@ -109,28 +110,26 @@ with the following fields: ``id``, ``username``, ``password``, { } - /** @see \Serializable::serialize() */ - public function serialize() + /** + * The equality comparison should neither be done by referential equality + * nor by comparing identities (i.e. getId() === getId()). + * + * However, you do not need to compare every attribute, but only those that + * are relevant for assessing whether re-authentication is required. + * + * @return bool + */ + public function isEqualTo(UserInterface $user) { - return serialize(array( - $this->id, - $this->username, - $this->password, - // see section on salt below - // $this->salt, - )); - } + if ($this->password !== $user->getPassword()) { + return false; + } - /** @see \Serializable::unserialize() */ - public function unserialize($serialized) - { - list ( - $this->id, - $this->username, - $this->password, - // see section on salt below - // $this->salt - ) = unserialize($serialized, ['allowed_classes' => false]); + if ($this->email !== $user->getUsername()) { + return false; + } + + return true; } } From b1663eea9697a287b1c2db7317127aca22ab4aa9 Mon Sep 17 00:00:00 2001 From: flo Date: Wed, 13 Jun 2018 15:54:31 +0200 Subject: [PATCH 2/4] Add doc for EquatableInterface interface --- security/entity_provider.rst | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/security/entity_provider.rst b/security/entity_provider.rst index 5624267fecd..0c291f51db9 100644 --- a/security/entity_provider.rst +++ b/security/entity_provider.rst @@ -42,13 +42,14 @@ with the following fields: ``id``, ``username``, ``password``, use Doctrine\ORM\Mapping as ORM; use Symfony\Component\Security\Core\User\UserInterface; + use Serializable; use Symfony\Component\Security\Core\User\EquatableInterface; /** * @ORM\Table(name="app_users") * @ORM\Entity(repositoryClass="App\Repository\UserRepository") */ - class User implements UserInterface, EquatableInterface + class User implements UserInterface, Serializable, EquatableInterface { /** * @ORM\Column(type="integer") @@ -109,8 +110,34 @@ with the following fields: ``id``, ``username``, ``password``, public function eraseCredentials() { } + + /** @see \Serializable::serialize() */ + public function serialize() + { + return serialize(array( + $this->id, + $this->username, // you should use $this->email if you don't use username but email to log user + $this->password, + // see section on salt below + // $this->salt, + )); + } + + /** @see \Serializable::unserialize() */ + public function unserialize($serialized) + { + list ( + $this->id, + $this->username, // you should use $this->email if you don't use username but email to log user + $this->password, + // see section on salt below + // $this->salt + ) = unserialize($serialized, ['allowed_classes' => false]); + } /** + * if you want to keep the control on what attributes are are compared at each request to know if user have changed, + * you can implement Equatable interface and the method isEqualTo and add all attributes you want compare. * The equality comparison should neither be done by referential equality * nor by comparing identities (i.e. getId() === getId()). * @@ -125,7 +152,7 @@ with the following fields: ``id``, ``username``, ``password``, return false; } - if ($this->email !== $user->getUsername()) { + if ($this->username !== $user->getUsername()) { return false; } From 1957221dace191f50a0f543b55f76b119584de9a Mon Sep 17 00:00:00 2001 From: flo Date: Fri, 15 Jun 2018 23:32:42 +0200 Subject: [PATCH 3/4] Update entity_provider.rst --- security/entity_provider.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/entity_provider.rst b/security/entity_provider.rst index 0c291f51db9..82dc2560019 100644 --- a/security/entity_provider.rst +++ b/security/entity_provider.rst @@ -136,7 +136,7 @@ with the following fields: ``id``, ``username``, ``password``, } /** - * if you want to keep the control on what attributes are are compared at each request to know if user have changed, + * if you want to keep the control on what attributes are compared at each request to know if user have changed, * you can implement Equatable interface and the method isEqualTo and add all attributes you want compare. * The equality comparison should neither be done by referential equality * nor by comparing identities (i.e. getId() === getId()). From db618db4ef009b49f3ece10305053414c864d5a1 Mon Sep 17 00:00:00 2001 From: flo Date: Sat, 4 Aug 2018 13:41:22 +0200 Subject: [PATCH 4/4] remove use statement and clean comments --- security/entity_provider.rst | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/security/entity_provider.rst b/security/entity_provider.rst index 82dc2560019..0e22e3a4df9 100644 --- a/security/entity_provider.rst +++ b/security/entity_provider.rst @@ -42,14 +42,13 @@ with the following fields: ``id``, ``username``, ``password``, use Doctrine\ORM\Mapping as ORM; use Symfony\Component\Security\Core\User\UserInterface; - use Serializable; use Symfony\Component\Security\Core\User\EquatableInterface; /** * @ORM\Table(name="app_users") * @ORM\Entity(repositoryClass="App\Repository\UserRepository") */ - class User implements UserInterface, Serializable, EquatableInterface + class User implements UserInterface, \Serializable, EquatableInterface { /** * @ORM\Column(type="integer") @@ -116,7 +115,7 @@ with the following fields: ``id``, ``username``, ``password``, { return serialize(array( $this->id, - $this->username, // you should use $this->email if you don't use username but email to log user + $this->username, $this->password, // see section on salt below // $this->salt, @@ -128,7 +127,7 @@ with the following fields: ``id``, ``username``, ``password``, { list ( $this->id, - $this->username, // you should use $this->email if you don't use username but email to log user + $this->username, $this->password, // see section on salt below // $this->salt @@ -152,10 +151,6 @@ with the following fields: ``id``, ``username``, ``password``, return false; } - if ($this->username !== $user->getUsername()) { - return false; - } - return true; } }