Skip to content

Token was deauthenticated Error Symfony 4 #9914

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 4 commits into from
Closed

Token was deauthenticated Error Symfony 4 #9914

Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
9c5e79d
Token was deauthenticated Error Symfony 4
walterwhites Jun 11, 2018
b1663ee
Add doc for EquatableInterface interface
walterwhites Jun 13, 2018
1957221
Update entity_provider.rst
walterwhites Jun 15, 2018
db618db
remove use statement and clean comments
walterwhites Aug 4, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 31 additions & 5 deletions security/entity_provider.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,12 +42,14 @@ with the following fields: ``id``, ``username``, ``password``,

use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\UserInterface;
use Serializable;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be reverted. We follow the Symfony code style which does not add use statements for classes from the global namespace.

use Symfony\Component\Security\Core\User\EquatableInterface;

/**
* @ORM\Table(name="app_users")
* @ORM\Entity(repositoryClass="App\Repository\UserRepository")
*/
class User implements UserInterface, \Serializable
class User implements UserInterface, Serializable, EquatableInterface
{
/**
* @ORM\Column(type="integer")
Expand Down Expand Up @@ -108,13 +110,13 @@ with the following fields: ``id``, ``username``, ``password``,
public function eraseCredentials()
{
}

/** @see \Serializable::serialize() */
public function serialize()
{
return serialize(array(
$this->id,
$this->username,
$this->username, // you should use $this->email if you don't use username but email to log user
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO we should remove this comment. Similar things apply to all other attributes as well if you change their names.

$this->password,
// see section on salt below
// $this->salt,
Expand All @@ -126,11 +128,35 @@ with the following fields: ``id``, ``username``, ``password``,
{
list (
$this->id,
$this->username,
$this->username, // you should use $this->email if you don't use username but email to log user
$this->password,
// see section on salt below
// $this->salt
) = unserialize($serialized, ['allowed_classes' => false]);
) = unserialize($serialized, ['allowed_classes' => false]);
}

/**
* if you want to keep the control on what attributes are compared at each request to know if user have changed,
* you can implement Equatable interface and the method isEqualTo and add all attributes you want compare.
* The equality comparison should neither be done by referential equality
* nor by comparing identities (i.e. getId() === getId()).
*
* However, you do not need to compare every attribute, but only those that
* are relevant for assessing whether re-authentication is required.
*
* @return bool
*/
public function isEqualTo(UserInterface $user)
{
if ($this->password !== $user->getPassword()) {
return false;
}

if ($this->username !== $user->getUsername()) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This does not look realistic to me. Users are refreshed by their username. So this should always be the same.

return false;
}

return true;
}
}

Expand Down