FOS UserBundle error on profile change

Question

I'm using symfony 2.0 with the fos user bundle and when it comes to the profile change i get a very strange behavior:

In my user entity im using the FOSValidator like this:

@FOSValidator\Unique(property="usernameCanonical", message="fos_user.username.already_used", groups={"Facebook", "profile_username"})

an in my ProfileController

the form is validated via

$form = $this->container->get('form.factory')->create(new ProfileSimpleFormType(array($field)), $user);
        $session = $this->container->get("session");
        if ($this->container->get('request')->getMethod() == 'POST') {
            $form->bindRequest($this->container->get('request'));
            if ($form->isValid()) {

                    $this->container->get('fos_user.user_manager')->updateUser($user);

                    return $this->container->get('templating')->renderResponse('FOSUserBundle:Profile:show_field.html.' . $this->container->getParameter('fos_user.template.engine'), array(
                        'field' => $field,
                        'user' => $user
                    ));
//                }
            }else{
                $user2 = $this->container->get('security.context')->getToken()->getUser();
            }
        }

But now to the strange behavior:

if the form is not valid because the username exists the $user2 is set the user with the existing username so i can hijack an other account just by changing my username.

I tried to debug a view kind of listeners but i cant find the point where the existing username is set to the secury token.

Answer 1

I solved the problem myself. The solution is to tell the usermanager to reload the user via:

$this->container->get('fos_user.user_manager')->reloadUser($user);