CODEWITHSUNDEEP
symfonyauthenticationoauthauthorization
Ignas Damunskis
Ignas Damunskis

Reputation: 1504

Symfony2 - user loses IS_AUTHENTICATED_FULLY role after some time

I entered my website homepage after weekend and I see myself logged in in homepage and homepage is not for logged in users! Usually it works correctly and I do not know what happened, if I logout and login again it is working fine again.

enter image description here

There are few problems with it:

  1. I entered my homepage as logged in user even tho I clearly state in controller:

     if ($this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
     return $this->redirectToRoute('authorization');
 }

So I should be redirected to page authorization, but I am not.

  1. I can see "HOME" link in navigation, but in my menu builder code I check if user IS_AUTHENTICATED_FULLY before displaying it:

    if ($securityContext->getToken()) {
    if(!$securityContext->isGranted('IS_AUTHENTICATED_FULLY')) {
        $menu->addChild('HOME', array(
            'route' => 'homepage',
            'attributes' => array(
                'class' => 'nav-li'
            )
        ));
    }
}

It seems that sometimes IS_AUTHENTICATED_FULLY is not working as the way to check if the user is logged in.

P.S. I did login to website on friday using form with remember_me, not sure if few days span has something to do with it.

Here are my firewalls (I have multiple login forms in different pages):

firewalls:
    about:
        pattern:    ^/about
        anonymous:  ~
        provider:   main
        context:    primary_auth
        form_login:
            login_path:             /about
            check_path:             /about/login_check
            default_target_path:    /authorization
        logout:
            path: /logout
            target: homepage
        remember_me:
            secret: '%secret%'
            lifetime: 31536000

    programs:
        pattern:    ^/programs
        anonymous:  ~
        provider:   main
        context:    primary_auth
        form_login:
            login_path:             /programs
            check_path:             /programs/login_check
            default_target_path:    /authorization
        logout:
            path: /logout
            target: homepage
        remember_me:
            secret: '%secret%'
            lifetime: 31536000

    contacts:
        pattern:    ^/contacts
        anonymous:  ~
        provider:   main
        context:    primary_auth
        form_login:
            login_path:             /contacts
            check_path:             /contacts/login_check
            default_target_path:    /authorization
        logout:
            path: /logout
            target: homepage
        remember_me:
            secret: '%secret%'
            lifetime: 31536000

    main:
        pattern:    ^
        anonymous:  ~
        provider:   main
        context:    primary_auth
        form_login:
            login_path:             /
            check_path:             /login_check
            default_target_path:    /authorization
        logout:
            path: /logout
            target: homepage
        remember_me:
            secret: '%secret%'
            lifetime: 31536000
        oauth:
            resource_owners:
                trainee_facebook:       /login/check-facebook
                trainee_linkedin:       /login/check-trainee-linkedin
                trainee_xing:           /login/check-trainee-xing
                company_linkedin:       /login/check-company-linkedin
                company_xing:           /login/check-company-xing
                university_linkedin:    /login/check-university-linkedin
                university_xing:        /login/check-university-xing
            login_path:             /
            use_forward:            false
            failure_path:           /failure-path
            default_target_path:    /authorization
            oauth_user_provider:
                service: my_custom_user_provider

UPDATE

Suddenly instead of IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED is working fine and I do not understand why! Is there any explanation why would user lose IS_AUTHENTICATED_FULLY role by the time?

Upvotes: 0

Views: 738

Answers (1)

Gerry
Gerry

Reputation: 6012

Your session probably expired, and you were authenticated automatically again using the "remember me" functionality.

As described in the docs (http://symfony.com/doc/current/security.html#checking-to-see-if-a-user-is-logged-in-is-authenticated-fully), users authenticated by the "remember me" functionality will not have the role IS_AUTHENTICATED_FULLY.

In this case, you should check for the role IS_AUTHENTICATED_REMEMBERED, which also is granted to users who are authenticated "fully".

I do understand the naming is confusing, but you could think of the role IS_AUTHENTICATED_REMEMBERED as "is authenticated fully or by remember me".

Upvotes: 2

Related Questions