Reputation: 661
symfony 3.4 "Refreshing a deauthenticated user is deprecated"
while trying to upgrade existing symfony project from 3.3.10 to 3.4.x which should be LTS, I managed to upgrade components through composer. after upgrade all things works as expected, but unit tests shows deprecation error
Refreshing a deauthenticated user is deprecated as of 3.4 and will trigger a logout in 4.0: 77x
some googling around points me to the commits probably showing the change https://github.com/showpad/Symfony-Security/pull/1/commits/3663bbec5fc60565de476fc180f85e1121339072
so I tried to resolve it, and after digging in code I put a new setting into security.xml
main:
+ logout_on_user_change: true
anonymous: ~
this resolves a deprecation warning, but completely breakes the authentication using custom entity, user is not authenticated at all and log shows error:
[2017-12-07 15:48:24] security.DEBUG: Token was deauthenticated after trying to refresh it. {"username":"aaa","provider":"Symfony\\Bridge\\Doctrine\\Security\\User\\EntityUserProvider"} []
so the question is "how to properly resolve the deprecation issue" ?
Upvotes: 3
Views: 3242
Answers (1)
Reputation: 661
the problem of broken authentication
2017-12-07 15:48:24] security.DEBUG: Token was deauthenticated after trying to refresh it. {"username":"aaa","provider":"Symfony\\Bridge\\Doctrine\\Security\\User\\EntityUserProvider"} []
was, that I was not following the documentation https://symfony.com/doc/3.4/security/entity_provider.html#create-your-user-entity which says, that there should be also password field (I would not let symfony to put credentials on disk too many times). In symfony 3.3 it was ok, in symfony 3.4 the field must be present ...
diff --git a/src/GuserBundle/Entity/User.php b/src/GuserBundle/Entity/User.php
index 4adeaf9..b1b33fd 100644
--- a/src/GuserBundle/Entity/User.php
+++ b/src/GuserBundle/Entity/User.php
@@ -152,13 +152,13 @@ class User implements AdvancedUserInterface, \Serializable {
/** @see \Serializable::serialize() */
public function serialize() {
- return serialize(array($this->id, $this->username, $this->active,));
+ return serialize(array($this->id, $this->username, $this->password, $this->active, $this->locked));
}
/** @see \Serializable::unserialize() */
public function unserialize($serialized) {
- list($this->id, $this->username, $this->active,) = unserialize($serialized);
+ list($this->id, $this->username, $this->password, $this->active, $this->locked) = unserialize($serialized);
}
Upvotes: 1
Related Questions
- Symfony authentication (You cannot refresh a user from the EntityUserProvider)
- There is no user provider for user, symfony 3.4.37 and 4.4.3
- Symfony: How do I refresh the authenticated user from the database?
- Symfony 3.4 : How to force de-authentication
- Symfony 2.8 -> 3.4 Upgrade IsGranted('IS_AUTHENTICATED_ANONYMOUSLY') Throws Errors
- Getting "cannot refresh user" error with symfony2 and doctrine
- Symfony3 loses user session instantly on login
- Symfony 3, populating token and refreshing user
- Symfony 2 Logout (UserInterface::eraseCredentials)
- Symfony2 custom user provider authenticate after refresh