Skip to content
Advertisement

Symfony4: Security user session saving from DB (Entity) does not work

When I was verifying the operation with Symfony4, when I entered the ID and password, the same login page was displayed.
It seems that I haven’t passed the information necessary for making it behaviorally serious, but I don’t know how to fix it.
Putting $this->salt in selialize() didn’t change.
Are there any other problems?
It worked in Symfony 3.4.

https://symfony.com/doc/4.0/security/entity_provider.html

Staff.php

use SymfonyComponentSecurityCoreUserAdvancedUserInterface;
use AhiSpCommonBundleModelLibParameters;

/**
 * staffentity
 *
 * @ORMEntity(repositoryClass="AhiSpCommonBundleModelRepositoryStaffRepository")
 * @ORMTable(name="staff", uniqueConstraints={
 *      @ORMUniqueConstraint(name="idx_staff_unique", columns={"staff_login_id"}),
 *      @ORMUniqueConstraint(name="idx_image_mail_unique", columns={"image_mail"})
 * })
 * @ORMHasLifecycleCallbacks
 */
class Staff implements AdvancedUserInterface, Serializable
{
    /**
     * @ORMId
     * @ORMColumn(name="id", type="integer", options={"comment"="Staff ID"})
     * @ORMGeneratedValue(strategy="AUTO")
     */
    protected $id;
   /**
     * password
     * @ORMColumn(name="password", type="string", length=255, nullable=true, options={"comment"="password"})
     */
    protected $password;
    /**
     * Get id
     *
     * @return integer
     */
    public function getId()
    {
        return $this->id;
    }
    /**
     * Set raw password.
     *
     * @param string $rawPassword
     */
    public function setRawPassword($rawPassword)
    {
        $this->rawPassword = $rawPassword;

        return $this;
    }

    /**
     * Get raw password.
     *
     * @return string
     */
    public function getRawPassword()
    {
        return $this->rawPassword;
    }

    /**
     * Hash password generation
     * @ORMPrePersist
     * @ORMPreUpdate
     */
    public function makeHashPassword()
    {
        if ($this->rawPassword) {
            $encoderFactory = Parameters::getEncoderFactory();
            $this->password = $encoderFactory->getEncoder($this)->encodePassword(
            $this->rawPassword, Parameters::getParameter('staff_password_salt')
            );
        }
    }
    /**
     * Check if the password is correct
     * @param string $password password
     * @return boolean True if the password is correct
     */
    public function confirmPassword($rawPassword)
    {
        $encoderFactory = Parameters::getEncoderFactory();
        $password = $encoderFactory->getEncoder($this)->encodePassword(
        $rawPassword, Parameters::getParameter('staff_password_salt')
       );
        return ($password === $this->password);
    }
    public function getSalt()
    {
        return Parameters::getParameter('staff_password_salt');      
    }

    public function serialize()
    {
        return serialize(array(
            $this->id,
            $this->password,
        ));
    }

    public function unserialize($serialized)
    {
        list (
            $this->id,
            $this->password,
        ) = unserialize($serialized);
    }

Advertisement

Answer

As advised by @Cerad, I implemented EquatableInterface and it works.

https://symfony.com/doc/4.0/security/custom_provider.html

use SymfonyComponentSecurityCoreUserEquatableInterface;
use SymfonyComponentSecurityCoreUserUserInterface;

class Staff implements AdvancedUserInterface, Serializable, EquatableInterface
{

   /**
     * @see Serializable::serialize()
     */
    public function serialize()
    {
        return serialize(array(
            $this->id,
            $this->password,
      ));
    }

    /**
     * @see Serializable::unserialize()
     */
    public function unserialize($serialized)
    {
        list (
            $this->id,
            $this->password,
      ) = unserialize($serialized, array('allowed_classes' => false));
    }

    public function isEqualTo(UserInterface $user)
    {
        if (!$user instanceof Staff) {
            return false;
        }

        if ($this->password !== $user->getPassword()) {
            return false;
        }

        return true;
    }
User contributions licensed under: CC BY-SA
3 People found this is helpful
Advertisement