Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Valery2014-03-14 09:14:01
User identification
Valery, 2014-03-14 09:14:01

Why does Symfony 2.3 logout a user with ROLE_IDDQD?

Good morning.
Today is Friday, and as always, unusual things are happening.
There is a project on Symfony 2.3. The onKernelRequest event implements dynamic routing. In fact, we define the control by URL and slip it into the system.
It would seem that everything is fine. But, if the user has the ROLE_IDDQD role, then he is automatically logged out by the system. If you log in with REMEMBERME, then the authorization is still saved thanks to the cookie, but ... logout stops working.
Tried disabling the option for iddqd:

jms_security_extra:
    enable_iddqd_attribute: false

I tried to find out at what point everything breaks down: after I do
return new Response('any content');
authorization in the controller, it crashes.
Tried updating all dependencies. Did not help.
I found out that the whole point is in this non-standard routing, tk. If the route is hardcoded, then everything works fine. The method itself was taken somewhere on the Internet, figured out what was what and slightly modified it:
public function onKernelRequest(GetResponseEvent $event)
{
    if (HttpKernel::MASTER_REQUEST != $event->getRequestType()) {
        return;
    }

    $request = $event->getRequest();

    if ($request->attributes->has('_controller')) {
        return;
    }

    if (!$this->currentNode->hasCurrentPath()) {
        $this->currentNode->setCurrentPath(mb_strtolower($request->getPathInfo()));
    }

    if (!$this->currentNode->hasNode()) {
        return;
    }

    try{
        list($bundle, $controller) = explode(':', $this->currentNode->getNode()->getController()->getController());
        $controllerFilePath = $this->kernel->locateResource($bundle).'Controller/'.basename($controller).'.php';

        $routeCollection = $this->annotationFileReader->load($controllerFilePath);
        $routeCollection->addPrefix($this->currentNode->getNode()->getUrl(true));
    } catch (\Exception $e) {
        return;
    }

    $matcher = new UrlMatcher($routeCollection, $this->router->getMatcher()->getContext());

    try {
        $params = $matcher->match($this->currentNode->getCurrentPath().'/');
    } catch (ResourceNotFoundException $e) {
        try {
            $params = $matcher->match($this->currentNode->getCurrentPath());
        } catch (ResourceNotFoundException $e) {
            return;
        }
    }

    $params['node'] = $this->currentNode->getNode();

    $request->attributes->add($params);
    unset($params['_route']);
    unset($params['_controller']);
    $request->attributes->set('_route_params', $params);
}

If the user does not have the ROLE_IDDQD role, then everything works as it should. Maybe someone will throw an idea in which direction to dig?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
E
Enzo S.2015-01-10 16:04:55
Is it safe to use login:[email protected]? 3Reply
D
Denis Bondarenko2017-01-10 22:58:54
How to login to videoigr.net using PHP/cURL? 1Reply
W
WebDev2019-06-05 13:10:55
Why is there a "leaky" client oAuth authorization? 2Reply
F
fat4lix2015-01-21 11:18:35
Authorization check in CodeIgniter using Dx Auth library? 1Reply
D
Dmitry Andreev2019-06-18 19:38:39
How to make registration with account confirmation by administrator? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question