Why is the user still anonymous after login?

B

BonBon Slick2018-04-24 10:35:23

symfony

BonBon Slick, 2018-04-24 10:35:23

providers:
        db_user_provider:
            entity:
               class: 'App\Entity\User'

    firewalls:
      dev:
          pattern: ^/(_(profiler|wdt)|css|images|js)/
          security: false

      secured_area:
          pattern:  ^/aa
          anonymous:  ~
// если тут поставить как должно быть FALSE, будет выкидывать окно для авторизации, в котором все-равно невозможно авторизироваться
          http_basic: true
          provider: 'db_user_provider'

      api:
        pattern: ^/api
        provider: 'db_user_provider'
        http_basic: false
        anonymous:  true
#        remember_me:

...

 /** @var User $user */
        $user = ...
        $token = new UsernamePasswordToken($user, null, 'secured_area', $user->toRoles());
        $this->get('security.token_storage')->setToken($token);
        $this->get('session')->set('_security_secured_area', serialize($token));

       return new RedirectResponse($this->generateUrl('admin.dashboard'));

The token has been generated and saved in the var/sessions/dev folder, however there is nothing in the google chrome developer panel under Sessions.
Before authorization writes that N / A, and after authorization such that it is authorized anonymously.
User in token

$user = User {#3191 ▼
  -id: 1
  -email: UserEmail {#3209 ▼
    -email: "[email protected]"
  }
  -password: UserPassword {#3215 ▼
    -password: "$2y$13$Abjsa3QmN0yEuwKUkcOigeJcI3OFg2RnqoJyBZtYFeDWmLAK8uyWG"
  }
  #plainPassword: null
  -salt: UserSalt {#3221 ▼
    -salt: "pQGzrmJE6URrBP80u2+kCbkfjxLjkIR4xPhMOmE4TGpVm4Eil0rOJ/CCN5QCngewwFzXfOQPJg=="
  }
  -roles: array:1 [▼
    0 => "ROLE_ADMIN"
  ]
}

I thought the problem was my implementation, however, I copied everything from here
https://symfony.com/doc/current/security/entity_pr...
the current user is anonymous, and the user is anonymous, why?
An example of a token that only creates in the var/ses/dev folder

_sf2_attributes|a:1:{s:14:"_security_main";s:386:"C:74:"Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken":298:{a:3:{i:0;N;i:1;s:4:"main";i:2;s:258:"a:4:{i:0;C:32:"App\Entity\User":47:{a:3:{i:0;i:1;i:1;s:6:"ADMINN";i:2;s:5:"admin";}}i:1;b:1;i:2;a:1:{i:0;O:41:"Symfony\Component\Security\Core\Role\Role":1:{s:47:" Symfony\Component\Security\Core\Role\Role role";s:9:"ROLE_USER";}}i:3;a:0:{}}";}}";}_sf2_meta|a:3:{s:1:"u";i:1524566202;s:1:"c";i:1524566202;s:1:"l";s:1:"0";}

Token during authorization:

UsernamePasswordToken {#3295 ▼
  -credentials: null
  -providerKey: "admin"
  -user: User {#3243 ▼
    -uuid: UserID {#3249 ▶}
    -nickname: UserNickname {#3255 ▶}
    -email: UserEmail {#3261 ▼
      -email: "[email protected]"
    }
    -password: UserPassword {#3267 ▶}
    #plainPassword: null
    -salt: UserSalt {#3273 ▶}
    -createdAt: Carbon @1524567540 {#3240 ▶}
    -roles: array:2 [▶]
  }
  -roles: array:2 [▼
    0 => Role {#3296 ▼
      -role: "ROLE_USER"
    }
    1 => Role {#3297 ▼
      -role: "ROLE_ADMIN"
    }
  ]
  -authenticated: true
  -attributes: []
}

After authorization, when we go to the dashboard link:

TokenStorage {#1701 ▼
  -token: AnonymousToken {#1867 ▼
    -secret: "YCvNHkx"
    -user: "anon."
    -roles: []
    -authenticated: true
    -attributes: []
  }
}

However, the user is still an anon, as shown by the profiler and check for isGranted in the twig template.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

B

BonBon Slick, 2018-04-25
@BonBonSlick

https://github.com/symfony/symfony/issues/18608

A

Alexander, 2018-04-24
@Minifets

secured_area

is it a firewall? Does it have a provider?
provider: db_user_provider