Symfony2:使用 Doctrine2 实体进行身份验证 - 保存实体后密码设置为空白值
我在这里已经走进了死胡同。当我在控制器中保存任何类型的实体时,当前登录用户的密码和盐在数据库中被清空。
这是我的安全配置的相关部分:
security:
encoders:
ISE\LoginBundle\Entity\User:
algorithm: sha1
iterations: 1
encode_as_base64: false
providers:
main:
entity:
class: ISE\LoginBundle\Entity\User
property: username
这是我的用户类的eraseCredentials 方法。我怀疑在某个时刻会调用此方法,然后将用户对象与这些更改一起保存到数据库中。但我不知道那可能在哪里:
class User implements UserInterface {
// ...
public function eraseCredentials() {
$this->password = null;
$this->salt = null;
}
// ...
}
这是我如何在一个控制器中保存实体的示例,在本例中是 ProductController。只是提醒一下:我没有以任何方式操作代码中的 User 对象:
public function createAction() {
// ...
if ($form->isValid()) {
$em = $this->get('doctrine')->getEntityManager();
$em->persist($product);
$em->flush();
return $this->redirect($this->generateUrl('product_create', array('created' => true)));
}
// ...
}
我不希望任何代码删除数据库中的用户密码或盐,但确实发生了这种情况。谁能帮助我提交代码?
I've hit a dead end here. When I save any kind of entity in my controller, the password and salt of the user that is currently logged in is blanked out in the database.
This is a relevant portion of my security configuration:
security:
encoders:
ISE\LoginBundle\Entity\User:
algorithm: sha1
iterations: 1
encode_as_base64: false
providers:
main:
entity:
class: ISE\LoginBundle\Entity\User
property: username
This is the eraseCredentials method of my user class. I suspect that at some point this method is called and then the user object is saved to the database with these changes. But I have no idea where that could be:
class User implements UserInterface {
// ...
public function eraseCredentials() {
$this->password = null;
$this->salt = null;
}
// ...
}
And this is an example of how I save an entity in one of my controllers, in this case it's the ProductController. Just a reminder: I am not manipulating the User object in my code in any way:
public function createAction() {
// ...
if ($form->isValid()) {
$em = $this->get('doctrine')->getEntityManager();
$em->persist($product);
$em->flush();
return $this->redirect($this->generateUrl('product_create', array('created' => true)));
}
// ...
}
I wouldn't expect any of this code to delete the user's password or salt in the database, yet exactly that happens. Can anyone help me beat my code into submission?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Symfony 明文凭证和散列凭证之间存在差异。在“eraseCredentials”中,您应该删除所有纯文本信息,而不是保存到数据库的哈希凭证。
Symfony has a difference between plaintext and hashed credetials. In "eraseCredentials" you are supposed to delete all the plaintext information, not the hashed credetials that are saved to the database.