symfony 3.4 "Refreshing a deauthenticated user is deprecated"

symfony 3.4 "Refreshing a deauthenticated user is deprecated"

在尝试将现有的 symfony 项目从 3.3.10 升级到 3.4.x(应该是 LTS)时,我设法通过 composer 升级了组件。升级后一切正常,但单元测试显示弃用错误

Refreshing a deauthenticated user is deprecated as of 3.4 and will trigger a logout in 4.0: 77x

一些谷歌搜索让我找到了可能显示更改的提交 https://github.com/showpad/Symfony-Security/pull/1/commits/3663bbec5fc60565de476fc180f85e1121339072

所以我尝试解决它,在深入研究代码后,我将新设置放入 security.xml

         main:
+            logout_on_user_change: true
             anonymous: ~

这解决了弃用警告,但完全破坏了使用自定义实体的身份验证,用户根本未通过身份验证并且日志显示错误:

[2017-12-07 15:48:24] security.DEBUG: Token was deauthenticated after trying to refresh it. {"username":"aaa","provider":"Symfony\Bridge\Doctrine\Security\User\EntityUserProvider"} []

所以问题是 "how to properly resolve the deprecation issue" ?

认证失败的问题 2017-12-07 15:48:24] security.DEBUG: Token was deauthenticated after trying to refresh it. {"username":"aaa","provider":"Symfony\Bridge\Doctrine\Security\User\EntityUserProvider"} []

是,我没有遵循文档 https://symfony.com/doc/3.4/security/entity_provider.html#create-your-user-entity,其中说,还应该有密码字段(我不会让 symfony 多次将凭据放在磁盘上)。在 symfony 3.3 中没问题,在 symfony 3.4 中该字段必须存在...

diff --git a/src/GuserBundle/Entity/User.php b/src/GuserBundle/Entity/User.php
index 4adeaf9..b1b33fd 100644
--- a/src/GuserBundle/Entity/User.php
+++ b/src/GuserBundle/Entity/User.php
@@ -152,13 +152,13 @@ class User implements AdvancedUserInterface, \Serializable {
        /** @see \Serializable::serialize() */
        public function serialize() {
-               return serialize(array($this->id, $this->username, $this->active,));
+               return serialize(array($this->id, $this->username, $this->password, $this->active, $this->locked));
        }
        /** @see \Serializable::unserialize() */
        public function unserialize($serialized) {
-               list($this->id, $this->username, $this->active,) = unserialize($serialized);
+               list($this->id, $this->username, $this->password, $this->active, $this->locked) = unserialize($serialized);
        }