symfony 3.4 "Refreshing a deauthenticated user is deprecated"
symfony 3.4 "Refreshing a deauthenticated user is deprecated"
在尝试将现有的 symfony 项目从 3.3.10 升级到 3.4.x(应该是 LTS)时,我设法通过 composer 升级了组件。升级后一切正常,但单元测试显示弃用错误
Refreshing a deauthenticated user is deprecated as of 3.4 and will trigger a logout in 4.0: 77x
一些谷歌搜索让我找到了可能显示更改的提交
https://github.com/showpad/Symfony-Security/pull/1/commits/3663bbec5fc60565de476fc180f85e1121339072
所以我尝试解决它,在深入研究代码后,我将新设置放入 security.xml
main:
+ logout_on_user_change: true
anonymous: ~
这解决了弃用警告,但完全破坏了使用自定义实体的身份验证,用户根本未通过身份验证并且日志显示错误:
[2017-12-07 15:48:24] security.DEBUG: Token was deauthenticated after trying to refresh it. {"username":"aaa","provider":"Symfony\Bridge\Doctrine\Security\User\EntityUserProvider"} []
所以问题是 "how to properly resolve the deprecation issue" ?
认证失败的问题
2017-12-07 15:48:24] security.DEBUG: Token was deauthenticated after trying to refresh it. {"username":"aaa","provider":"Symfony\Bridge\Doctrine\Security\User\EntityUserProvider"} []
是,我没有遵循文档 https://symfony.com/doc/3.4/security/entity_provider.html#create-your-user-entity,其中说,还应该有密码字段(我不会让 symfony 多次将凭据放在磁盘上)。在 symfony 3.3 中没问题,在 symfony 3.4 中该字段必须存在...
diff --git a/src/GuserBundle/Entity/User.php b/src/GuserBundle/Entity/User.php
index 4adeaf9..b1b33fd 100644
--- a/src/GuserBundle/Entity/User.php
+++ b/src/GuserBundle/Entity/User.php
@@ -152,13 +152,13 @@ class User implements AdvancedUserInterface, \Serializable {
/** @see \Serializable::serialize() */
public function serialize() {
- return serialize(array($this->id, $this->username, $this->active,));
+ return serialize(array($this->id, $this->username, $this->password, $this->active, $this->locked));
}
/** @see \Serializable::unserialize() */
public function unserialize($serialized) {
- list($this->id, $this->username, $this->active,) = unserialize($serialized);
+ list($this->id, $this->username, $this->password, $this->active, $this->locked) = unserialize($serialized);
}
在尝试将现有的 symfony 项目从 3.3.10 升级到 3.4.x(应该是 LTS)时,我设法通过 composer 升级了组件。升级后一切正常,但单元测试显示弃用错误
Refreshing a deauthenticated user is deprecated as of 3.4 and will trigger a logout in 4.0: 77x
一些谷歌搜索让我找到了可能显示更改的提交 https://github.com/showpad/Symfony-Security/pull/1/commits/3663bbec5fc60565de476fc180f85e1121339072
所以我尝试解决它,在深入研究代码后,我将新设置放入 security.xml
main:
+ logout_on_user_change: true
anonymous: ~
这解决了弃用警告,但完全破坏了使用自定义实体的身份验证,用户根本未通过身份验证并且日志显示错误:
[2017-12-07 15:48:24] security.DEBUG: Token was deauthenticated after trying to refresh it. {"username":"aaa","provider":"Symfony\Bridge\Doctrine\Security\User\EntityUserProvider"} []
所以问题是 "how to properly resolve the deprecation issue" ?
认证失败的问题
2017-12-07 15:48:24] security.DEBUG: Token was deauthenticated after trying to refresh it. {"username":"aaa","provider":"Symfony\Bridge\Doctrine\Security\User\EntityUserProvider"} []
是,我没有遵循文档 https://symfony.com/doc/3.4/security/entity_provider.html#create-your-user-entity,其中说,还应该有密码字段(我不会让 symfony 多次将凭据放在磁盘上)。在 symfony 3.3 中没问题,在 symfony 3.4 中该字段必须存在...
diff --git a/src/GuserBundle/Entity/User.php b/src/GuserBundle/Entity/User.php
index 4adeaf9..b1b33fd 100644
--- a/src/GuserBundle/Entity/User.php
+++ b/src/GuserBundle/Entity/User.php
@@ -152,13 +152,13 @@ class User implements AdvancedUserInterface, \Serializable {
/** @see \Serializable::serialize() */
public function serialize() {
- return serialize(array($this->id, $this->username, $this->active,));
+ return serialize(array($this->id, $this->username, $this->password, $this->active, $this->locked));
}
/** @see \Serializable::unserialize() */
public function unserialize($serialized) {
- list($this->id, $this->username, $this->active,) = unserialize($serialized);
+ list($this->id, $this->username, $this->password, $this->active, $this->locked) = unserialize($serialized);
}