Symfony 4.2 isPasswordValid 方法在我的用户更改电子邮件时断开连接

Question

我正在使用新的 Symfony 4.2.1，但是当我尝试使用 UserPasswordEncoderInterface 检查密码时遇到一个问题，我正在使用以下方法检查：isPasswordValid(UserInterface $user, $raw)

当我使用表单编辑用户时，我正在检查密码是否有效，但是如果我修改表单中的电子邮件，如果密码错误，我将退出。

我希望用户输入他的密码来更新他的帐户。我使用 make:user、make:auth

创建了身份验证

在文档中，方法 return 只有一个布尔值，没有侦听器...

我的方法：


    public function userEdit(Request $request, UserPasswordEncoderInterface $userPasswordEncoder): Response
        {
            /**
             * @var User $user
             */
            $user = $this->getUser();
            $formUserInformations = $this->createForm(UserType::class, $user);
            $formUserInformations->handleRequest($request);

            if ($formUserInformations->isSubmitted() && $formUserInformations->isValid()) {
                $passwordEncode = $userPasswordEncoder->isPasswordValid($this->getUser(), $request->get("password"));

                if($passwordEncode) {
                    $this->getDoctrine()->getManager()->flush();
                    $this->addFlash(
                        'success',
                        'Update OK !'
                    );

                } else {
                    $this->addFlash(
                        'danger',
                        'Wrong password, try again !'
                    );
                }
                return $this->redirectToRoute('user_account');
            }

但是当我更改电子邮件表单时，如果密码错误，这会让我退出。我尝试更改行： $passwordEncode = $userPasswordEncoder->isPasswordValid($user, $request->get("password")); 但是还是一样的问题。

我的security.yaml:


    security:
        encoders:
            App\Entity\User:
                algorithm: argon2i

        providers:
            app_user_provider:
                entity:
                    class: App\Entity\User
                    property: email
        firewalls:
            dev:
                pattern: ^/(_(profiler|wdt)|css|images|js)/
                security: false
            main:
                anonymous: true
                guard:
                    authenticators:
                        - App\Security\LoginFormAuthenticator
                logout:
                    path:   security_logout
                    target: security_login

我的LoginFormAuthenticator.php

    <?php

    namespace App\Security;

    use App\Entity\User;
    use Doctrine\ORM\EntityManagerInterface;
    use Symfony\Component\HttpFoundation\RedirectResponse;
    use Symfony\Component\HttpFoundation\Request;
    use Symfony\Component\Routing\RouterInterface;
    use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
    use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
    use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
    use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
    use Symfony\Component\Security\Core\Security;
    use Symfony\Component\Security\Core\User\UserInterface;
    use Symfony\Component\Security\Core\User\UserProviderInterface;
    use Symfony\Component\Security\Csrf\CsrfToken;
    use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
    use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator;
    use Symfony\Component\Security\Http\Util\TargetPathTrait;

    class LoginFormAuthenticator extends AbstractFormLoginAuthenticator
    {
        use TargetPathTrait;

        private $entityManager;
        private $router;
        private $csrfTokenManager;
        private $passwordEncoder;

        public function __construct(EntityManagerInterface $entityManager, RouterInterface $router, CsrfTokenManagerInterface $csrfTokenManager, UserPasswordEncoderInterface $passwordEncoder)
        {
            $this->entityManager = $entityManager;
            $this->router = $router;
            $this->csrfTokenManager = $csrfTokenManager;
            $this->passwordEncoder = $passwordEncoder;
        }

        public function supports(Request $request)
        {
            return 'security_login' === $request->attributes->get('_route')
                && $request->isMethod('POST') && $request->get('login');
        }

        public function getCredentials(Request $request)
        {
            $credentials = [
                'email' => $request->request->get('email'),
                'password' => $request->request->get('password'),
                'csrf_token' => $request->request->get('_csrf_token'),
            ];
            $request->getSession()->set(
                Security::LAST_USERNAME,
                $credentials['email']
            );

            return $credentials;
        }

        public function getUser($credentials, UserProviderInterface $userProvider)
        {
            $token = new CsrfToken('authenticate', $credentials['csrf_token']);
            if (!$this->csrfTokenManager->isTokenValid($token)) {
                throw new InvalidCsrfTokenException();
            }

            $user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => $credentials['email']]);

            if (!$user) {
                // fail authentication with a custom error
                throw new CustomUserMessageAuthenticationException('Email could not be found.');
            }

            return $user;
        }

        public function checkCredentials($credentials, UserInterface $user)
        {
            return $this->passwordEncoder->isPasswordValid($user, $credentials['password']);
        }

        public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
        {
            if ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) {
                return new RedirectResponse($targetPath);
            }

            return new RedirectResponse($this->router->generate('user_dashboard'));
        }

        protected function getLoginUrl()
        {
            return $this->router->generate('security_login');
        }
    }

Answer 1

@Zorphen 回答了这个问题。谢谢。

我必须在渲染视图之前添加 $this->getDoctrine()->getManager()->refresh($user);，现在效果很好。

谢谢。

        if ($formUserInformations->isSubmitted() && $formUserInformations->isValid()) {
            $passwordEncode = $userPasswordEncoder->isPasswordValid($this->getUser(), $request->get("password"));

            if($passwordEncode) {
                $this->getDoctrine()->getManager()->flush();
                $this->addFlash(
                    'success',
                    'Update OK !'
                );

            } else {
                $this->addFlash(
                    'danger',
                    'Wrong password, try again !'
                );
            }
            $this->getDoctrine()->getManager()->refresh($user);
            return $this->redirectToRoute('user_account');
        }

Answer 2

表单有效或无效时添加$this->getDoctrine()->getManager()->refresh($user)

Symfony 4.2 isPasswordValid 方法在我的用户更改电子邮件时断开连接

Symfony 4.2 isPasswordValid method disconect my user when he change e-mail

symfony

encoder