Authentication fails silently in Symfony2

Question

I'm having trouble getting authentication to work but it only appears to happen in very specific circumstances. Authentication is done via a third party API so I've written my own user provider class and inside that class is some code that syncs data between the API and Symfony, as part of that syncing process it determines which roles the user should have. After doing this it sets up the relationships between the roles and user via a ManyToMany relationship.

The getRoles() method in my User object gets the role objects out of the database and turns it into an array of strings, the role names come from my database and all start with ROLE_.

If I login with an account that should have no extra roles it works fine, but if I login to an account that should have roles I just get sent back to the login screen with no error message.

I've checked the log and saw these entries:

security.INFO: User "[email protected]" has been authenticated successfully [] []
event.DEBUG: Notified event "security.interactive_login" to listener "Pogo\MyBundle\Listener\LoginListener::onSecurityInteractivelogin". [] []
event.DEBUG: Listener "Symfony\Component\Security\Http\Firewall::onKernelRequest" stopped propagation of the event "kernel.request". [] []
event.DEBUG: Listener "Symfony\Bundle\FrameworkBundle\EventListener\RouterListener" was not called for event "kernel.request". [] []
event.DEBUG: Listener "Symfony\Bundle\AsseticBundle\EventListener\RequestListener" was not called for event "kernel.request". [] []
event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\Firewall\ContextListener::onKernelResponse". [] []
security.DEBUG: Write SecurityContext in the session [] []
event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ResponseListener::onKernelResponse". [] []
event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bundle\SecurityBundle\EventListener\ResponseListener::onKernelResponse". [] []
event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\FirePHPHandler::onKernelResponse". [] []
event.DEBUG: Notified event "kernel.response" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\CacheListener::onKernelResponse". [] []
event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelResponse". [] []
event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bundle\WebProfilerBundle\EventListener\WebDebugToolbarListener::onKernelResponse". [] []
event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\FrameworkBundle\EventListener\RouterListener::onEarlyKernelRequest". [] []
event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\FrameworkBundle\EventListener\SessionListener::onKernelRequest". [] []
event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\Security\Http\Firewall::onKernelRequest". [] []
security.INFO: Populated SecurityContext with an anonymous Token [] []
event.DEBUG: Notified event "kernel.exception" to listener "Symfony\Component\Security\Http\Firewall\ExceptionListener::onKernelException". [] []
security.DEBUG: Access denied (user is not fully authenticated); redirecting to authentication entry point [] []
security.DEBUG: Calling Authentication entry point [] []

I don't understand how it can be authenticated at top, then as soon as it checks the firewall it finds itself with an anonymous token which is why it presumably sends me back to the login screen.

My firewall / access_control settings are:

firewalls:
    public:
        pattern: /.*
        anonymous: true
        tessitura_login:
            login_path: /account/login
            check_path: /secure/login_check
        logout:
            path: /secure/logout
            target: /
access_control:
    - { path: ^/secure/.*, role: ROLE_USER }
    - { path: ^/admin.*, role: ROLE_ADMIN }
    - { path: ^/account/login/?, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: /.*, role: IS_AUTHENTICATED_ANONYMOUSLY }

Any help with this would be massively appreciated, I've spent a few hours on this now and am completely stumped.

Answer 1

Got this silent fail issue when was using phone number as username and didn't specified username property in refreshUser() method, which should be:

public function refreshUser(UserInterface $customer)
{
    $class = get_class($customer);

    if( !$this->supportsClass($class) ) {
        throw new UnsupportedUserException("Instances of \"{$class}\" are not supported");
    }

    return $this->loadUserByUsername($customer->getPhoneNumber()); // <-- This is it!
}

I think I'm not the only one who missed it, might help.

Answer 2

A broken session storage caused this for me. I was using PdoSessionHandler and disappointingly it gave no clear error or log message.