I have a custom user provider and user entity that I have used successfully in Symfony 2.2. But now I upgraded to 2.3, and I realized the "remember me" functionality is broken. So I created a new sf2 app, and a functional test. The test passed when I used the Acme\DemoBundle defaults. But when I added my provider it started failing again. Here is the test:
<?php
namespace Acme\DemoBundle\Tests\Controller;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
use Symfony\Component\BrowserKit\Cookie;
class DemoControllerTest extends WebTestCase
{
public function testRemember()
{
$client = static::createClient();
$securedPageUri = '/user/settings/account';
$securedPageFilter = 'html:contains("New Password")';
$loginPageFilter = 'html:contains("Login")';
$username = '[email protected]';
$password = 'test';
/*
$securedPageUri = '/demo/secured/hello/World';
$securedPageFilter = 'html:contains("Hello resource secured for admin only.")';
$loginPageFilter = 'html:contains("Login")';
$username = 'admin';
$password = 'adminpass';
*/
// Go to Secured page, and be redirected to Login page
$client->request('GET', $securedPageUri);
$crawler = $client->followRedirect();
$this->assertGreaterThan(0, $crawler->filter($loginPageFilter)->count());
// Try to log in, and be redirected to Secured page
$form = $crawler->selectButton('Login')->form();
$form['_username'] = $username;
$form['_password'] = $password;
$form['_remember_me'] = 1;
$client->submit($form);
$crawler = $client->followRedirect();
$this->assertGreaterThan(0, $crawler->filter($securedPageFilter)->count());
// Remove all the cookies, but keep the "remember me" cookie
$remembermeCookie = $client->getCookieJar()->get('REMEMBERME');
$client->restart();
$client->getCookieJar()->set($remembermeCookie);
// Go to Secured page, this time we should be allowed in
$client->followRedirects();
$crawler = $client->request('GET', $securedPageUri);
//$this->assertTrue($client->getResponse()->isSuccessful());
$this->assertEquals(0, $crawler->filter($loginPageFilter)->count(), "Redirected to Login page"); // THIS IS WHERE THE TEST FAILS
$this->assertGreaterThan(0, $crawler->filter($securedPageFilter)->count());
}
}
The test works fine, I have tried testing it manually too: I log in, delete the session cookie, and try to access the secured page with the remember me cookie. The remember me cookie gets deleted and I'm redirected to the login page :S
Any ideas why this could be happening? My provider does not do anything weird, it just grabs the user from the database as usual. Why on Earth is this affecting the "remember me" functionality? Have there been any changes that I'm not aware of? I'm not using a custom auth provider, just user provider.
Oh and here is the log, with grep security
[2013-07-17 15:18:49] security.DEBUG: Username "[email protected]" was reloaded from user provider. [] []
[2013-07-17 15:18:49] security.DEBUG: Write SecurityContext in the session [] []
[2013-07-17 15:18:49] security.DEBUG: Remember-me cookie detected. [] []
[2013-07-17 15:18:49] security.WARNING: User class for remember-me cookie not supported. [] []
[2013-07-17 15:18:49] security.DEBUG: Clearing remember-me cookie "REMEMBERME" [] []
[2013-07-17 15:18:49] security.INFO: Populated SecurityContext with an anonymous Token [] []
[2013-07-17 15:18:49] security.DEBUG: Access is denied (user is not fully authenticated) by "/srv/www/dev/public/remember/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php" at line 73; redirecting to authentication entry point [] []
[2013-07-17 15:18:49] security.DEBUG: Calling Authentication entry point [] []
[2013-07-17 15:18:49] security.DEBUG: Write SecurityContext in the session [] []
[2013-07-17 15:18:49] security.INFO: Populated SecurityContext with an anonymous Token [] []
[2013-07-17 15:18:49] security.DEBUG: Write SecurityContext in the session [] []
UPDATE : And only when I pasted the log I noticed that warning. Anyway, do you know how to fix that?
UPDATE 2 : If I use the default user provider, but still my own User class, it works fine. The error message is very misleading.
Have a look at Symfony\Component\Security\Http\RememberMe\AbstractRememberMeServices.php#L130 where the security warning comes from.
The Service only provides an abstract method processAutoLoginCookie which you might need to add to your provider in order to process the cookie.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With