I've been trying to use RedBean ORM (http://redbeanphp.com) to implement UserInterface and UserProviderInterface of the Silex Security Provider Package.
Because of the way the RedBean ORM handles functions for its objects, I've needed to wrap the bean object in another class.
This works great for authentication, but fails tests for Remember Me functionality.
I noticed that somewhere along the chain the Security Package serializes the object.
I thought maybe this was the reason for the error, so I created properties for "id" and "password" in my wrapper class and used __sleep and __wakeup methods to ignore the bean during sleep and reload it on wakeup. Despite everything seeming to load properly during __wakeup the test for "Remember Me" functionality is still failing.
I have created a github repository of my code. If anyone has any ideas, I'd much appreciate it!
For some reason RedBean, Silex and PHPUnit aren't allowing themselves to be included in the repository. A simple composer update should pull them down for you. If anyone has any ideas why, I'd appreciate an answer to that as well.
The github repository can be found at:
https://github.com/christianmagill/silex-redbean-security
The applicable files are
To create the test user in the database:
/setup.php
To run the test:
/index.php
My implementation of UserInterface:
/src/App/Model/UserSecurityWrapper.php
My implementation of UserProviderInterface:
/src/App/Model/UserProvider.php
My modified test:
/src/App/Test/RememberMeRedBeanServiceProviderTest.php
The original test:
/vendor/silex/silex/tests/Silex/Tests/Provider/RememberMeServiceProviderTest.php
Using the remember me cookie is not always appropriate (e.g. you should not use it on a shared PC). This is why by default, Symfony requires your users to opt-in to the remember me system via a request parameter. This request parameter is often set via a checkbox in the login form. This checkbox must have a name of _remember_me:
In addition to our LoginFormAuthenticator, there is now a secondauthenticator that looks for authentication information on a REMEMBERMEcookie. Though, we canmake all of this a bit fancier. Next, let's see how we could add a remember me cookie for allusers when they log in, withoutneeding a checkbox.
The remember_meconfig alsoactivates an authenticator: a core authenticator called RememberMeAuthenticator. On every request, this looks for a "remember me" cookie - that we'll create in a second - and, if it's there, uses it to authenticate the user.
By default, a user must provide their username and password once every two weeks for each browser on which they access Appian. The user may opt out by clearing the Remember Me checkbox on the Appian login screen. System Administrators can modify the authentication validity period and disable the capability site-wide through configuration.
The problem was with my custom UserProvider's supportsClass method. I was not taking namespacing into account. It seems like this function is not called for basic authentication, but is needed for the remember me provider.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With