Hi,
I've been working on a Doctrine2 based authentication system for a while. I
have successfully created the security controller, related views and
configured config.yml as described in master docs. I can get to a login form
fine and when I click "submit", the login data is processed on the server as
expected. Symfony debug environment intercepts the redirect and by looking
at the profiler toolbar, the "anon" user has changed to a name retrieved
from the database as if everything went fine. Then I follow the redirection
back to homepage to look at the profiler now, and I'm anonymously
authenticated again. Just as if the authentication data wasn't stored in
sessions or anywhere at all. What might cause this?
Please note that the login_check page which processes login data throws the
following notice too. I have not found a way to fix this notice either, and
I'm not absolutely certain what causes this. It seems like some
serialization is done to stored the authentication but symfony fails at some
point. "Notice: serialize() [function.serialize]: "id" returned as member
variable from __sleep() but does not exist in
/sf2/Component/Security/Authentication/Token/Token.php on line 189." Looking
at symfony code it looks like it attempts to serialize the user object (a
Doctrine entity) which sounds good to me.
I have a base Account entity which implements AdvancedAccountInterface and
three specific account types (Artist, Company, School) that extend Account.
I have written an AccountRepository class that implements
UserProviderInterface which, for now, retrieves users using just a simple
->findOneBy() call. The users are found during login_check but for some
reason are not persisted onto the next page. Here is the related
app/config/config.yml:
security.config:
encoders:
Application\AccountBundle\Entity\Account: md5
Application\ArtistBundle\Entity\Artist: md5
Application\CompanyBundle\Entity\Company: md5
Application\SchoolBundle\Entity\School: md5
providers:
main:
entity: { class: Application\AccountBundle\Entity\Account }
firewalls:
login: { pattern: /login, security: true, anonymous: true }
login_check: { pattern: /login_check, security: true, anonymous: true,
form_login: true }
main:
pattern: .*
form_login: { check_path: /login_check }
anonymous: true
logout: { path: /logout, target: /login }
Looking back at the php notice, I have only defined the "id" field in the
parent Account entity and not in subclasses Artist, Company or School. I
believe I've done it right though. However, looking at a var_dump of the
user object that's being serialized, it seems like the id field is also the
first field that php encounters that originates from the inherited Account
entity. Could there be a problem with Doctrine inherited user objects or am
I just off the track here?
Thank you in advance,
Jaakko R
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
