Symfony2: "Remember me" tries to authenticate by username instad of email

StackOverflow https://stackoverflow.com/questions/19505555

  •  01-07-2022
  •  | 
  •  

Question

I have an application with user authenticaton against database. The property I use is email:

    providers:
        administrators:
            entity: 
              class: CorabMainBundle:User
              property: email

Authentication works great! But I have huge problems getting the remember me functionality to work. After several hours I think I found the problem but I don't know how to solve it...

Symfony2 seems to try to authenticate with the username instead of email in case of remember me.

dev.log says the following:

[2013-10-21 23:49:19] security.DEBUG: Remember-me cookie detected. [] []
[2013-10-21 23:49:19] doctrine.DEBUG: SELECT t0.id AS id1, t0.username AS username2, t0.salt AS salt3, t0.password AS password4, t0.email AS email5, t0.is_active AS is_active6, t0.organisation AS organisation7 FROM User t0 WHERE t0.email = ? LIMIT 1 ["roger"] []
[2013-10-21 23:49:19] security.INFO: User for remember-me cookie not found. [] []
[2013-10-21 23:49:19] security.DEBUG: Clearing remember-me cookie "REMEMBERME" [] []

Line 2 is not ok beacuse it should not be roger but an email address. That's why the cookie gets deleted.

How to tell symfony2 to use email as property for remember me authentication?

Thank you for your help!

Was it helpful?

Solution

You can extend the default remember me service class and override the onLoginSuccess method so it uses the email instead of the username.

  • Service to be extended: security.authentication.rememberme.services.simplehash.class
  • Class: Symfony\Component\Security\Http\RememberMe\TokenBasedRememberMeServices
  • Method: onLoginSuccess

OTHER TIPS

Or you can return the e-mail on the getUsername() function and change the name of your real username field like "nickname".. 

public function getUsername()
{
    return $this->email;
}

When you implement the UserInterface, the comment on UserInterface.php say

/**
 * Returns the username used to authenticate the user.
 *
 * @return string The username
 */
public function getUsername();

Yes it is "bad" but less verbose. The real problem is this damn function name. Symfony2 should change it..

In my case I have just modify the "rememberme" cookie and replace the username by the email like this:

if(userJustLogin) {
    // decode cookie
    $request = $this->getRequest();
    $cookies = $request->cookies->all();
    $cookieParts = explode(':', base64_decode($cookies["REMEMBERME"]));

    // replace username by email and update hash
    list($class, $username, $expires, $hash) = $cookieParts;
    $cookieParts[1] = base64_encode($user->getMail());
    $cookieParts[3] = hash_hmac('sha256', $class.$user->getMail().$expires.$user->getPassword(), 'YourSecretTokenFromParameters.yml');

    // reencode cookie
    $cookies["REMEMBERME"] = base64_encode(implode(':', $cookieParts));
    $cookie = new Cookie('REMEMBERME', $cookies["REMEMBERME"], $expires);

    // send new cookie
    $response = new Response();
    $response->headers->setCookie($cookie);
    $response->send();
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top