Login/Register
Symfony2: "Remember me" tries to authenticate by username instad of email
Asked Answered
Solved phpsymfonyremember-me
T

3

1

I have an application with user authenticaton against database. The property I use is email:

    providers:
        administrators:
            entity: 
              class: CorabMainBundle:User
              property: email

Authentication works great! But I have huge problems getting the remember me functionality to work. After several hours I think I found the problem but I don't know how to solve it...

Symfony2 seems to try to authenticate with the username instead of email in case of remember me.

dev.log says the following:

[2013-10-21 23:49:19] security.DEBUG: Remember-me cookie detected. [] []
[2013-10-21 23:49:19] doctrine.DEBUG: SELECT t0.id AS id1, t0.username AS username2, t0.salt AS salt3, t0.password AS password4, t0.email AS email5, t0.is_active AS is_active6, t0.organisation AS organisation7 FROM User t0 WHERE t0.email = ? LIMIT 1 ["roger"] []
[2013-10-21 23:49:19] security.INFO: User for remember-me cookie not found. [] []
[2013-10-21 23:49:19] security.DEBUG: Clearing remember-me cookie "REMEMBERME" [] []

Line 2 is not ok beacuse it should not be roger but an email address. That's why the cookie gets deleted.

How to tell symfony2 to use email as property for remember me authentication?

Thank you for your help!

Tisiphone answered 21/10, 2013 at 22:0 Comment(0)
I
6

You can extend the default remember me service class and override the onLoginSuccess method so it uses the email instead of the username.

  • Service to be extended: security.authentication.rememberme.services.simplehash.class
  • Class: Symfony\Component\Security\Http\RememberMe\TokenBasedRememberMeServices
  • Method: onLoginSuccess
Isma answered 12/12, 2013 at 17:45 Comment(1)
I’ve been trying to do this in Symfony 4 but I’m getting a You have requested a non-existent service "security.authentication.rememberme.services.simplehash.class” . why is that? ThxClausewitz
L
3

Or you can return the e-mail on the getUsername() function and change the name of your real username field like "nickname".. 

public function getUsername()
{
    return $this->email;
}

When you implement the UserInterface, the comment on UserInterface.php say

/**
 * Returns the username used to authenticate the user.
 *
 * @return string The username
 */
public function getUsername();

Yes it is "bad" but less verbose. The real problem is this damn function name. Symfony2 should change it..

Linoleum answered 29/5, 2014 at 22:54 Comment(0)
H
1

In my case I have just modify the "rememberme" cookie and replace the username by the email like this:

if(userJustLogin) {
    // decode cookie
    $request = $this->getRequest();
    $cookies = $request->cookies->all();
    $cookieParts = explode(':', base64_decode($cookies["REMEMBERME"]));

    // replace username by email and update hash
    list($class, $username, $expires, $hash) = $cookieParts;
    $cookieParts[1] = base64_encode($user->getMail());
    $cookieParts[3] = hash_hmac('sha256', $class.$user->getMail().$expires.$user->getPassword(), 'YourSecretTokenFromParameters.yml');

    // reencode cookie
    $cookies["REMEMBERME"] = base64_encode(implode(':', $cookieParts));
    $cookie = new Cookie('REMEMBERME', $cookies["REMEMBERME"], $expires);

    // send new cookie
    $response = new Response();
    $response->headers->setCookie($cookie);
    $response->send();
}
Humour answered 17/11, 2016 at 19:1 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.