问题描述
我有存储 api_key
的 Token 实体,并且与 User 实体有一对一的关系:
I have Token entity that store api_key
and have one-to-one relation to User entity :
AppBundle\Entity\Token:
type: entity
table: null
oneToOne:
user:
targetEntity: User
id:
id:
type: integer
id: true
generator:
strategy: AUTO
fields:
apiKey:
type: string
length: 255
dateCreated:
type: datetime
column: date_created
dateExpired:
type: datetime
column: date_expired
我使用 simple_preauth
监听器进行登录.登录成功后,在登录页面调用TokenGenerator服务:
I'm using simple_preauth
listener for login. When login is successful, I call TokenGenerator service on my login page:
public function loginAction()
{
$user = $this->get('security.token_storage')->getToken()->getUser();
if ($user instanceof User) {
$apiKey = $this->get('app_bundle.token_generator')->createApiKey()->getApiKey();
return new Response($apiKey);
}
throw new AuthenticationException('Authentication failed');
}
TokenGenerator 返回 api 密钥,我可以使用它在其他页面上进行身份验证.而且这个服务将 api_key
保存到 Token 表中:
TokenGenerator returns api key, that I can use for authentication on another pages. But also this service save api_key
into Token table:
use Doctrine\ORM\EntityRepository as TokenRepository;
use Doctrine\ORM\EntityManager;
use AppBundle\Entity\Token;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
class TokenGenerator
{
private $user;
public function __construct(
EntityManager $em,
TokenRepository $tokenRepository,
TokenStorageInterface $tokenStorage
) {
$this->em = $em;
$this->tokenRepository = $tokenRepository;
$this->tokenStorage = $tokenStorage;
}
public function getApiKey()
{
return $this->apiKey;
}
public function createApiKey()
{
$this->apiKey = password_hash(
uniqid(mt_rand(), true), PASSWORD_DEFAULT, array('cost' => '10')
);
$this->user = $this->tokenStorage->getToken()->getUser();
$currentApiKey = $this->tokenRepository->findOneBy(array('user' => $this->user));
if ($currentApiKey) {
$this->em->remove($currentApiKey);
$this->em->flush();
}
$this->saveApiKey();
return $this;
}
private function saveApiKey()
{
$token = new Token();
$dateCreated = new \DateTime("now");
$dateExpired = new \DateTime($dateCreated->format("Y/m/d H:i:s") . "+1 day");
$token->setApiKey($this->apiKey);
$token->setDateCreated($dateCreated);
$token->setDateExpired($dateExpired);
$token->setUser($this->user);
$this->em->persist($token);
$this->em->flush();
}
}
但是当我调用 $this->saveApiKey()
时,我有一个奇怪的错误:我在数据库中的 User password
变空了.
But when I call $this->saveApiKey()
I have strange bug: my User password
in database become empty.
当我调试这个问题时,我注意到 salt
在 password
消失后没有重新创建.
When I debugged this issue, I notice, that salt
not recreated after password
disappearing.
我也尝试删除一对一的关系,(当然是更新数据库和清除缓存),但即使是Token表也与用户没有关系,将 Token 保存到 db 后,我将 password
更改为空.
I also tried to remove one-to-one relation, (update db and clear cache, of course), but even Token table has no relation to User, I got changing password
to empty after saving Token to db.
当 $this->saveApiKey()
没有调用时,一切正常.
When $this->saveApiKey()
not call, all is OK.
请帮我抓住这个奇怪的错误.非常感谢您的帮助!
Please, help me to catch this weird bug. Thanks a lot for any help!
推荐答案
SOLVED.我的 eraseCredentials()
不正确,所以我的密码变成了 null
.
SOLVED. I had incorrect eraseCredentials()
, so my password became null
.
另见我的另一个问题,从中我开始更改我的身份验证系统.
See also my another question, from which I have started to change my authentication system.
这篇关于调用服务后Symfony2用户密码变空的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!