问题描述

我有存储 api_key 的 Token 实体，并且与 User 实体有一对一的关系:

I have Token entity that store api_key and have one-to-one relation to User entity :

AppBundle\Entity\Token:
    type: entity
    table: null

    oneToOne:
        user:
            targetEntity: User

    id:
        id:
            type: integer
            id: true
            generator:
                strategy: AUTO
    fields:
        apiKey:
            type: string
            length: 255
        dateCreated:
            type: datetime
            column: date_created
        dateExpired:
            type: datetime
            column: date_expired

我使用 simple_preauth 监听器进行登录.登录成功后，在登录页面调用TokenGenerator服务:

I'm using simple_preauth listener for login. When login is successful, I call TokenGenerator service on my login page:

public function loginAction()
    {
        $user = $this->get('security.token_storage')->getToken()->getUser();

        if ($user instanceof User) {
            $apiKey = $this->get('app_bundle.token_generator')->createApiKey()->getApiKey();
            return new Response($apiKey);
        }

        throw new AuthenticationException('Authentication failed');

    }

TokenGenerator 返回 api 密钥，我可以使用它在其他页面上进行身份验证.而且这个服务将 api_key 保存到 Token 表中:

TokenGenerator returns api key, that I can use for authentication on another pages. But also this service save api_key into Token table:

use Doctrine\ORM\EntityRepository as TokenRepository;
use Doctrine\ORM\EntityManager;
use AppBundle\Entity\Token;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;

class TokenGenerator
{
    private $user;

    public function __construct(
        EntityManager $em,
        TokenRepository $tokenRepository,
        TokenStorageInterface $tokenStorage
    ) {
        $this->em = $em;
        $this->tokenRepository = $tokenRepository;
        $this->tokenStorage = $tokenStorage;
    }

    public function getApiKey()
    {
        return $this->apiKey;
    }

    public function createApiKey()
    {
        $this->apiKey = password_hash(
            uniqid(mt_rand(), true), PASSWORD_DEFAULT, array('cost' => '10')
        );

        $this->user = $this->tokenStorage->getToken()->getUser();
        $currentApiKey = $this->tokenRepository->findOneBy(array('user' => $this->user));

        if ($currentApiKey) {
            $this->em->remove($currentApiKey);
            $this->em->flush();
        }

        $this->saveApiKey();

        return $this;
    }

    private function saveApiKey()
    {
        $token = new Token();
        $dateCreated = new \DateTime("now");
        $dateExpired = new \DateTime($dateCreated->format("Y/m/d H:i:s") . "+1 day");

        $token->setApiKey($this->apiKey);
        $token->setDateCreated($dateCreated);
        $token->setDateExpired($dateExpired);
        $token->setUser($this->user);

        $this->em->persist($token);
        $this->em->flush();

    }

}

但是当我调用 $this->saveApiKey() 时，我有一个奇怪的错误:我在数据库中的 User password 变空了.

But when I call $this->saveApiKey() I have strange bug: my User password in database become empty.

当我调试这个问题时，我注意到 salt 在 password 消失后没有重新创建.

When I debugged this issue, I notice, that salt not recreated after password disappearing.

我也尝试删除一对一的关系，(当然是更新数据库和清除缓存)，但即使是Token表也与用户没有关系，将 Token 保存到 db 后，我将 password 更改为空.

I also tried to remove one-to-one relation, (update db and clear cache, of course), but even Token table has no relation to User, I got changing password to empty after saving Token to db.

当 $this->saveApiKey() 没有调用时，一切正常.

When $this->saveApiKey() not call, all is OK.

请帮我抓住这个奇怪的错误.非常感谢您的帮助！

Please, help me to catch this weird bug. Thanks a lot for any help!

推荐答案

SOLVED.我的 eraseCredentials() 不正确，所以我的密码变成了 null.

SOLVED. I had incorrect eraseCredentials(), so my password became null.

另见我的另一个问题，从中我开始更改我的身份验证系统.

See also my another question, from which I have started to change my authentication system.

这篇关于调用服务后Symfony2用户密码变空的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！