Marcel Deglau Marcel Deglau - 6 months ago 41
PHP Question

Symfony don't save manual login

I have create a manual in-code login method. The function at the page works.

The profiler says I am correctly authenticated.

But Symfony does not save the session / the login correct. If I visit a page they is only for ROLE_USER, I get the

Full authentication is required to access this resource.
Message and the user in the previous login was not saved (Symfony use anonymous token).

Here my login action:

namespace ###HIDDEN###\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\EventDispatcher\EventDispatcher;
use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\User\User;

class AutoLoginController extends Controller
{
/**
* @Route("/auto-login")
*/
public function indexAction(Request $request)
{
if (!$this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {

$user = new User("Marcel", null, array('ROLE_USER'));

$token = new UsernamePasswordToken($user, null, "main", $user->getRoles());

$this->get("security.token_storage")->setToken($token);

$event = new InteractiveLoginEvent($request, $token);
$this->get("event_dispatcher")->dispatch("security.interactive_login", $event);

return new Response("<body>Logging in!</body>");
}

return new Response("<body>You already logged in!</body>");
}
}


I am using Symfony 2.8 LTS version.

Answer

Make sure your User class implements the UserInterface (documentation).

It must return the roles a user has, either statically or set from a persistent storage like a database.

Also remember to check the Web Profiler to see the authentication details, and the granted roles to the current authenticated user.