php - Silex SecurityServiceProvider is storing AnonymousToken on HHVM when trying to authenticate -


i'm using silex framework on hhvm , running issues when trying implement securityserviceprovider login.

when trying perform login action (with correct username & password), i'm redirected login page instead of / page. because of following access rule:

$app['security.access_rules'] = array(     array('^/$', 'role_user') );

i've tried dumping $app['security.token_storage']->gettoken() , $app['security.token_storage']->gettoken()->getuser() @ top of login page:

object(symfony\component\security\core\authentication\token\anonymoustoken)#350 (5) {      ["key":"symfony\component\security\core\authentication\token\anonymoustoken":private]=> string(3) "all"      ["user":"symfony\component\security\core\authentication\token\abstracttoken":private]=> string(5) "anon."      ["roles":"symfony\component\security\core\authentication\token\abstracttoken":private]=> array(0) { }      ["authenticated":"symfony\component\security\core\authentication\token\abstracttoken":private]=> bool(true)      ["attributes":"symfony\component\security\core\authentication\token\abstracttoken":private]=> array(0) { } }

the username shows anon. isn't username (test).

through hacky debugging, can confirm that:

  1. a user object being created.
  2. the password being verified, , returning true.

relevant parts of application code (it's based on @mpm's silex mvc -- haven't confirmed yet if login code produces better results):

controller route:

  public function login(application $app)   {     $form = $app['form.factory']->createbuilder('form')                                 ->add('username', 'text',     array('label' => 'username'))                                 ->add('password', 'password', array('label' => 'password'))                                 ->getform();      return $app['twig']->render('user/login.tpl', array(       'title' => "login",       'form'  => $form->createview(),       'error' => $app['security.last_error']($app['request'])     ));   }

login template:

{% block content %}   <h1>login</h1>    {% if error %}     <div>       {{ error }}     </div>   {% endif %}    <form action="{{ path('user_login_check') }}" method="post" novalidate {{ form_enctype(form) }} class="form-vertical">     {{ form_widget(form) }}     <button type="submit">login</button>   </form> {% endblock %}

security-related service declarations:

$app->register(new securityserviceprovider(), array(   "security.firewalls" => array(     // other urls require authentication.     "all" => array(       "pattern" => '^/.*$',       "form"    => array(         "login_path"          => '/user/login',         "check_path"          => '/user/login_check',         "default_target_path" => '/',         "username_parameter"  => 'form[username]',         "password_parameter"  => 'form[password]'       ),       "anonymous" => true,       "logout"    => array(         "logout_path" => "/user/logout"       ),       "users" => $app->share(function () use ($app) {         return new userprovider($app['db']);       })     )   ) ));  $app['security.encoder.digest'] = $app->share(function ($app) {   return new passwordencoder($app['config']['security']['bcrypt_cost']); });  $app['security.role_hierarchy'] = array(   "role_admin"  => array(     "role_user",     "role_create_character",     "role_create_origin",     "role_create_commission",     "role_delete_character",     "role_delete_origin",     "role_delete_commission"   ),   "role_artist" => array(     "role_user",     "role_create_commission"   ),   "role_writer" => array(     "role_user",     "rule_create_origin"   ) );  $app['security.access_rules'] = array(   array('^/$', 'role_admin') );

my user class:

<?php  namespace coco\model;  use symfony\component\security\core\user\userinterface; use symfony\component\security\core\user\equatableinterface;  class user implements userinterface, equatableinterface {   private $username;   private $password;   private $roles;    public function __construct($username, $password, array $roles)   {     $this->username = $username;     $this->password = $password;     $this->roles    = $roles;   }    public function getusername()   {     return $this->username;   }    public function getpassword()   {     return $this->password;   }    public function getroles()   {     return $this->roles;   }    public function erasecredentials()   {    }    public function getsalt()   {     return null;   }    public function isequalto(userinterface $user)   {     if (false === $user instanceof user) {       return false;     } elseif ($this->password !== $user->getpassword()) {       return false;     } elseif ($this->username !== $user->getusername()) {       return false;     } else {       return true;     }   } }

my userprovider class:

<?php  namespace coco\provider;  use coco\exception\unsupporteduserexception; use coco\exception\usernamenotfoundexception; use coco\provider; use coco\model\user; use symfony\component\security\core\user\userproviderinterface; use symfony\component\security\core\user\userinterface;  class userprovider extends provider implements userproviderinterface {   public function loaduserbyusername($username)   {     $username = strtolower($username);      $query = "select `username`, `password`, `roles` `user` `status` = 'active' , `username` = ?";     $stmt  = $this->db->executequery($query, array($username));     $user  = $stmt->fetch();      if (false === $user) {       throw new usernamenotfoundexception(sprintf('user "%s" not found.', $username));     }      return new user(       $user['username'],       $user['password'],       explode(',', $user['roles'])     );   }    public function refreshuser(userinterface $user)   {     if (false === $user instanceof user) {       throw new unsupporteduserexception(sprintf('instance of "%s" not supported.', get_class($user)));     }      return $this->loaduserbyusername($user->getusername());   }    public function supportsclass($class)   {     return $class === 'coco\model\user';   } }

i have sessionserviceprovider , formserviceprovider running.

i have no idea how debug issue because of lack of familiarity framework. if point me in right direction, appreciated.

so, after searching found this github issue report, confirms hhvm/symfony sessions issue deviates standard behaviour in php5.

switching pdosessionhandler viable workaround me, not work cases although i'm marking answer 'right', may not work everyone.


-

Comments

Post a Comment

Popular posts from this blog

OpenCV OpenCL: Convert Mat to Bitmap in JNI Layer for Android -

there several posts converting mat bitmap using utils.mattobitmap() function. i'm assuming function can called in java layer after importing utils class. i want transfer data memory address pointed uint32_t* bmpcontent; in code below. jniexport void jnicall java_com_nod_nodcv_nodcvactivity_runfilter( jnienv *env, jclass clazz, jobject outbmp, jbytearray indata, jint width, jint height, jint choice, jint filter) { int outsz = width*height; int insz = outsz + outsz/2; androidbitmapinfo bmpinfo; if (androidbitmap_getinfo(env, outbmp, &bmpinfo) < 0) { throwjavaexception(env,"gaussianblur","error retrieving bitmap meta data"); return; } if (bmpinfo.format != android_bitmap_format_rgba_8888) { throwjavaexception(env,"gaussianblur","expecting rgba_8888 format"); return; } uint32_t* bmpcontent; if (androidbitmap_lockpixels(env, outbmp,(void**)&bmpcontent)...
Read more

android - org.xmlpull.v1.XmlPullParserException: expected: START_TAG {http://schemas.xmlsoap.org/soap/envelope/}Envelope -

i trying hit soap api in application login purpose , getting above mentioned error , can 1 tell me going wrong , first time soap apis. here code hit soap :- vector<object> args = new vector<object>(); hashtable<string, object> hashtable = new hashtable<string, object>(); hashtable.put("email", "mss.siddhart28@gmail.com"); hashtable.put("password", "siddharth"); args.add(hashtable); soapserializationenvelope envelope = new soapserializationenvelope( soapenvelope.ver11); envelope.dotnet = true; envelope.xsd = soapserializationenvelope.xsd; envelope.enc = soapserializationenvelope.enc; (new marshalhashtable()).register(envelope); httptransportse androidhttptransport = new httptransportse( "http://tempuri.org/", 15000); androidhttptransport.debug = true; string result = ""; try { soapobject request = new soapobject("http:...
Read more

python - How to remove the Xframe Options header in django? -

i have made page has iframe . inside iframe want show multiple different links article facebook, or news, or youtube video or other possible url. but, due xframe header, unable so. referred following link: https://docs.djangoproject.com/en/1.8/ref/clickjacking/ , django xframeoptionsmiddleware (x-frame-options) - allow iframe client ip but didn't help. my settings.py file's middleware_classes is: middleware_classes = ( 'django.contrib.sessions.middleware.sessionmiddleware', 'django.middleware.common.commonmiddleware', 'django.middleware.csrf.csrfviewmiddleware', 'django.contrib.auth.middleware.authenticationmiddleware', 'django.contrib.auth.middleware.sessionauthenticationmiddleware', 'django.contrib.messages.middleware.messagemiddleware', 'django.middleware.clickjacking.xframeoptionsmiddleware', ) from http://django-secure.readthedocs.org/en/latest/middleware.html , found using ...
Read more