Question

I ve hit a dead end here. When I save any kind of entity in my controller, the password and salt of the user that is currently logged in is blanked out in the database.

这是我安全组合的一个相关部分:

security:
    encoders:
        ISELoginBundleEntityUser:
            algorithm: sha1
            iterations: 1
            encode_as_base64: false
    providers:
        main:
            entity:
                class: ISELoginBundleEntityUser
                property: username

这是我用户类别的变数方法。我怀疑,在某个时候,这种方法被称作,然后通过这些改动将用户物体留给数据库。但我对以下一点没有想法:

class User implements UserInterface {
    // ...
    public function eraseCredentials() {
        $this->password = null;
        $this->salt = null;
    }
    // ...
}

And this is an example of how I save an entity in one of my controllers, in this case it s the ProductController. Just a reminder: I am not manipulating the User object in my code in any way:

public function createAction() {
    // ...
    if ($form->isValid()) {
        $em = $this->get( doctrine )->getEntityManager();
        $em->persist($product);
        $em->flush();
        return $this->redirect($this->generateUrl( product_create , array( created  => true)));
    }
    // ...
}

我预计,该守则中的任何一项都不会删除数据库中的用户密码或盐类,但确实如此。谁能帮助我把我的守则编成文件?

Answer 1

Symfony has a difference between plaintext and hashed credetials. In "eraseCredentials" you are supposed to delete all the plaintext information, not the hashed credetials that are saved to the database.

友情链接