Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-27996

"Remember me" doesn't retrieve the current user from Repository

    Details

      Description

      When retrieving the current user from the Repository for a request done by a user that has used the "Remember me" functionality (meaning that he has the REMEMBERME cookie) but is returning to the site (meaning that he hasn't the eZSESSID cookie yet because the old one has expired) the returned user will be Anonymous instead of the correct one.
      After the new eZSESSID cookie has been created, in the next request, retrieving the current user from the Repository will yield the correct user.

      Steps to reproduce (for eZ Publish):

      1. Configure the "Remember me" functionality.
        • In ezpublish/config/security.yml file, add the following:

          security:
              firewalls:
                  ezpublish_front:
                      # (...)
                      remember_me:
                          key: '%secret%'
          

        • In ezpublish/config/ezpublish.yml file, add the following:

          ezpublish:
              system:
                  ezdemo_site_clean_group:
                      # (...)
                      user:
                          login_template: "AppBundle:Security:login.html.twig"
          

        • Create an empty AppBundle and register it in ezpublish/EzPublishKernel.php.
        • Create the file src/AppBundle/Resources/views/Security/login.html.twig with following content:

          {% extends "EzPublishCoreBundle:Security:login.html.twig" %}
           
          {% block login_fields %}
              {{ parent() }}
              <input type="checkbox" id="remember_me" name="_remember_me" checked />
              <label for="remember_me">Keep me logged in</label>
          {% endblock %}
          

      2. Add the code to test retrieving the current user from the Repository.
        • Create the file src/AppBundle/Controller/TestController.php with following content:

          <?php
           
          namespace AppBundle\Controller;
           
          use eZ\Bundle\EzPublishCoreBundle\Controller;
          use Symfony\Component\Routing\Annotation\Route;
           
          class TestController extends Controller
          {
              /**
               * @Route("/test", name = "test")
               */
              public function testAction()
              {
                  $repository = $this->getRepository();
                  $currentUser = $repository->getCurrentUser();
           
                  var_dump($currentUser->login);
                  exit();
              }
          }
          

        • In ezpublish/config/routing.yml file, add the following:

          custom_test:
              resource: "@AppBundle/Controller/TestController.php"
              type:     annotation
          

      3. Go to http://your-page.dev/login. Login as an admin. Make sure the "Rember me" button is checked.
      4. Confirm that you have the REMEMBERME cookie.
      5. Go to http://your-page.dev/test. Notice that the current user returned is "admin".
      6. Delete the eZSESSID cookie and refresh the page. Notice that the current user returned is "anonymous".

      Steps to reproduce (for eZ Platform):

      1. Configure the "Remember me" functionality.
        • In app/config/security.yml file, add the following:

          security:
              firewalls:
                  ezpublish_front:
                      # (...)
                      remember_me:
                          key: '%secret%'
          

        • In app/config/ezplatform.yml file, add the following:

          ezpublish:
              system:
                  site_group:
                      # (...)
                      user:
                          login_template: "AppBundle:Security:login.html.twig"
          

        • Create the file src/AppBundle/Resources/views/Security/login.html.twig with following content:

          {% extends "EzPublishCoreBundle:Security:login.html.twig" %}
           
          {% block login_fields %}
              {{ parent() }}
              <input type="checkbox" id="remember_me" name="_remember_me" checked />
              <label for="remember_me">Keep me logged in</label>
          {% endblock %}
          

      2. Add the code to test retrieving the current user from the Repository.
        • Create the file src/AppBundle/Controller/TestController.php with following content:

          <?php
           
          namespace AppBundle\Controller;
           
          use eZ\Bundle\EzPublishCoreBundle\Controller;
          use Symfony\Component\Routing\Annotation\Route;
           
          class TestController extends Controller
          {
              /**
               * @Route("/test", name = "test")
               */
              public function testAction()
              {
                  $repository = $this->getRepository();
                  $permissionResolver = $repository->getPermissionResolver();
                  $userService = $repository->getUserService();
                  $currentUserReference = $permissionResolver->getCurrentUserReference();
                  $currentUser = $userService->loadUser($currentUserReference->getUserId());
           
                  dump($currentUser->login);
                  exit();
              }
          }
          

        • In app/config/routing.yml file, add the following:

          custom_test:
              resource: "@AppBundle/Controller/TestController.php"
              type:     annotation
          

      3. Go to http://your-page.dev/login. Login as an admin. Make sure the "Rember me" button is checked.
      4. Confirm that you have the REMEMBERME cookie.
      5. Go to http://your-page.dev/test. Notice that the current user returned is "admin".
      6. Delete the eZSESSID... cookie and refresh the page. Notice that the current user returned is "anonymous".

        Activity

        Show
        Gunnstein Lye added a comment - - edited PR: https://github.com/ezsystems/ezpublish-kernel/pull/2106
        Hide
        Gunnstein Lye added a comment -

        QA, please test the PR.

        Show
        Gunnstein Lye added a comment - QA, please test the PR.
        Show
        Gunnstein Lye added a comment - Merged in v6.12.1-rc1, v6.7.7-beta1 https://github.com/ezsystems/ezpublish-kernel/commit/730fb7af0238bb46b4ca30687e5aa5a08fffaed5
        Hide
        Michał Szołtysek added a comment -

        Retest OK with v6.12.1-rc1.

        Show
        Michał Szołtysek added a comment - Retest OK with v6.12.1-rc1.
        Hide
        Michał Szołtysek added a comment -

        Retest OK on eZ Publish v5.4.10 with both patches.

        Show
        Michał Szołtysek added a comment - Retest OK on eZ Publish v5.4.10 with both patches.
        Hide
        Michał Szołtysek added a comment -

        QA Approved with eZ Publish v5.4.10 with patches 88a53a & 28d49c, with eZ Platform EE v1.7.6 with patch 730fb7a, with eZ Platform EE v1.12.1-rc1.

        Show
        Michał Szołtysek added a comment - QA Approved with eZ Publish v5.4.10 with patches 88a53a & 28d49c, with eZ Platform EE v1.7.6 with patch 730fb7a, with eZ Platform EE v1.12.1-rc1.

          People

          • Assignee:
            Unassigned
            Reporter:
            Jacek Foremski (Inactive)
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - Not Specified
              Not Specified
              Remaining:
              Remaining Estimate - 0 minutes
              0m
              Logged:
              Time Spent - 4 days, 6 hours, 15 minutes
              4d 6h 15m