Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-27996

"Remember me" doesn't retrieve the current user from Repository

    XMLWordPrintable

    Details

      Description

      When retrieving the current user from the Repository for a request done by a user that has used the "Remember me" functionality (meaning that he has the REMEMBERME cookie) but is returning to the site (meaning that he hasn't the eZSESSID cookie yet because the old one has expired) the returned user will be Anonymous instead of the correct one.
      After the new eZSESSID cookie has been created, in the next request, retrieving the current user from the Repository will yield the correct user.

      Steps to reproduce (for eZ Publish):

      1. Configure the "Remember me" functionality.
        • In ezpublish/config/security.yml file, add the following:
          security:
              firewalls:
                  ezpublish_front:
                      # (...)
                      remember_me:
                          key: '%secret%'
          
        • In ezpublish/config/ezpublish.yml file, add the following:
          ezpublish:
              system:
                  ezdemo_site_clean_group:
                      # (...)
                      user:
                          login_template: "AppBundle:Security:login.html.twig"
          
        • Create an empty AppBundle and register it in ezpublish/EzPublishKernel.php.
        • Create the file src/AppBundle/Resources/views/Security/login.html.twig with following content:
          {% extends "EzPublishCoreBundle:Security:login.html.twig" %}
          
          {% block login_fields %}
              {{ parent() }}
              <input type="checkbox" id="remember_me" name="_remember_me" checked />
              <label for="remember_me">Keep me logged in</label>
          {% endblock %}
          
      2. Add the code to test retrieving the current user from the Repository.
        • Create the file src/AppBundle/Controller/TestController.php with following content:
          <?php
          
          namespace AppBundle\Controller;
          
          use eZ\Bundle\EzPublishCoreBundle\Controller;
          use Symfony\Component\Routing\Annotation\Route;
          
          class TestController extends Controller
          {
              /**
               * @Route("/test", name = "test")
               */
              public function testAction()
              {
                  $repository = $this->getRepository();
                  $currentUser = $repository->getCurrentUser();
          
                  var_dump($currentUser->login);
                  exit();
              }
          }
          
        • In ezpublish/config/routing.yml file, add the following:
          custom_test:
              resource: "@AppBundle/Controller/TestController.php"
              type:     annotation
          
      3. Go to http://your-page.dev/login. Login as an admin. Make sure the "Rember me" button is checked.
      4. Confirm that you have the REMEMBERME cookie.
      5. Go to http://your-page.dev/test. Notice that the current user returned is "admin".
      6. Delete the eZSESSID cookie and refresh the page. Notice that the current user returned is "anonymous".

      Steps to reproduce (for eZ Platform):

      1. Configure the "Remember me" functionality.
        • In app/config/security.yml file, add the following:
          security:
              firewalls:
                  ezpublish_front:
                      # (...)
                      remember_me:
                          key: '%secret%'
          
        • In app/config/ezplatform.yml file, add the following:
          ezpublish:
              system:
                  site_group:
                      # (...)
                      user:
                          login_template: "AppBundle:Security:login.html.twig"
          
        • Create the file src/AppBundle/Resources/views/Security/login.html.twig with following content:
          {% extends "EzPublishCoreBundle:Security:login.html.twig" %}
          
          {% block login_fields %}
              {{ parent() }}
              <input type="checkbox" id="remember_me" name="_remember_me" checked />
              <label for="remember_me">Keep me logged in</label>
          {% endblock %}
          
      2. Add the code to test retrieving the current user from the Repository.
        • Create the file src/AppBundle/Controller/TestController.php with following content:
          <?php
          
          namespace AppBundle\Controller;
          
          use eZ\Bundle\EzPublishCoreBundle\Controller;
          use Symfony\Component\Routing\Annotation\Route;
          
          class TestController extends Controller
          {
              /**
               * @Route("/test", name = "test")
               */
              public function testAction()
              {
                  $repository = $this->getRepository();
                  $permissionResolver = $repository->getPermissionResolver();
                  $userService = $repository->getUserService();
                  $currentUserReference = $permissionResolver->getCurrentUserReference();
                  $currentUser = $userService->loadUser($currentUserReference->getUserId());
          
                  dump($currentUser->login);
                  exit();
              }
          }
          
        • In app/config/routing.yml file, add the following:
          custom_test:
              resource: "@AppBundle/Controller/TestController.php"
              type:     annotation
          
      3. Go to http://your-page.dev/login. Login as an admin. Make sure the "Rember me" button is checked.
      4. Confirm that you have the REMEMBERME cookie.
      5. Go to http://your-page.dev/test. Notice that the current user returned is "admin".
      6. Delete the eZSESSID... cookie and refresh the page. Notice that the current user returned is "anonymous".

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              jacek.foremski-obsolete@ez.no Jacek Foremski (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 4 days, 6 hours, 15 minutes
                4d 6h 15m