Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Can't login manually with multiple roles #35509

Closed
@vellmur

Description

@vellmur

Yesterday my project moved from 4.3.4 to 4.4.3 and I got a problem.

I have a piece of code that allows to login as other user without sign out. So admin can login with ROLE_ADMIN first and then login as user and have roles: ROLE_ADMIN, ROLE_OWNER, ROLE_USER. In result admin will have permissions of admin and user. He can view admin and user pages at the same time.

Listing:

public function loginAsClient(TokenStorageInterface $tokenStorage, User $user)
{
    $user->setRoles(array_unique(array_merge($this->getUser()->getRoles(), $user->getRoles())));

    $token = new UsernamePasswordToken($user, null,  'main', $user->getRoles());
    $tokenStorage->setToken($token);

    $this->get('session')->set('_security_main', serialize($token));
    $this->get('session')->save();

    return $this->redirectToRoute('dashboard_index');
}

And everything worked until I did upgrade. Now nothing happens after this action. Just redirection without saving of new roles in a session.

Also, I notices that if do not merge roles, and give just user roles(without ROLE_ADMIN) authentication will work, but now admin will lost admin permissions and logout will be required.

Has something changed in the new security version or is this type of manual login is deprecated?

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions