How to check if a user is logged in Symfony2 inside a controller?

by

Warning: Checking for 'IS_AUTHENTICATED_FULLY' alone will return false if the user has logged in using “Remember me” functionality.

According to Symfony 2 documentation, there are 3 possibilities:

IS_AUTHENTICATED_ANONYMOUSLY – automatically assigned to a user who is
in a firewall protected part of the site but who has not actually
logged in. This is only possible if anonymous access has been allowed.

IS_AUTHENTICATED_REMEMBERED – automatically assigned to a user who was
authenticated via a remember me cookie.

IS_AUTHENTICATED_FULLY – automatically assigned to a user that has
provided their login details during the current session.

Those roles represent three levels of authentication:

If you have the IS_AUTHENTICATED_REMEMBERED role, then you also have
the IS_AUTHENTICATED_ANONYMOUSLY role. If you have the
IS_AUTHENTICATED_FULLY role, then you also have the other two roles.
In other words, these roles represent three levels of increasing
“strength” of authentication.

I ran into an issue where users of our system that had used “Remember Me” functionality were being treated as if they had not logged in at all on pages that only checked for 'IS_AUTHENTICATED_FULLY'.

The answer then is to require them to re-login if they are not authenticated fully, or to check for the remembered role:

$securityContext = $this->container->get('security.authorization_checker');
if ($securityContext->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
    // authenticated REMEMBERED, FULLY will imply REMEMBERED (NON anonymous)
}

Hopefully, this will save someone out there from making the same mistake I made. I used this very post as a reference when looking up how to check if someone was logged in or not on Symfony 2.

Source: http://symfony.com/doc/2.3/cookbook/security/remember_me.html#forcing-the-user-to-re-authenticate-before-accessing-certain-resources

More Related Contents:

  1. How to programmatically login/authenticate a user?
  2. How to check if an user is logged in Symfony2 inside a controller?
  3. Token was deauthenticated after trying to refresh it
  4. Adding Captcha to Symfony2 Login Page
  5. Should everything really be a bundle in Symfony 2.x?
  6. Count Rows in Doctrine QueryBuilder
  7. Using Relationships with Multiple Entity Managers
  8. Symfony2 extending DefaultAuthenticationSuccessHandler
  9. symfony2: how to use group_concat in QueryBuilder
  10. How can I run symfony 2 run command from controller
  11. Symfony2: how to log user out manually in controller?
  12. How to specify the scope of Google API to get the birthday
  13. There is no extension able to load the configuration for “facebookbundle” symfony2
  14. How can I deploy Symfony in a subdirectory?
  15. How does the login check_path route work without default controller/action?
  16. Symfony 2: Creating a service from a Repository
  17. How to get config parameters in Symfony2 Twig Templates
  18. The method name must start with either findBy or findOneBy. Undefined method Symfony?
  19. Symfony2 and Doctrine – Error: Invalid PathExpression. Must be a StateFieldPathExpression
  20. Doctrine – A new entity was found through the relationship
  21. Call PHP function from Twig template
  22. How to convert this to Doctrine 2 QueryBuilder format?
  23. Twig: render vs include
  24. How do I get the user IP address in Symfony2 controller?
  25. How to get list of all routes of a controller in Symfony2?
  26. How to configure naming strategy in Doctrine 2
  27. Symfony2 error 500 instead of 404 at production
  28. Get entityManager inside an Entity
  29. Primary key of owning side as a join column
  30. Symfony2 default locale in routing

Leave a Comment