You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 2, 2021. It is now read-only.
If you reach the point where UsernamePasswordToken is stored, the two-factor-bundle is no longer involved. Then this is more of a symfony security core issue.
I'd suggest you investigate the reason why the session key changes.
Bundle version: 5.11.0
Symfony version: 5.3.4
PHP version: 7.4.5
This is API project.
Description
Sequence of API calls:
Scheb\\TwoFactorBundle\\Security\\Authentication\\Token\\TwoFactorToken
is saved in redisSymfony\Component\Security\Core\Security
to get User)check_path
route)Symfony\\Component\\Security\\Core\\Authentication\\Token\\UsernamePasswordToken
is saved in redisSymfony\Component\Security\Core\Security
.Security->getUser()
returnsnull
In
\Symfony\Component\Security\Http\Firewall\ContextListener
line104
$token = $session->get($this->sessionKey);
$token
is nullI think the issue is in changing session key. And as a result, - token cannot be read from Redis.
As you can see, user ends up unauthenticated once 2fa is completed successfully.
Additional Context
The text was updated successfully, but these errors were encountered: