Spike: users without a role can't log in

Description

Steps to reproduce

When a user is added without any groups (or groups without roles) it can't login:

  • Log in as admin

  • Create a new user, leave all groups unchecked

  • Log out

  • Try to login as the new user
    --> login does not work

Cause

  • In a new role is added to the token. This role is now required to log into Integrated

  • When the users doesn't have roles the eventlistener isn't fired

  • https://symfony.com/doc/current/security.html#roles "Make sure every user has at least one role, or your user will look like they're not authenticated. A common convention is to give every user ROLE_USER"

Solution

  • The best solution would be to add a ROLE_USER when the "Enable login" is enabled

  • Another option is to force ROLE_USER in the database for every user, but I don't like that solution

Technical tasks

-

Deployment actions

None

Activity

Show:
Marijn Otte
June 29, 2018, 7:39 AM

When too big for refinement please rename it to a spike

API
July 5, 2018, 11:15 AM

.Schatting van 7 - 9 uur is geaccepteerd door Integrated Marijn (in opdracht ingevoerd door ).

Jeroen van Leeuwen
July 11, 2018, 9:05 AM

I will do a composer udpate in my issue. This issue will also be updated / deployed.

Ger Jan van den Bosch
July 11, 2018, 11:04 AM

Thx!

Assignee

Unassigned

External issue ID

None

Client

Integrated Marijn

Min. hours

7

Dev hour estimate

None

Epic Link

Sprint

None

Fix versions

Configure