How to update roles in security token in Symfony 4 without re-logging in

2
votes

I'm trying to update User's roles after the user confirms its phone number.

I make the update in the database:

$user->setRoles(["ROLE_USER"]);
$em->persist($user);

That works fine and updates the users's role in the database. (Before, users have "ROLE_UNACTIVATED" group).

However, it doesn't update the user's roles in the session (security token), so the user needs to logout and then log in one more time.

So, the question is how to update User's roles in security token?

1
phpsymfonysymfony4
create listener db pre update, catch that specific user and refresh token - Zeljka
The problem is that I can’t find the docs how to refresh the token. - Viktor
which symfony version ? - Zeljka
Symfony version I use is 4.3 - Viktor
check this symfony.com/doc/4.3/security/user_provider.html and read about refresh user... - Zeljka

1 Answers

0
votes

I'm not completely sure that it's a right way to do that, but what I did is manually re-authenticate the user 

public function activation(Request $request, GuardAuthenticatorHandler $guardHandler, LoginFormAuthenticator $formAuthenticator)
{
    ...
    //re-authenticate user to update roles in security token
    $guardHandler->authenticateUserAndHandleSuccess(
        $user,
        $request,
        $formAuthenticator,
        'main'
    );
}

and that automatically updates security token of a user without logging out.