TL;DR question: How to make an user online right after registration and mark his credentials expired so he has to provide password on a next login?
I’m creating a registration system with least hassle possible in my Symfony2 (2.7) website:
This is the key point of the whole idea: If the user is able to provide original password which he did not previously know and which has been sent to his email, we can be sure he has access to the specified email address.
So my trouble is that I want to make the user online right after registration AND I need to set his credentials expired so he either enters the temporary password during the first session or is forced to enter it when attempting to login for the second time.
The thing is that if I set credentials as expired before logging in, it of course fails. So I wanted to set credentials as expired right after I set the UsernamePasswordToken to security.token_storage, but it failed too. Any idea what do I do wrong?
I resulted into setting the credentials expired at the “thank you” page which works, but is not really a good solution.
AccountController with all the necessary actions: http://pastebin.com/GZspAzMr
I'm stuck in an infinite loop trying to get me to the login screen and the log gets populated with
[2015-09-11 09:28:14] security.INFO: An AuthenticationException was thrown; redirecting to authentication entry point. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\ProviderNotFoundException(code: 0): No Authentication Provider found for token of class \"Symfony\\Component\\Security\\Core\\Authentication\\Token\\UsernamePasswordToken\". at /var/www/project/app/cache/dev/classes.php:2679)"} []
My security settings allow unrestricted access to the Account controller: http://pastebin.com/7GAV4TGc