I'm having a problem with FOSUserBundle since any time I login with bad credentials I get the complete stacktrace as error message:
Error! exception 'Symfony\Component\Security\Core\Exception\BadCredentialsException' with message 'Bad credentials' in /var/www/html/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php:90
And that is ugly for me so for users is very ugly. So I'm thinking in two solutions: change to AJAX login which I'm working on but it's not working or I'm doing something wrong (will explain below) and found a way to change that ugly message (I didn't get this one yet so any advice will be helpful).
Now regarding the first solution this is what I have done:
Implements a
AuthenticationHandler:<?php namespace UsuarioBundle\Handler; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Bundle\FrameworkBundle\Routing\Router; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface; use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; class AuthenticationHandler implements AuthenticationSuccessHandlerInterface, AuthenticationFailureHandlerInterface { private $router; public function __construct(Router $router) { $this->router = $router; } public function onAuthenticationSuccess(Request $request, TokenInterface $token) { if ($request->isXmlHttpRequest()) { // do I need something here? } else { // If the user tried to access a protected resource and was forces to login // redirect him back to that resource if ($targetPath = $request->getSession()->get('_security.target_path')) { $url = $targetPath; } else { // Otherwise, redirect him to wherever you want $url = $this->router->generate('user_view', array('nickname' => $token->getUser()->getNickname())); } return new RedirectResponse($url); } } public function onAuthenticationFailure(Request $request, AuthenticationException $exception) { if ($request->isXmlHttpRequest()) { // Handle XHR here } else { // Create a flash message with the authentication error message $request->getSession()->setFlash('error', $exception->getMessage()); $url = $this->router->generate('user_login'); return new RedirectResponse($url); } } }Define a service and register the handler:
parameters: vendor_security.authentication_handler: UsuarioBundle\Handler\AuthenticationHandler services: authentication_handler: class: %vendor_security.authentication_handler% arguments: [@router] tags: - { name: 'monolog.logger', channel: 'security' }Change the references in
security.yml:firewalls: main: pattern: ^/ form_login: provider: fos_userbundle csrf_provider: form.csrf_provider login_path: /login check_path: /login_check success_handler: authentication_handler failure_handler: authentication_handler
logout: path: fos_user_security_logout target: / invalidate_session: false anonymous: ~
But I get this error when I try to login with invalid credentials:
Attempted to call method "setFlash" on class "Symfony\Component\HttpFoundation\Session\Session" in /var/www/html/src/UsuarioBundle/Handler/AuthenticationHandler.php line 52.
Why? I check for getSession() method and it's part of HttpFoundation which I include in use statements, so what I'm doing wrong here?
Note: I take the code mostly from this topic so for that I'm still having some doubts around it.
