I am developing my first project in symfony 3. I implemented a custom user provider like described in the symfony documentation. Login is working perfect, but when i type in a user that does not exist i always get the error message "bad credentials". I would love to show the message that is declared in the usernamenotfound exeption, but its not working. If i add "hide_user_not_found: false" in my security.yml i get the message "username could not be found" but i want to show the message i have in my code (Username "%s" does not exist.). I would also like to implement CustomUserMessageAuthenticationException but thats the second part of the question. I hope somebody can help me! Here is the code... Thanks!!!
Code is exactly the same like here: http://symfony.com/doc/current/security/custom_provider.html
File: src/AppBundle/Security/User/WebserviceUser.php
namespace AppBundle\Security\User;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\EquatableInterface;
class WebserviceUser implements UserInterface, EquatableInterface
{
private $username;
private $password;
private $salt;
private $roles;
public function __construct($username, $password, $salt, array $roles)
{
$this->username = $username;
$this->password = $password;
$this->salt = $salt;
$this->roles = $roles;
}
public function getRoles()
{
return $this->roles;
}
public function getPassword()
{
return $this->password;
}
public function getSalt()
{
return $this->salt;
}
public function getUsername()
{
return $this->username;
}
public function eraseCredentials()
{
}
public function isEqualTo(UserInterface $user)
{
if (!$user instanceof WebserviceUser) {
return false;
}
if ($this->password !== $user->getPassword()) {
return false;
}
if ($this->salt !== $user->getSalt()) {
return false;
}
if ($this->username !== $user->getUsername()) {
return false;
}
return true;
}
}
File: src/AppBundle/Security/User/WebserviceUserProvider.php
namespace AppBundle\Security\User;
use AppBundle\Security\User\WebserviceUser;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
class WebserviceUserProvider implements UserProviderInterface
{
public function loadUserByUsername($username)
{
// make a call to your webservice here
$userData = ...
// pretend it returns an array on success, false if there is no user
if ($userData) {
$password = '...';
// ...
return new WebserviceUser($username, $password, $salt, $roles);
}
throw new UsernameNotFoundException(
sprintf('Username "%s" does not exist.', $username)
);
}
public function refreshUser(UserInterface $user)
{
if (!$user instanceof WebserviceUser) {
throw new UnsupportedUserException(
sprintf('Instances of "%s" are not supported.', get_class($user))
);
}
return $this->loadUserByUsername($user->getUsername());
}
public function supportsClass($class)
{
return WebserviceUser::class === $class;
}
}
File: src\AppBundle\Controller\SecurityController.php
namespace AppBundle\Controller;
use AppBundle\Controller\BaseController;
use Symfony\Component\HttpFoundation\Request;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use AppBundle\Security\User\WebserviceUser;
class SecurityController extends BaseController
{
/**
* @Route("/login", name="login")
*/
public function loginAction(Request $request)
{
$authenticationUtils = $this->get('security.authentication_utils');
// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('security/login.html.twig', array(
'last_username' => $lastUsername,
'error' => $error
));
}
}
File: app\Resources\views\security\login.html.twig
{% extends 'base.html.twig' %}
{% block body %}
<div class="wrapper fullscreen">
<div class="image_full">
</div>
<div class="small_content">
<a href="" class="logo_small"></a>
<form action="{{ path('login') }}" method="post">
{% if error %}
<p class="text-danger text-center">{{ error.messageKey|trans(error.messageData, 'security') }}</p>
{% endif %}
<div class="form-group">
<label for="exampleInputEmail1">Email-Adresse</label>
<input type="email" class="form-control" id="exampleInputEmail1" placeholder="Email" name="_username" value="{{ last_username }}">
</div>
<div class="form-group">
<label for="exampleInputPassword1">Passwort</label>
<input type="password" class="form-control" id="exampleInputPassword1" placeholder="Passwort" name="_password">
</div>
<div class="col-md-6 left">
<button type="submit" class="btn btn-default green btn_full">Anmelden</button>
<!--<a class="btn btn-default green btn_full" href="">Anmelden</a>-->
</div>
<div class="col-md-6 right">
<a class="btn btn-default green btn_full" href="{{ path('register') }}">Registrieren</a>
</div>
<!--<button type="submit" class="btn btn-default green btn_full">Einloggen</button>-->
</form>
</div>
</div>
{% endblock %}
File: app\config\security.yml
# To get started with security, check out the documentation:
# http://symfony.com/doc/current/book/security.html
security:
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
#in_memory:
#memory: ~
webservice:
id: app.webservice_user_provider
hide_user_not_found: false
#erase_credentials: true
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
#dev:
# pattern: ^/(_(profiler|wdt)|css|images|js)/
# security: false
main:
anonymous: ~
form_login:
login_path: login
check_path: login
logout:
path: /logout
target: /
# activate different ways to authenticate
# http_basic: ~
# http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate
# form_login: ~
# http://symfony.com/doc/current/cookbook/security/form_login_setup.html
encoders:
AppBundle\Security\User\WebserviceUser: plaintext
