DEVHIDE
Login Or Sign up

Symfony 3 - custom user provider - login always showing "bad credentials" instead of "username not found"

1k Views Asked by At

I am developing my first project in symfony 3. I implemented a custom user provider like described in the symfony documentation. Login is working perfect, but when i type in a user that does not exist i always get the error message "bad credentials". I would love to show the message that is declared in the usernamenotfound exeption, but its not working. If i add "hide_user_not_found: false" in my security.yml i get the message "username could not be found" but i want to show the message i have in my code (Username "%s" does not exist.). I would also like to implement CustomUserMessageAuthenticationException but thats the second part of the question. I hope somebody can help me! Here is the code... Thanks!!!

Code is exactly the same like here: http://symfony.com/doc/current/security/custom_provider.html

File: src/AppBundle/Security/User/WebserviceUser.php

namespace AppBundle\Security\User;

use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\EquatableInterface;

class WebserviceUser implements UserInterface, EquatableInterface
{
    private $username;
    private $password;
    private $salt;
    private $roles;

    public function __construct($username, $password, $salt, array $roles)
    {
        $this->username = $username;
        $this->password = $password;
        $this->salt = $salt;
        $this->roles = $roles;
    }

    public function getRoles()
    {
        return $this->roles;
    }

    public function getPassword()
    {
        return $this->password;
    }

    public function getSalt()
    {
        return $this->salt;
    }

    public function getUsername()
    {
        return $this->username;
    }

    public function eraseCredentials()
    {
    }

    public function isEqualTo(UserInterface $user)
    {
        if (!$user instanceof WebserviceUser) {
            return false;
        }

        if ($this->password !== $user->getPassword()) {
            return false;
        }

        if ($this->salt !== $user->getSalt()) {
            return false;
        }

        if ($this->username !== $user->getUsername()) {
            return false;
        }

        return true;
    }
}

File: src/AppBundle/Security/User/WebserviceUserProvider.php

namespace AppBundle\Security\User;

use AppBundle\Security\User\WebserviceUser;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;

class WebserviceUserProvider implements UserProviderInterface
{
    public function loadUserByUsername($username)
    {
        // make a call to your webservice here
        $userData = ...
        // pretend it returns an array on success, false if there is no user

        if ($userData) {
            $password = '...';

            // ...

            return new WebserviceUser($username, $password, $salt, $roles);
        }

        throw new UsernameNotFoundException(
            sprintf('Username "%s" does not exist.', $username)
        );
    }

    public function refreshUser(UserInterface $user)
    {
        if (!$user instanceof WebserviceUser) {
            throw new UnsupportedUserException(
                sprintf('Instances of "%s" are not supported.', get_class($user))
            );
        }

        return $this->loadUserByUsername($user->getUsername());
    }

    public function supportsClass($class)
    {
        return WebserviceUser::class === $class;
    }
}

File: src\AppBundle\Controller\SecurityController.php

namespace AppBundle\Controller;



use AppBundle\Controller\BaseController;
use Symfony\Component\HttpFoundation\Request;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use AppBundle\Security\User\WebserviceUser;


class SecurityController extends BaseController
{
    /**
     * @Route("/login", name="login")
     */

        public function loginAction(Request $request)
    {

        $authenticationUtils = $this->get('security.authentication_utils');



        // get the login error if there is one
        $error = $authenticationUtils->getLastAuthenticationError();

        // last username entered by the user
        $lastUsername = $authenticationUtils->getLastUsername();

        return $this->render('security/login.html.twig', array(
            'last_username' => $lastUsername,
            'error'         => $error
        ));
    }


}

File: app\Resources\views\security\login.html.twig

{% extends 'base.html.twig' %}

{% block body %}



    <div class="wrapper fullscreen">

        <div class="image_full">

        </div>
        <div class="small_content">
            <a href="" class="logo_small"></a>






            <form action="{{ path('login') }}" method="post">

                {% if error %}
                    <p class="text-danger text-center">{{ error.messageKey|trans(error.messageData, 'security') }}</p>
                {% endif %}

                <div class="form-group">
                    <label for="exampleInputEmail1">Email-Adresse</label>
                    <input type="email" class="form-control" id="exampleInputEmail1" placeholder="Email" name="_username" value="{{ last_username }}">
                </div>
                <div class="form-group">
                    <label for="exampleInputPassword1">Passwort</label>
                    <input type="password" class="form-control" id="exampleInputPassword1" placeholder="Passwort" name="_password">
                </div>

                <div class="col-md-6 left">
                    <button type="submit" class="btn btn-default green btn_full">Anmelden</button>
                    <!--<a class="btn btn-default green btn_full" href="">Anmelden</a>-->
                </div>
                <div class="col-md-6 right">
                    <a class="btn btn-default green btn_full" href="{{ path('register') }}">Registrieren</a>
                </div>
                <!--<button type="submit" class="btn btn-default green btn_full">Einloggen</button>-->

            </form>
        </div>
    </div>



{% endblock %}

File: app\config\security.yml

# To get started with security, check out the documentation:
# http://symfony.com/doc/current/book/security.html
security:

    # http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
    providers:
        #in_memory:
            #memory: ~
        webservice:
                    id: app.webservice_user_provider

    hide_user_not_found:  false
    #erase_credentials:    true
    firewalls:
        # disables authentication for assets and the profiler, adapt it according to your needs
        #dev:
           # pattern: ^/(_(profiler|wdt)|css|images|js)/
           # security: false

        main:
            anonymous: ~
            form_login:
                login_path: login
                check_path: login
            logout:
                path:   /logout
                target: /
            # activate different ways to authenticate

            # http_basic: ~
            # http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate

            # form_login: ~
            # http://symfony.com/doc/current/cookbook/security/form_login_setup.html

    encoders:
            AppBundle\Security\User\WebserviceUser: plaintext
authentication symfony credentials
Original Q&A
1

There are 1 best solutions below

1
On

I'm aware of two ways of changing that Bad credentials. error message:

1)

# AppBundle/Resources/translations/messages.en.yml:
# or you can put this in app/Resources/translations/message.en.yml - has the same effect
"Bad credentials.": "Your custom error message here."

# app/Resources/Security/login.html.twig
...
{% if error %}
    <div class="error">{{ error.message|trans }}</div>
{% endif %}

# app/config/config.yml, where %locale%, in this case, is set to "en"
framework:
    translator: { fallback: "%locale%" }

2)

# login.html.twig
{% if error %}
    <div>
    {{ error.message|replace({"Bad credentials.":"Your custom error message here."}) }}
    </div>
{% endif %}

You can try one of these two and see which one fits your needs.

Related Questions in AUTHENTICATION

Related Questions in SYMFONY

Related Questions in CREDENTIALS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.