8000 don't output message from AuthenticationException · symfony/symfony-docs@b4d986b · GitHub
[go: up one dir, main page]

Skip to content

Commit b4d986b

Browse files
committed
don't output message from AuthenticationException
Displaying the message of an `AuthenticationException` might expose sensitive data to the user.
1 parent 0507225 commit b4d986b

File tree

1 file changed

+5
-6
lines changed

1 file changed

+5
-6
lines changed

cookbook/security/form_login_setup.rst

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ First, enable form login under your firewall:
2525
# app/config/security.yml
2626
security:
2727
# ...
28-
28+
2929
firewalls:
3030
default:
3131
anonymous: ~
@@ -98,7 +98,7 @@ under your ``form_login`` configuration (``/login`` and ``/login_check``):
9898
.. configuration-block::
9999

100100
.. code-block:: php-annotations
101-
101+
102102
// src/AppBundle/Controller/SecurityController.php
103103
// ...
104104
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
@@ -165,13 +165,14 @@ form::
165165

166166
// src/AppBundle/Controller/SecurityController.php
167167
// ...
168-
168+
169169
// ADD THIS use STATEMENT above your class
170170
use Symfony\Component\Security\Core\SecurityContextInterface;
171171

172172
public function loginAction(Request $request)
173173
{
174174
$session = $request->getSession();
175+
$error = null;
175176

176177
// get the login error if there is one
177178
if ($request->attributes->has(SecurityContextInterface::AUTHENTICATION_ERROR)) {
@@ -181,8 +182,6 @@ form::
181182
} elseif (null !== $session && $session->has(SecurityContextInterface::AUTHENTICATION_ERROR)) {
182183
$error = $session->get(SecurityContextInterface::AUTHENTICATION_ERROR);
183184
$session->remove(SecurityContextInterface::AUTHENTICATION_ERROR);
184-
} else {
185-
$error = '';
186185
}
187186

188187
// last username entered by the user
@@ -218,7 +217,7 @@ Finally, create the template:
218217
{# ... you will probably extends your base template, like base.html.twig #}
219218

220219
{% if error %}
221-
<div>{{ error.message }}</div>
220+
<div>{{ error.messageKey|trans(error.messageData) }}</div>
222221
{% endif %}
223222

224223
<form action="{{ path('login_check') }}" method="post">

0 commit comments

Comments
 (0)
0