No form errors after login fail.

Question

No form errors after login fail.

Closed this issue 4 years ago · 8 comments

Hi,

Sorry but after updated with bugfix in #182 is not working for me.

I debugged and in LoginfFormType:75 there aren't errors in $error = $request->attributes->get(Security::AUTHENTICATION_ERROR); and neither in $error = $request->getSession()->get(Security::AUTHENTICATION_ERROR);

Thank you!

Answer 1 · 2020-12-29T11:14:17.000Z

Can you dig in a little bit and provide a bugfix?

#182 fixes the error (for me)

Answer 2 · 2020-12-30T10:10:23.000Z

hi @core23

The problem is that if I try to do the login with wrong password the form hasn't erros but on the other hand If I put the correct password the login is working correctly.

My bundle config:

nucleos_user:
    db_driver: mongodb
    firewall_name: main
    user_class: 'App\IS\User\Document\User'
    from_email: '%env(MAIL_SENDER)%'

My security.yaml config

    encoders:
        Nucleos\UserBundle\Model\UserInterface: auto

    role_hierarchy:
        ROLE_ADMIN:       [ROLE_STORE, ROLE_USER]
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        nucleos_userbundle:
            id: nucleos_user.user_provider.username_email

    firewalls:
        # disables authentication for assets and the profiler, adapt it according to your needs
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        main:
            pattern: ^/
            form_login:
                provider: nucleos_userbundle
                default_target_path: /
                check_path: /login_check
                login_path: /login
#                csrf_token_generator: security.csrf.token_manager
#                failure_handler: App\IS\User\AuthenticationHandler\AuthenticationHandler
                #always_use_default_target_path: true
            logout:
                target: /
            anonymous:    true

    access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/change-password, role: IS_AUTHENTICATED_REMEMBERED }
        - { path: ^/user, role: ROLE_USER }
        - { path: ^/checkout, role: ROLE_USER }
        - { path: ^/store, role: ROLE_STORE }
        - { path: ^/admin, role: ROLE_ADMIN }

Thank you

Answer 3 · 2021-01-06T02:27:44.000Z

I have the same error. I just upgraded from version 1.5.0 to 1.6.1 but I don't get any errors. When using the debug toolbar the form is saying there are no errors (even though I believe your code change suppose to populate it with a login error).

Answer 4 · 2021-01-07T14:58:49.000Z

Can you try to investigate and provide a PR with a bugfix @fkrauthan ?

Answer 5 · 2021-01-07T19:37:52.000Z

@core23 sure I can look into it. But is there a reason why you process the Security::AUTHENTICATION_ERROR in LoginFormType as well as LoginAction?

Answer 6 · 2021-01-07T21:28:23.000Z

Ok I found a list of things that are wrong:

It is recommended to use AuthenticationUtils to get the last error message and last username (with that it works)
You currently try to process error message in two places (not good practice)
It seems like in general the form is complaining about Invalid CSRF token
The setData call in the form seem to be wrong as well as you set the username field instead of the _username field

Answer 7 · 2021-01-09T00:33:08.000Z

Do you have already an idea when you might publish a new version? This (and the one ticket on ProfileBundle) are currently blocking my Symfony 4.4. upgrade of my Browsergame

Answer 8 · 2021-01-16T12:13:58.000Z

Sorry for the delay. I'll publish a new version this weekend