From 4843b340e191ea53039687eb19f3a63c934a516f Mon Sep 17 00:00:00 2001 From: Thomas Landauer Date: Sun, 21 Apr 2024 22:40:35 +0200 Subject: [PATCH] [Security] Custom Authenticator: Adding info about session Page: https://symfony.com/doc/5.x/security/custom_authenticator.html This line was really missing on this page: ```php $request->getSession()->set(SecurityRequestAttributes::AUTHENTICATION_ERROR, $exception); ``` I hope the code block formatting (inside this list) works. If not, the list could be changed to sub-headings. In preparation of this, I also moved the box about which class to extend upwards (to the other info about extending). --- security/custom_authenticator.rst | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/security/custom_authenticator.rst b/security/custom_authenticator.rst index e79d8a002a1..298a3865a75 100644 --- a/security/custom_authenticator.rst +++ b/security/custom_authenticator.rst @@ -9,6 +9,15 @@ cases, you must create and use your own authenticator. Authenticators should implement the :class:`Symfony\\Component\\Security\\Http\\Authenticator\\AuthenticatorInterface`. + +.. tip:: + + If your login method is interactive, which means that the user actively + logged into your application, you may want your authenticator to implement the + :class:`Symfony\\Component\\Security\\Http\\Authenticator\\InteractiveAuthenticatorInterface` + so that it dispatches an + :class:`Symfony\\Component\\Security\\Http\\Event\\InteractiveLoginEvent` + You can also extend :class:`Symfony\\Component\\Security\\Http\\Authenticator\\AbstractAuthenticator`, which has a default implementation for the ``createToken()`` @@ -176,7 +185,12 @@ can define what happens in these cases: If ``null`` is returned, the request continues like normal. This is useful for e.g. login forms, where the login controller is run again - with the login errors. + with the login errors. In order to access the login error in the controller + with ``$authenticationUtils->getLastAuthenticationError()``, you need to + store it in the session now:: + + use Symfony\Component\Security\Http\SecurityRequestAttributes; + $request->getSession()->set(SecurityRequestAttributes::AUTHENTICATION_ERROR, $exception); If you're using :ref:`login throttling `, you can check if ``$exception`` is an instance of @@ -190,13 +204,6 @@ can define what happens in these cases: above. Use :class:`Symfony\\Component\\Security\\Core\\Exception\\CustomUserMessageAuthenticationException` if you want to set custom error messages. -.. tip:: - - If your login method is interactive, which means that the user actively - logged into your application, you may want your authenticator to implement the - :class:`Symfony\\Component\\Security\\Http\\Authenticator\\InteractiveAuthenticatorInterface` - so that it dispatches an - :class:`Symfony\\Component\\Security\\Http\\Event\\InteractiveLoginEvent` .. _security-passport: pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy