Answer the question
In order to leave comments, you need to log in
Y
Y
youlose2012-04-12 19:43:12
youlose, 2012-04-12 19:43:12
How can I validate login form data using the Security Bundle?
Good day, the problem I have is this:
on the site that I am currently doing, authentication occurs by email, in fact, before calling login_check, I would like to check whether the email address is valid or not and display an error about it (you never know, an inexperienced person forgot . ru add at the end, for example).
Actually, I see several solutions:
1. First, analyze POST data, check their correctness with a validator and then somehow make a subrequest to /login_check
2. Register failure_handler and already check the correctness of the entered data in it.
3. Trying to figure it out using events
I couldn’t implement the 1st option, because with redirects and forwards I didn’t figure out how to pass parameters
I don’t really like the 2nd because the validation occurs after the first wrong attempt, it seems to me that there should be a solution in the form I want to do the
3rd - I didn’t even try it, because it’s still a dense forest for me
PS So I did the 1st option, not really right, but if the gurus correct me, I will be very grateful (I cut out the excess in the example, otherwise it’s not clear what I’m talking about):
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\HttpKernelInterface;
if ($form->isValid()) {
$req = Request::create(
$this->generateUrl('security_check'),
'POST',
array(
'_username' => $customer->getEmail(),
'_password' => $customer->getPass()
),
$request->cookies->all(),
array(),
$request->server->all()
);
$resp = $this->get('http_kernel')->handle($req,HttpKernelInterface::MASTER_REQUEST);
if ($security_context->getToken()) {
return $resp;
} else {
$auth_errors []= 'Неверно набраны почтовый ящик и/или пароль';
}
}PPS But now, having rummaged in the source code + seeing that after my previous frauds, some very recursively tangled sessions turned out, I think that the correct option is No. 3, how to learn how to manually trigger events - I’ll write, because I didn’t find it in the documentation.
3 answer(s)
@BoShurik
plus validation on the user side
B
BoShurik, 2012-04-12 @BoShurik
I tend to the second option, but without failure_handler
From the user's point of view, the form was sent and it didn't matter if there was a request to the database or not.
// src/Acme/SecurityBundle/Controller/Main;
namespace Acme\SecurityBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\Security\Core\SecurityContext;
class SecurityController extends Controller
{
public function loginAction()
{
$request = $this->getRequest();
$session = $request->getSession();
// get the login error if there is one
if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
$error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR);
} else {
$error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
$session->remove(SecurityContext::AUTHENTICATION_ERROR);
}
if ($error && !filter_var(SecurityContext::LAST_USERNAME, FILTER_VALIDATE_EMAIL)) {
$error = new \Exception('Invalid e-mail');
}
return $this->render('AcmeSecurityBundle:Security:login.html.twig', array(
// last username entered by the user
'last_username' => $session->get(SecurityContext::LAST_USERNAME),
'error' => $error,
));
}
}
plus validation on the user side
Similar questions
I
K
I
S
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question