Y
Y
youlose2012-04-12 19:43:12
symfony
youlose, 2012-04-12 19:43:12

How can I validate login form data using the Security Bundle?

Good day, the problem I have is this:
on the site that I am currently doing, authentication occurs by email, in fact, before calling login_check, I would like to check whether the email address is valid or not and display an error about it (you never know, an inexperienced person forgot . ru add at the end, for example).
Actually, I see several solutions:
1. First, analyze POST data, check their correctness with a validator and then somehow make a subrequest to /login_check
2. Register failure_handler and already check the correctness of the entered data in it.
3. Trying to figure it out using events
I couldn’t implement the 1st option, because with redirects and forwards I didn’t figure out how to pass parameters
I don’t really like the 2nd because the validation occurs after the first wrong attempt, it seems to me that there should be a solution in the form I want to do the
3rd - I didn’t even try it, because it’s still a dense forest for me
PS So I did the 1st option, not really right, but if the gurus correct me, I will be very grateful (I cut out the excess in the example, otherwise it’s not clear what I’m talking about):

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\HttpKernelInterface;
    

            if ($form->isValid()) {
                $req = Request::create(
                    $this->generateUrl('security_check'),
                    'POST',
                    array(
                        '_username' => $customer->getEmail(),
                        '_password' => $customer->getPass()
                    ),
                    $request->cookies->all(),
                    array(),
                    $request->server->all()
                );

                $resp = $this->get('http_kernel')->handle($req,HttpKernelInterface::MASTER_REQUEST);
                if ($security_context->getToken()) {
                  return $resp;  
                } else {
                    $auth_errors []= 'Неверно набраны почтовый ящик и/или пароль';
                }
            }

PPS But now, having rummaged in the source code + seeing that after my previous frauds, some very recursively tangled sessions turned out, I think that the correct option is No. 3, how to learn how to manually trigger events - I’ll write, because I didn’t find it in the documentation.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
B
BoShurik, 2012-04-12
@BoShurik

I tend to the second option, but without failure_handler
From the user's point of view, the form was sent and it didn't matter if there was a request to the database or not.

// src/Acme/SecurityBundle/Controller/Main;
namespace Acme\SecurityBundle\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\Security\Core\SecurityContext;

class SecurityController extends Controller
{
    public function loginAction()
    {
        $request = $this->getRequest();
        $session = $request->getSession();

        // get the login error if there is one
        if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
            $error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR);
        } else {
            $error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
            $session->remove(SecurityContext::AUTHENTICATION_ERROR);
        }

        if ($error && !filter_var(SecurityContext::LAST_USERNAME, FILTER_VALIDATE_EMAIL)) {
            $error = new \Exception('Invalid e-mail');
        }

        return $this->render('AcmeSecurityBundle:Security:login.html.twig', array(
            // last username entered by the user
            'last_username' => $session->get(SecurityContext::LAST_USERNAME),
            'error'         => $error,
        ));
    }
}

plus validation on the user side

N
nuclear, 2012-04-12
@nuclear

Why not do validation in the standard way ?

B
BoShurik, 2012-04-12
@BoShurik

Alternatively, create your own UserProvider
(you can inherit from github.com/symfony/symfony/blob/master/src/Symfony/Bridge/Doctrine/Security/User/EntityUserProvider.php ), which first checks $username in the loadUserByUsername method for validity.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question