Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
MasterCopipaster2021-02-21 02:17:30
symfony
MasterCopipaster, 2021-02-21 02:17:30

Who faced the crooked csrf token generation module in symfony 5?

Listen explain how to live with it?
I set up authorization on the site according to this instruction

I made such a login form

class LoginType extends AbstractType
{
    public function buildForm(FormBuilderInterface $builder, array $options)
    {
        $builder->add('email',null,array('label' => false,'attr' => ['class' => 'register-form-input','autocomplete' => 'off']));
        $builder->add('password',PasswordType::class,array('label' => false,'attr' => ['class' => 'register-form-input','autocomplete' => 'off']));
        $builder->add('captcha', CaptchaType::class,array('label' => false,'attr' => ['class' => 'register-form-input','autocomplete' => 'off']));
    }

    public function configureOptions(OptionsResolver $resolver)
    {
        $resolver->setDefaults([
            // Configure your form options here
        ]);
    }
}

When authorizing, I always get Invalid CSRF token.

My twig form looked like this
{{ form_start(login_form) }}
                    <b>Email:</b><br />
                    {{ form_row(login_form.email) }}
                    <b>Password:</b><br />
                    {{ form_row(login_form.password) }}
                    <b>Код с картинки:</b><br />
                    {{ form_row(login_form.captcha) }}
                    <div class="text-center"><button type="submit" class="site-btn">Войти</button></div>
                    {{ form_row(login_form._token) }}
                    {{ form_end(login_form) }}

I generated such a form (I didn’t write extra ones)
<input type="hidden" id="login__token" name="login[_token]" value="ZtVwBzXtPbbnZp-5D4RysR7eDDt1z3Tr5WvBCv7C1VU" /></form>

I think, well, what is the problem in the session, this token is all ok, I began to find out
Added html layout from the example
{{ form_row(login_form._token) }}
                    <input type="hidden" name="_csrf_token"
                           value="{{ csrf_token('authenticate') }}"
                    >
                    {{ form_end(login_form) }}


Got two different csrf tokens
<input type="hidden" name="_csrf_token"
                           value="Xtnmxi4Pn_N95067wjxYEMh3t7vhf4FiPJCxYNUnWqA"
                    >
                    <input type="hidden" id="login__token" name="login[_token]" value="ZtVwBzXtPbbnZp-5D4RysR7eDDt1z3Tr5WvBCv7C1VU" /></form>

The first is generated by the authorization module, the second is a standard form
603197f12a534457615282.bin

. I'm confused, what should I do? why are the tokens different? how to force the authorization form to generate a normal token? in other forms, by the way, a standard token, for example, works fine ... What do you recommend?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dmitry, 2021-02-21
@thewind

I also ran across, I did not find a solution. As a result, also - 2 tokens, one native and one manual.

Similar questions
B
BonBon Slick2020-12-03 10:50:53
Symfony container preload.php for .env? 1Reply
B
BonBon Slick2020-12-07 15:01:53
New message bus handler vs handler subscriber? 0Reply
A
Alexey Verkhovtsev2019-03-21 18:48:33
How to use different databases for different Symfony 4 environments? 0Reply
N
nepster-web2014-10-27 22:38:02
How to change config type in symfony 2 bundle? 1Reply
B
BonBon Slick2020-12-12 01:29:13
Autoconfigure + autowire for controllers? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question