Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
MasterCopipaster2021-02-21 02:17:30
symfony
MasterCopipaster, 2021-02-21 02:17:30

Who faced the crooked csrf token generation module in symfony 5?

Listen explain how to live with it?
I set up authorization on the site according to this instruction

I made such a login form

class LoginType extends AbstractType
{
    public function buildForm(FormBuilderInterface $builder, array $options)
    {
        $builder->add('email',null,array('label' => false,'attr' => ['class' => 'register-form-input','autocomplete' => 'off']));
        $builder->add('password',PasswordType::class,array('label' => false,'attr' => ['class' => 'register-form-input','autocomplete' => 'off']));
        $builder->add('captcha', CaptchaType::class,array('label' => false,'attr' => ['class' => 'register-form-input','autocomplete' => 'off']));
    }

    public function configureOptions(OptionsResolver $resolver)
    {
        $resolver->setDefaults([
            // Configure your form options here
        ]);
    }
}

When authorizing, I always get Invalid CSRF token.

My twig form looked like this
{{ form_start(login_form) }}
                    <b>Email:</b><br />
                    {{ form_row(login_form.email) }}
                    <b>Password:</b><br />
                    {{ form_row(login_form.password) }}
                    <b>Код с картинки:</b><br />
                    {{ form_row(login_form.captcha) }}
                    <div class="text-center"><button type="submit" class="site-btn">Войти</button></div>
                    {{ form_row(login_form._token) }}
                    {{ form_end(login_form) }}

I generated such a form (I didn’t write extra ones)
<input type="hidden" id="login__token" name="login[_token]" value="ZtVwBzXtPbbnZp-5D4RysR7eDDt1z3Tr5WvBCv7C1VU" /></form>

I think, well, what is the problem in the session, this token is all ok, I began to find out
Added html layout from the example
{{ form_row(login_form._token) }}
                    <input type="hidden" name="_csrf_token"
                           value="{{ csrf_token('authenticate') }}"
                    >
                    {{ form_end(login_form) }}


Got two different csrf tokens
<input type="hidden" name="_csrf_token"
                           value="Xtnmxi4Pn_N95067wjxYEMh3t7vhf4FiPJCxYNUnWqA"
                    >
                    <input type="hidden" id="login__token" name="login[_token]" value="ZtVwBzXtPbbnZp-5D4RysR7eDDt1z3Tr5WvBCv7C1VU" /></form>

The first is generated by the authorization module, the second is a standard form
603197f12a534457615282.bin

. I'm confused, what should I do? why are the tokens different? how to force the authorization form to generate a normal token? in other forms, by the way, a standard token, for example, works fine ... What do you recommend?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dmitry, 2021-02-21
@thewind

I also ran across, I did not find a solution. As a result, also - 2 tokens, one native and one manual.

Similar questions
K
Kerm2020-07-29 16:19:02
Is it possible in Symfony 3 when creating a test in Codeception to authorize a user, create a session? 1Reply
A
Alexander Vladimirovich2018-08-23 15:36:57
How to split a large form into tabs in symfony 4? 1Reply
M
MasterCopipaster2021-11-09 17:09:33
Is it possible in Symfony 5.2 to store cache and sessions in memcache using standard methods? 1Reply
N
NubasLol2018-08-27 14:24:35
Symfony how to make a form field disabled? 1Reply
N
Nikolai Egorov2018-08-30 11:35:02
What is the best way to check CSRF tokens? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question