Commit40a52c8

committed

feature#5907 Updating some places to use the new CustomUserMessageAuthenticationException (weaverryan)

This PR was merged into the 2.8 branch.Discussion----------Updating some places to use the new CustomUserMessageAuthenticationException| Q | A| ------------- | ---| Doc fix? | no| New docs? | yes| Applies to | 2.8+| Fixed tickets |#5736Commits-------3d67202 tweaks thanks to the guys1eb5f23 Updating some places to use the new CustomUserMessageAuthenticationException

2 parents3843cda +3d67202 commit40a52c8Copy full SHA for 40a52c8

File tree

2 files changed

+31

-7

lines changed

cookbook/security
- api_key_authentication.rst
- custom_password_authenticator.rst

2 files changed

+31

-7

lines changed

`‎cookbook/security/api_key_authentication.rst`

Lines changed: 16 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,7 @@ value and then a User object is created::`
`37`	`37`	`use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken;`
`38`	`38`	`use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;`
`39`	`39`	`use Symfony\Component\Security\Core\Exception\AuthenticationException;`
	`40`	`+ use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;`
`40`	`41`	`use Symfony\Component\Security\Core\Exception\BadCredentialsException;`
`41`	`42`	`use Symfony\Component\Security\Core\User\UserProviderInterface;`
`42`	`43`	`use Symfony\Component\Security\Http\Authentication\SimplePreAuthenticatorInterface;`
`@@ -80,7 +81,9 @@ value and then a User object is created::`
`80`	`81`	`$username = $userProvider->getUsernameForApiKey($apiKey);`
`81`	`82`
`82`	`83`	`if (!$username) {`
`83`		`- throw new AuthenticationException(`
	`84`	`+ // CAUTION: this message will be returned to the client`
	`85`	`+ // (so don't put any un-trusted messages / error strings here)`
	`86`	`+ throw new CustomUserMessageAuthenticationException(`
`84`	`87`	`sprintf('API Key "%s" does not exist.', $apiKey)`
`85`	`88`	`);`
`86`	`89`	`}`
`@@ -101,6 +104,11 @@ value and then a User object is created::`
`101`	`104`	`}`
`102`	`105`	`}`
`103`	`106`
	`107`	`+..versionadded::2.8`
	`108`	+ The ``CustomUserMessageAuthenticationException`` class is new in Symfony 2.8
	`109`	`+ and helps you return custom authentication messages. In 2.7 or earlier, throw`
	`110`	+ an ``AuthenticationException`` or any sub-class (you can still do this in 2.8).
	`111`	`+`
`104`	`112`	Once you've:ref:`configured<cookbook-security-api-key-config>` everything,
`105`	`113`	`you'll be able to authenticate by adding an apikey parameter to the query`
`106`	`114`	string, like ``http://example.com/admin/foo?apikey=37b51d194a7513e45b56f6524f2d51f2``.
@@ -291,7 +299,11 @@ you can use to create an error ``Response``.
`291`	`299`
`292`	`300`	`public function onAuthenticationFailure(Request $request, AuthenticationException $exception)`
`293`	`301`	`{`
`294`		`- return new Response("Authentication Failed.", 403);`
	`302`	`+ return new Response(`
	`303`	`+ // this contains information about why authentication failed`
	`304`	`+ // use it, or return your own message`
	`305`	`+ strtr($exception->getMessageKey(), $exception->getMessageData())`
	`306`	`+ , 403)`
`295`	`307`	`}`
`296`	`308`	`}`
`297`	`309`
`@@ -543,7 +555,8 @@ to see if the stored token has a valid User object that can be used::`
`543`	`555`	`}`
`544`	`556`
`545`	`557`	`if (!$username) {`
`546`		`- throw new AuthenticationException(`
	`558`	`+ // this message will be returned to the client`
	`559`	`+ throw new CustomUserMessageAuthenticationException(`
`547`	`560`	`sprintf('API Key "%s" does not exist.', $apiKey)`
`548`	`561`	`);`
`549`	`562`	`}`

`‎cookbook/security/custom_password_authenticator.rst`

Lines changed: 15 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,7 @@ the user::`
`39`	`39`	`use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;`
`40`	`40`	`use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;`
`41`	`41`	`use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;`
`42`		`- use Symfony\Component\Security\Core\Exception\AuthenticationException;`
	`42`	`+ use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;`
`43`	`43`	`use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;`
`44`	`44`	`use Symfony\Component\Security\Core\User\UserProviderInterface;`
`45`	`45`	`use Symfony\Component\Security\Http\Authentication\SimpleFormAuthenticatorInterface;`
`@@ -58,15 +58,19 @@ the user::`
`58`	`58`	`try {`
`59`	`59`	`$user = $userProvider->loadUserByUsername($token->getUsername());`
`60`	`60`	`} catch (UsernameNotFoundException $e) {`
`61`		`- throw new AuthenticationException('Invalid username or password');`
	`61`	`+ // CAUTION: this message will be returned to the client`
	`62`	`+ // (so don't put any un-trusted messages / error strings here)`
	`63`	`+ throw new CustomUserMessageAuthenticationException('Invalid username or password');`
`62`	`64`	`}`
`63`	`65`
`64`	`66`	`$passwordValid = $this->encoder->isPasswordValid($user, $token->getCredentials());`
`65`	`67`
`66`	`68`	`if ($passwordValid) {`
`67`	`69`	`$currentHour = date('G');`
`68`	`70`	`if ($currentHour < 14 \|\| $currentHour > 16) {`
`69`		`- throw new AuthenticationException(`
	`71`	`+ // CAUTION: this message will be returned to the client`
	`72`	`+ // (so don't put any un-trusted messages / error strings here)`
	`73`	`+ throw new CustomUserMessageAuthenticationException(`
`70`	`74`	`'You can only log in between 2 and 4!',`
`71`	`75`	`100`
`72`	`76`	`);`
`@@ -80,7 +84,9 @@ the user::`
`80`	`84`	`);`
`81`	`85`	`}`
`82`	`86`
`83`		`- throw new AuthenticationException('Invalid username or password');`
	`87`	`+ // CAUTION: this message will be returned to the client`
	`88`	`+ // (so don't put any un-trusted messages / error strings here)`
	`89`	`+ throw new CustomUserMessageAuthenticationException('Invalid username or password');`
`84`	`90`	`}`
`85`	`91`
`86`	`92`	`public function supportsToken(TokenInterface $token, $providerKey)`
`@@ -95,6 +101,11 @@ the user::`
`95`	`101`	`}`
`96`	`102`	`}`
`97`	`103`
	`104`	`+..versionadded::2.8`
	`105`	+ The ``CustomUserMessageAuthenticationException`` class is new in Symfony 2.8
	`106`	`+ and helps you return custom authentication messages. In 2.7 or earlier, throw`
	`107`	+ an ``AuthenticationException`` or any sub-class (you can still do this in 2.8).
	`108`	`+`
`98`	`109`	`How it Works`
`99`	`110`	`------------`
`100`	`111`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit40a52c8

File tree

2 files changed

2 files changed

`‎cookbook/security/api_key_authentication.rst`

`‎cookbook/security/custom_password_authenticator.rst`

0 commit comments