Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork5.2k
Closed as not planned
Closed as not planned
Description
@wouterj You were the last one who edited the code block athttps://symfony.com/doc/current/security/custom_authenticator.html#passport-badges in this commit:01cb2b0
What does "validate no parameter is empty" mean there?
- Why should I do that? If there's no password given, it's treated as wrong password, so that looks OK for me.
- How should I do that? If the password is indeed
'', I still need to return aPassport. So (except from throwing an exception), there's nothing much I could do about it (especially can't generate a form error message), right? - Why is the comment shown in a code sample about CSRF?
For instance, if you want to add CSRF to your custom authenticator, you would initialize the passport like this:
=> So I'd say either just delete it, or give a more complete idea of what to do:
if ('' ===$password) {// ... ?}