Using same bundle for login

[nschurmann]

Hey dude, thanks for the awesome bundle, we are using it right now for a project. Currently we need to make a login through the login_check endpoint, and we are sending the username and password. To obtain the csrf_token for this we are retrieving the login page (app.php/login) and extracting the csrf_token from that form. Is there a way to use this bundle to get the csrf token from the endpoint and then send it with the user credentials?

Thanks in advance!

[dunglas]

Hi,

Thanks for your feedback.

I've not tested it but - as it uses events -, enabling CSRF protection through AngularCsrfBundle for the login_check route and disabling the native login form CSRF protection (remove the csrf_provider directive from security.yml should do the trick.

If it works, can you give us a feedback?

Thanks you.

[nschurmann]

Thanks for the quick response @dunglas and yes!, it works flawless. Your bundle is awesome!
Also the login path brings it's own csrf token and it doesn't interfere. So technically you can still have an html form for login and also an API login with csrf protection. Thanks!

Perhaps you may add this use case to the documentation?

[dunglas]

You're welcome.