Permalink
Browse files

feature #4761 [Cookbook][Security] don't output message from Authenti…

…cationException (xabbuh)

This PR was merged into the 2.3 branch.

Discussion
----------

[Cookbook][Security] don't output message from AuthenticationException

| Q             | A
| ------------- | ---
| Doc fix?      | yes
| New docs?     | no
| Applies to    | all
| Fixed tickets |

Displaying the message of an `AuthenticationException` might expose
sensitive data to the user.

Commits
-------

44277c7 don't output message from AuthenticationException
  • Loading branch information...
weaverryan committed Jan 16, 2015
2 parents 11c1047 + 44277c7 commit 9742b9291e4b0f4ad4f1e8eff61261cc9598213f
Showing with 5 additions and 5 deletions.
  1. +5 −5 cookbook/security/form_login_setup.rst
@@ -25,7 +25,7 @@ First, enable form login under your firewall:
# app/config/security.yml
security:
# ...
firewalls:
default:
anonymous: ~
@@ -98,7 +98,7 @@ under your ``form_login`` configuration (``/login`` and ``/login_check``):
.. configuration-block::
.. code-block:: php-annotations
// src/AppBundle/Controller/SecurityController.php
// ...
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
@@ -165,7 +165,7 @@ form::
// src/AppBundle/Controller/SecurityController.php
// ...
// ADD THIS use STATEMENT above your class
use Symfony\Component\Security\Core\SecurityContextInterface;
@@ -182,7 +182,7 @@ form::
$error = $session->get(SecurityContextInterface::AUTHENTICATION_ERROR);
$session->remove(SecurityContextInterface::AUTHENTICATION_ERROR);
} else {
$error = '';
$error = null;
}
// last username entered by the user
@@ -218,7 +218,7 @@ Finally, create the template:
{# ... you will probably extends your base template, like base.html.twig #}
{% if error %}
<div>{{ error.message }}</div>
<div>{{ error.messageKey|trans(error.messageData) }}</div>
{% endif %}
<form action="{{ path('login_check') }}" method="post">

0 comments on commit 9742b92

Please sign in to comment.