New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security] Json login exception #48277
base: 7.1
Are you sure you want to change the base?
Conversation
Hey! I see that this is your first PR. That is great! Welcome! Symfony has a contribution guide which I suggest you to read. In short:
Review the GitHub status checks of your pull request and try to solve the reported issues. If some tests are failing, try to see if they are failing because of this change. When two Symfony core team members approve this change, it will be merged and you will become an official Symfony contributor! I am going to sit back now and wait for the reviews. Cheers! Carsonbot |
Hey! Thanks for your PR. You are targeting branch "6.2" but it seems your PR description refers to branch "6.3". Cheers! Carsonbot |
I love this in theory, however, in practice, I think this breaks backwards-compatibility. For example, suppose someone is currently using Would having something in the documentation have helped you? I'm trying to think of another way that we could help users debug, assuming that others agree that this PR won't be able to be accepted. Cheers! |
In other authenticators, we use the logger to expose this information: symfony/src/Symfony/Component/Security/Http/Authenticator/AbstractPreAuthenticatedAuthenticator.php Line 67 in 013857a
We can maybe have a nice log message saying something like I'm aware we have to make this information more visible for login actions btw (ref #36668) |
Thank you guys for the nice and very good feedback. @weaverryan you are totally right, I don't expect this situation, that two authenticators work with the same URL, damn. @wouterj Yes, I think a logging message is better than nothing. Whereby, I must confess that I not often work with log files. And in my mistake from last week, I don't check the logfiles. But maybe it is because I am not professional ;-) What is next? Sorry for my stupid questions. |
Not stupid questions - you're new here! And you've done a fine start. You can update THIS PR to revert these changes and add the logger. And you don't need to worry about rebasing or squashing: just add new commits :).
This is definitely for you - you had the great idea to start to see how we could improve things. And, in the open source world, often if YOU don't do it, nobody will. So thanks for showing up! |
Thanks. I will try my best. 😊 |
85aad07
to
3d8fa6b
Compare
Wow, it was more difficult as I thought in the beginning. :-D I have two further questions:
|
3d8fa6b
to
64f06ee
Compare
64f06ee
to
7d027be
Compare
Hello everyone,
to find my error in my last project, it took me a few hours, but it was such a simple and stupid mistake of mine. The mean thing was that I didn't get an error message. Had I had an error message, it would have been a matter of minutes.
@weaverryan gave me a hint via symfonycast to watch Symfony\Component\Security\Http\Authenticator\JsonLoginAuthenticator and there it was so easy to figure out that I was just trying with application/text and not json. :D
Ryan suggested making a request for a class update, and so I implemented a new method that checks if the user has any content that looks like they are trying to log in, the error message is displayed if they use the wrong request method.
For me it is a first pull request. I hope I didn't do too much wrong :-)