Closed rickogden closed 8 years ago
Maks3w
commented
8 years ago I think it's ok if the application blow up. If you hide a non authentication error in an expected (and normal) authentication error your login never works and you won't notice it.
rickogden
commented
8 years ago Thanks for your response. The problem I'm experiencing without it is that if the username is correct but the password isn't a ContextErrorException is thrown, whereas if the username is incorrect a BadCredentialsException is thrown, the latter being caught by Symfony. This means that if the user just gets their password wrong it is less graceful, and potentially a security risk as it is possible to differentiate between existing and non-existing users.
Maks3w
commented
8 years ago ContextErrorExceptiosn are not trowing without reason. Symfony's debug component is not used in any place of this project.
You have to tell us more about that exception for to consider a possible fix. Anyway I think it's something related with your code and not with the bundle itself.
… to bind with a correct username but incorrect password. This is an issue that I had, there's a chance it's due to incorrect configuration on my part, but it solved my problem.