search

ZF-Commons / ZfcUser

A generic user registration and authentication module for ZF2. Supports Zend\Db and Doctrine2. (Formerly EdpUser)
BSD 3-Clause "New" or "Revised" License
497 stars 343 forks source link

Error message not displayed on failed login #670

Open jeremyquinton opened 7 years ago

jeremyquinton commented 7 years ago

When form validation fails, for example when a user enters an invalid email address on the login for this piece of code executes https://github.com/ZF-Commons/ZfcUser/blob/3.x/src/ZfcUser/Controller/UserController.php#L120 flashMessenger is used to set the error and the user is redirected back to the login form.

Looking in the Login controller action https://github.com/ZF-Commons/ZfcUser/blob/3.x/src/ZfcUser/Controller/UserController.php#L94 there is nothing that handles the flash messenger error. I rectified this by overriding the login view script login.phtml - https://github.com/ZF-Commons/ZfcUser/blob/3.x/view/zfc-user/user/login.phtml and adding the following code

<?php if ($this->flashMessenger()->setNamespace('zfcuser-login-form')->hasMessages()) :
    $messages = $this->flashMessenger()->setNamespace('zfcuser-login-form')->getMessages();
    foreach ($messages as $message) { ?>
        <div class="alert alert-error">
            <?php echo $message; ?>
        </div>
    <?php } ?>
<?php endif; ?>

I can submit a PR for this I just wanted to make sure first I haven't overlooked something and the fact this isn't an actual bug that the error is not displayed.

Another implementation idea might be to use the actual zend form error messages as this tells the user what is wrong. Currently the error just says

Authentication failed. Please try again.

But if a user enters an invalid email address it might be worth telling them. Happy to try and submit a PR for this just thought it worth discussing implementation first.

jarrettj commented 6 years ago

Can't get errors displaying as well. +1

koseduhemak commented 6 years ago

@jeremyquinton If I try your code it will display "authenication failed" message. But why do we not use messages array at login form class? There are no form messages set.

gkzsolt commented 6 years ago

@jeremyquinton, thanks for your observations and workaround, they saved me a lot ;) Too bad that the developers seemed to have abandoned the project :( From the UserController code I'd understand that the error messages are stored in the flashMessenger, to be taken from there in the phtml templates; so if this is not done, we'll have no error messages displayed. Curiously though, our login module worked with the ZF2 version of ZFcUser and got broken recently in ZF3, so I don't know how it worked and what they changed. Yes, it would also be good to have different error messages, dare I say translatable? But apparently nobody cares from developers, the project is dead :( I'll will get rid of this module as soon as I can - there are better ones around.