Closed Hanfrey closed 8 years ago
@Hanfrey Acme\BestBundle\Listener\BruteForceAttemptListener - this is an example. You should register you own listener, if you need to do something when bruteforce was detected.
Thanks for the fast response. I added my own Listener which should dump something if its hit. But its not working like i thought:
If i add the success_handler the login is not working anymore. I commented and tried to bruteforce the login which hit the event.But i get the following error:
The autoloader expected class "AppBundle\EventListener\BruteForceAttemptListener" to be defined in file "src\AppBundle\EventListener\BruteForceAttemptListener.php". The file was found but the class was not in it, the class name or namespace probably has a typo.
class: AppBundle\EventListener\BruteForceAttemptListener
tags:
- { name: kernel.event_listener, event: security.brute_force_attempt, method: onBruteForceAttempt }
The class:
<?
namespace AppBundle\EventListener;
class BruteForceAttemptListener
{
public function onBruteForceAttempt( )
{
dump("got it!");
}
}
Any Idea? Thanks!
@Hanfrey Check your listener's filename - this default autoloader error. Later i will try to check handlers. Also, let me see your security.firewall config, if it possible
@anyx i found it, used <? instead of <?php. But the login is now not working anymore again. something special i have to do in the bruteforce listener?
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login_firewall:
pattern: ^/login$
anonymous: ~
ònlineservice:
pattern: ^/
form_login:
failure_handler: anyx.login_failure.handler
#success_handler: anyx.login_success.handler
csrf_provider: security.csrf.token_manager
check_path: login_check
login_path: login
default_target_path: /de/start
logout:
path: /logout
target: login
invalidate_session: false
``
Got it nearly running. The login_success does use the referer. This is everytime /login for me. So he redirects to the login again, im now using the default_path_target / path_target.
But i get this Error Message after loading each page: An error occurred while loading the web debug toolbar (404: Not Found) Do you want to open the profiler?
Any idea?
I don't want to open profiler. Looks like you have some problem in framework/webserver configuration.
Please, try to check this: http://stackoverflow.com/questions/21058750/symfony-2-4-an-error-occurred-while-loading-the-web-debug-toolbar-404-not-fou
I think an handler does not fit or something like that. Because i made an copy of the project before adding the Bundle and this is not happening there.
In the login failure handle is an DEPRECATED usage. Changed from:
use Symfony\Component\Security\Core\SecurityContext;
...
$request->getSession()->set(SecurityContext::AUTHENTICATION_ERROR, $exception);
use Symfony\Component\Security\Core\Security;
...
$request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
http://127.0.0.1:8000/_wdt/fd9e8d is tried to get accessed, which results in the 404 and error message with debug bar.
It just start to throw if i add the " new Anyx\LoginGateBundle\LoginGateBundle()," to the AppKernel.php
Something i noticed searching for the error:
$this->getDispatcher()->dispatch(SecurityEvents::BRUTE_FORCE_ATTEMPT, $event);
The BruteForceChecker.php has no method dispatch.
Something is weird with this. This is causing my problem, and i think it fits to the error above. If i take it out of the Authentication.php the 404 Error disappears.
->addMethodCall(
'setDispatcher',
array(
$container->findDefinition('event_dispatcher')
)
)
``
So BruteForceChecker should not have this method
@Hanfrey i was found several errors with dispatcher in last symfony versions. Tomorrow i will try to find time fix them. Thank you for feedback!
You are welcome, the dispatcher "error" comes because the annotation is wrong of the getDispatcher.
Is:
/**
*
* @return \Anyx\LoginGateBundle\Service\BruteForceChecker
*/
public function getDispatcher()
{
return $this->dispatcher;
}
Should be:
/**
*
* @return \Symfony\Component\EventDispatcher\EventDispatcherInterface
*/
public function getDispatcher()
{
return $this->dispatcher;
}
@Hanfrey it was a pretty long day) I believe, this issue (and bundle) is not actual for you.
Anyway, today i made some refactoring, wrote some tests and now time to close this issue, i think
Hello, i dont get it working. Is this compatible with symfony 2.7?
There is no Namespace like this, and in the Bundle i cant find that Class.