No form errors after login fail.

[mrcmorales]

Hi,

Sorry but after updated with bugfix in #182 is not working for me.

I debugged and in LoginfFormType:75 there aren't errors in $error = $request->attributes->get(Security::AUTHENTICATION_ERROR); and neither in $error = $request->getSession()->get(Security::AUTHENTICATION_ERROR);

Thank you!

[core23]

Can you dig in a little bit and provide a bugfix?

182 fixes the error (for me)

[mrcmorales]

hi @core23

The problem is that if I try to do the login with wrong password the form hasn't erros but on the other hand If I put the correct password the login is working correctly.

My bundle config:

nucleos_user:
    db_driver: mongodb
    firewall_name: main
    user_class: 'App\IS\User\Document\User'
    from_email: '%env(MAIL_SENDER)%'

My security.yaml config

    encoders:
        Nucleos\UserBundle\Model\UserInterface: auto

    role_hierarchy:
        ROLE_ADMIN:       [ROLE_STORE, ROLE_USER]
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        nucleos_userbundle:
            id: nucleos_user.user_provider.username_email

    firewalls:
        # disables authentication for assets and the profiler, adapt it according to your needs
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        main:
            pattern: ^/
            form_login:
                provider: nucleos_userbundle
                default_target_path: /
                check_path: /login_check
                login_path: /login
#                csrf_token_generator: security.csrf.token_manager
#                failure_handler: App\IS\User\AuthenticationHandler\AuthenticationHandler
                #always_use_default_target_path: true
            logout:
                target: /
            anonymous:    true

    access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/change-password, role: IS_AUTHENTICATED_REMEMBERED }
        - { path: ^/user, role: ROLE_USER }
        - { path: ^/checkout, role: ROLE_USER }
        - { path: ^/store, role: ROLE_STORE }
        - { path: ^/admin, role: ROLE_ADMIN }

Thank you

[fkrauthan]

I have the same error. I just upgraded from version 1.5.0 to 1.6.1 but I don't get any errors. When using the debug toolbar the form is saying there are no errors (even though I believe your code change suppose to populate it with a login error).

[core23]

Can you try to investigate and provide a PR with a bugfix @fkrauthan ?

[fkrauthan]

@core23 sure I can look into it. But is there a reason why you process the Security::AUTHENTICATION_ERROR in LoginFormType as well as LoginAction?

[fkrauthan]

Ok I found a list of things that are wrong:

1. It is recommended to use AuthenticationUtils to get the last error message and last username (with that it works)
2. You currently try to process error message in two places (not good practice)
3. It seems like in general the form is complaining about Invalid CSRF token
4. The setData call in the form seem to be wrong as well as you set the username field instead of the _username field

[fkrauthan]

Do you have already an idea when you might publish a new version? This (and the one ticket on ProfileBundle) are currently blocking my Symfony 4.4. upgrade of my Browsergame

[core23]

Sorry for the delay. I'll publish a new version this weekend