https://stackoverflow.com/questions/18268581
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianI have solved this issue by making the custom authenticator ..
How to use recaptcha in login page of FOSUserBundle
-
24-06-2022 - |
Question
I m working on a Symfony 2.2 project in which i m using the "FOSUserBundle" for security which works perfectly . I m also using "ewzrecaptchabundle" which is also working fine . my problem is that i want to use recaptcha in login page of FOSUserBundle . I follow the Adding Captcha to Symfony2 Login Page link for overriding the firewall but still after making a new form and passing the recaptcha it is not checking the recaptcha value .
I have now edited my code as follow :
My Listener :
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Webmuch\UserBundle\Listener;
use Symfony\Component\Security\Http\Firewall\UsernamePasswordFormAuthenticationListener as BaseListener;
use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
use Symfony\Component\HttpFoundation\Request;
use Psr\Log\LoggerInterface;
/**
* CanduUserLoginFormListener is the custom implementation of
* an authentication via a simple form composed of a username and a password.
*
* @author Fabien Potencier <fabien@symfony.com>
*/
class UserLoginFormListener extends BaseListener
{
private $csrfProvider;
/**
* {@inheritdoc}
*/
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager,SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfProviderInterface $csrfProvider = null)
{
parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, $failureHandler, array_merge(array(
'username_parameter' => '_username',
'password_parameter' => '_password',
'csrf_parameter' => '_csrf_token',
'captcha' => 'ewz_recaptcha',
'intention' => 'authenticate',
'post_only' => true,
), $options), $logger, $dispatcher);
$this->csrfProvider = $csrfProvider;
}
/**
* {@inheritdoc}
*/
protected function requiresAuthentication(Request $request)
{
if ($this->options['post_only'] && !$request->isMethod('POST')) {
return false;
}
return parent::requiresAuthentication($request);
}
/**
* {@inheritdoc}
*/
protected function attemptAuthentication(Request $request)
{
if ($this->options['post_only'] && 'post' !== strtolower($request->getMethod())) {
if (null !== $this->logger) {
$this->logger->debug(sprintf('Authentication method not supported: %s.', $request->getMethod()));
}
return null;
}
if (null !== $this->csrfProvider) {
$csrfToken = $request->get($this->options['csrf_parameter'], null, true);
if (false === $this->csrfProvider->isCsrfTokenValid($this->options['intention'],$csrfToken)) { throw new InvalidCsrfTokenException('Invalid CSRF token.');
}
}
// check here the captcha value
$userCaptcha = $request->get($this->options['captcha'], null, true);
$dummy = $request->getSession()->get('gcb_captcha');
$sessionCaptcha = $dummy['phrase'];
// if captcha is not correct, throw exception
if ($userCaptcha !== $sessionCaptcha) {
throw new BadCredentialsException('Captcha is invalid');
}
$username = trim($request->get($this->options['username_parameter'], null, true));
$password = $request->get($this->options['password_parameter'], null, true);
$request->getSession()->set(SecurityContextInterface::LAST_USERNAME,$username);
return $this->authenticationManager->authenticate(new UsernamePasswordToken($username, $password, $this->providerKey));
}
}
while i set it as service in parameters.yml as below
parameters:
database_driver: pdo_mysql
database_host: localhost
database_port: null
database_name: Project
database_user: root
database_password: root
mailer_transport: smtp
mailer_host: smtp.gmail.com
mailer_auth_mode: login
mailer_user: mymail@gmail.com
mailer_password: mymailpassword
locale: en
secret: ThisTokenIsNotSoSecretChangeIt
database_path: null
security.authentication.listener.form.class: Webmuch\UserBundle\Listener\UserLoginFormListener
then after i created a UserFormType as below:
<?php
/*
* This file is part of the FOSUserBundle package.
*
* (c) FriendsOfSymfony <http://friendsofsymfony.github.com/>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Webmuch\UserBundle\Form;
class NewUserLoginFormType extends AbstractType
{
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder
->add('_username', 'email', array('label' => 'form.username', 'translation_domain' => 'FOSUserBundle')) // TODO: user can login with email by inhibit the user to enter username
->add('_password', 'password', array(
'label' => 'form.current_password',
'translation_domain' => 'FOSUserBundle',
'mapped' => false,))
->add('recaptcha', 'ewz_recaptcha', array(
'attr' => array(
'options' => array(
'theme' => 'red'
)
),
'label' => "Verification",
'property_path' => false,
'constraints' => array(
new True()
),
'label' => "Enter the words in the box."))
->add('recaptcha_challenge_field', 'hidden', array('property_path' => false))
->add('recaptcha_response_field', 'hidden', array('property_path' => false));
}
public function setDefaultOptions(OptionsResolverInterface $resolver)
{
$resolver->setDefaults(array(
'data_class' => 'Webmuch\UserBundle\Entity\User',
'intention' => 'authenticate',
));
}
public function getName()
{
return 'webmuch_user_newloginform';
}
}
In my security controller:
public function loginAction()
{
$form = $this->container->get('form.factory')->create(new NewUserLoginFormType());
$request = $this->container->get('request');
/* @var $request \Symfony\Component\HttpFoundation\Request */
$session = $request->getSession();
/* @var $session \Symfony\Component\HttpFoundation\Session */
// get the error if any (works with forward and redirect -- see below)
if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
$error = $request->attributes- >get(SecurityContext::AUTHENTICATION_ERROR);
} elseif (null !== $session && $session->has(SecurityContext::AUTHENTICATION_ERROR)) {
$error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
$session->remove(SecurityContext::AUTHENTICATION_ERROR);
} else {
$error = '';
}
if ($error) {
// TODO: this is a potential security risk (see http://trac.symfony- project.org/ticket/9523)
//$error = $error->getMessage();
$session = $this->container->get('session');
$session->setFlash('error','Invalid Username or Password');
return new RedirectResponse($this->container->get('router')- >generate('fos_user_security_login'));
}
// last username entered by the user
$lastUsername = (null === $session) ? '' : $session- >get(SecurityContext::LAST_USERNAME);
$csrfToken = $this->container->get('form.csrf_provider')->generateCsrfToken('authenticate');
return $this->renderLogin(array( `enter code here`
'last_username' => $lastUsername,
'error' => $error,
'csrf_token' => $csrfToken,
'form' => $form->createView(),
));
}
and finally login.html.twig:
{% extends "::base1.html.twig" %}
{% block userProfile %}
{% if error %}
<div>{{ error|trans({}, 'FOSUserBundle') }}</div>
{% endif %}
<h2 class="gradWellHead">Login here</h2>
<div class="row-fluid marginBottom10">
<div class="span6 well">
<form class="form-horizontal" action="{{ path("fos_user_security_check") }}" method="post">
<input type="hidden" name="_csrf_token" value="{{ csrf_token }}" />
<div class="control-group">
<label class="control-label" for="username">{{ 'form.username'|trans({}, 'FOSUserBundle') }}</label>
<div class="controls">
<input type="text" id="username" name="_username" value="{{ last_username }}" required="required" placeholder="Username"/>
</div>
</div>
<div class="control-group">
<label class="control-label" for="password">{{ 'form.password'|trans({}, 'FOSUserBundle') }}</label>
<div class="controls">
<input type="password" id="password" name="_password" required="required" placeholder="Password"/>
</div>
</div>
<div class="control-group">
<label class="control-label" for="recaptcha">Recaptcha</label>
<div class="controls">
{% form_theme form 'EWZRecaptchaBundle:Form:ewz_recaptcha_widget.html.twig' %}
{{ form_widget(form.recaptcha, { 'attr': {'options' : {'theme' : 'clean',},} }) }}
</div>
</div>
<div class="control-group">
<div class="controls">
<label class="checkbox">
<input type="checkbox" id="remember_me" name="_remember_me" value="on" />Remember me?
</label>
<input class="btn" type="submit" id="_submit" name="_submit" value="{{ 'form.submit'|trans({}, 'FOSUserBundle') }}" />
<a href="{{ path('fos_user_resetting_request') }}">Forget Password ?</a>
{{ facebook_login_button({'autologoutlink': true}) }}
</div>
</div>
</form>
</div>
<div class="span6 well">
<img src="{{asset('img/candu_manifesto_starburst.jpg')}}">
</div>
</div>
{% endblock %}
If any have any idea please help me .
Thanks in advance !
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
