您如何在Symfony 4中记录登录失败?

时间:2018-10-09 18:38:40

标签: php symfony authentication symfony4

我的问题

我应该返回哪种响应类型,不会更改默认响应?还是有更好的方法来使记录器适应登录失败/ badcredentialsexception?

详细信息

我发现这篇帖子here指出,您可以(在Symfony 2.4中)自定义身份验证失败或成功的方法,例如:

use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;

class CustomTimeAuthenticator extends TimeAuthenticator implements AuthenticationFailureHandlerInterface, AuthenticationSuccessHandlerInterface
{
    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
    {
        error_log('You are out!');
    }

    public function onAuthenticationSuccess(Request $request, TokenInterface $token)
    {
        error_log(sprintf('Yep, you are in "%s"!', $token->getUsername()));
    }
}

它还指出

  

...您还可以通过返回一个完全跳过默认行为   响应实例:

public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
    if ($exception->getCode()) {
        return new Response('Not the right time to log in, come back later.');
    }
}

不幸的是,它似乎在Symfony 4 you have to return a Response中(与上面的2.4代码不同),所以我的代码是:

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Psr\Log\LoggerInterface;

class LoginFailureLogger implements AuthenticationFailureHandlerInterface
{
    private $logger;
    private $security;

    public function __construct(TokenStorageInterface $security, LoggerInterface $logger)
    {
        $this->logger = $logger;
        $this->security = $security;
    }

    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
    {
        $user = $exception->getToken()->getUser();

        $this->logger->notice('Failed to login user: "'. $user. '"".  Reason: '. $exception->getMessage());
    }
}

但是当页面运行时,我得到:

  

身份验证失败处理程序未返回响应。

1 个答案:

答案 0 :(得分:0)

您应该只重定向到登录页面,因为这是默认行为。请根据您的特定要求进行修改。

use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Session\Flash\FlashBagInterface;
...

private $flashBag;
private $logger;
private $security;

public function __construct(TokenStorageInterface $security, LoggerInterface $logger, FlashBagInterface $flashBag)
{
    $this->logger = $logger;
    $this->security = $security;
    $this->flashBag = $flashBag;
}

public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
    $user = $exception->getToken()->getUser();

    $this->logger->notice('Failed to login user: "'. $user. '"".  Reason: '. $exception->getMessage());

    $this->flashBag()->add('notice', 'Failed to login.');

    return new RedirectResponse('/login');
}

编辑:添加了即时消息

相关问题
最新问题