Finally I solve my problem using the option 1 from my post and changing the extending to /src/UserBundle/Controller/SecurityController.php
and changing the LoginAction
<?php
public function loginAction(Request $request){
$error = Security::AUTHENTICATION_ERROR;
$lastUsername = '';
$isValid=false;
$hasCaptcha=false;
if ($_POST) {
$lastUsername = $_POST['_username'];
$password_plain = $_POST['_password'];
$em = $this->getDoctrine()->getManager();
$userManager = $this->get('fos_user.user_manager');
$user =$userManager ->findUserByUsernameOrEmail($lastUsername);
if ($this->captchaverify($request->get('g-recaptcha-response'))) {
$hasCaptcha=true;
} else {
$error="Captcha is not Valid";
}
if($hasCaptcha){
if($user){
$factory = $this->container->get('security.encoder_factory');
$encoder = $factory->getEncoder($user);
if($encoder->isPasswordValid($user->getPassword(),$password_plain,$user->getSalt())){
$token = new UsernamePasswordToken($user, null, 'main', $user->getRoles());
$this->get('security.token_storage')->setToken($token);
return $this->redirectToRoute('homepage');
} else {
$error="password is not Valid";
}
}else{
$error="user is not Valid";
}
}
}
return $this->renderLogin(array(
'last_username' => $lastUsername,
'error' => $error,
));
}
function captchaverify($recaptcha){
$url = "https://www.google.com/recaptcha/api/siteverify";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
"secret"=>"xxxxxxxx","response"=>$recaptcha));
$response = curl_exec($ch);
curl_close($ch);
$data = json_decode($response);
return $data->success;
}
- Also needed to change the
security.yml
at 'login_path' and 'check_path' with value 'new_login' that is a new route to Login Action
firewalls:
dev:
pattern: ^/(_(profiler|wdt|error)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
default_target_path: homepage
csrf_token_generator: security.csrf.token_manager
login_path: new_login
check_path: new_login
- at my view I added:
<script src='https://www.google.com/recaptcha/api.js?hl=es'></script>
- inside the form:
<div class="g-recaptcha" data-sitekey="xxxxxx"></div>
Hope to help any in the same dilemma