doukui2011 2018-10-09 18:38
浏览 125
已采纳

如何在Symfony 4中记录登录失败?

My Question

What sort of Response should I return that won't change the default response? Or is there a better way to tack on a logger to a Login Failure/badcredentialsexception?

Details

I found this post here which states that you can (in Symfony 2.4) customize authentication failures or successes like so:

use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;

class CustomTimeAuthenticator extends TimeAuthenticator implements AuthenticationFailureHandlerInterface, AuthenticationSuccessHandlerInterface
{
    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
    {
        error_log('You are out!');
    }

    public function onAuthenticationSuccess(Request $request, TokenInterface $token)
    {
        error_log(sprintf('Yep, you are in "%s"!', $token->getUsername()));
    }
}

It also states that

...you can also bypass the default behavior altogether by returning a Response instance:

public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
    if ($exception->getCode()) {
        return new Response('Not the right time to log in, come back later.');
    }
}

Unfortunately it seems in Symfony 4 you have to return a Response (unlike the above 2.4 code) and so my code is:

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Psr\Log\LoggerInterface;

class LoginFailureLogger implements AuthenticationFailureHandlerInterface
{
    private $logger;
    private $security;

    public function __construct(TokenStorageInterface $security, LoggerInterface $logger)
    {
        $this->logger = $logger;
        $this->security = $security;
    }

    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
    {
        $user = $exception->getToken()->getUser();

        $this->logger->notice('Failed to login user: "'. $user. '"".  Reason: '. $exception->getMessage());
    }
}

But when the page runs I get:

Authentication Failure Handler did not return a Response.

  • 写回答

1条回答 默认 最新

  • dongpenggan6812 2018-10-09 19:41
    关注

    You should just redirect to login page since this is the default behaviour. Please modify upon your specific requirements if any.

    use Symfony\Component\HttpFoundation\RedirectResponse;
    use Symfony\Component\HttpFoundation\Session\Flash\FlashBagInterface;
    ...
    
    private $flashBag;
    private $logger;
    private $security;
    
    public function __construct(TokenStorageInterface $security, LoggerInterface $logger, FlashBagInterface $flashBag)
    {
        $this->logger = $logger;
        $this->security = $security;
        $this->flashBag = $flashBag;
    }
    
    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
    {
        $user = $exception->getToken()->getUser();
    
        $this->logger->notice('Failed to login user: "'. $user. '"".  Reason: '. $exception->getMessage());
    
        $this->flashBag()->add('notice', 'Failed to login.');
    
        return new RedirectResponse('/login');
    }
    

    EDIT: Added flash message

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 怎么制作一个人脸识别门禁系统
  • ¥20 大华dss监控平台网络关闭登不进去
  • ¥15 请使用蚁群算法解决下列问题,并给出我完整的代码
  • ¥20 关于php录入完成后,批量更新数据库
  • ¥15 请教往复密封润滑问题
  • ¥15 cocos creator发布ios包
  • ¥15 comsol压电材料数据
  • ¥35 用python实现除法算法中goldschmidt算法
  • ¥15 汇编代码转换成C代码
  • ¥15 除法算法中的归一化具体是怎么变的?