I'm developing my own authentication function, but I'm not using the CSRF verification part, and I would do it (FOSUserBundle is installed and configured).
Here is my PHP controller :
public function checkLoginAjaxAction() {
$request = $this->get('request');
$success = false;
$responseCode = 300;
if ($request->isMethod('POST') && $request->isXmlHttpRequest()) {
$user = $this->get('fos_user.user_manager')->findUserBy(array('username' => $request->request->get('_username')));
if ($user) {
$encoderManager = $this->get('security.encoder_factory');
$encoder = $encoderManager->getEncoder($user);
$encodedPass = $encoder->encodePassword($request->request->get('_password'), $user->getSalt());
$token = $request->request->get('_csrf_token');
$res = $this->get('security.csrf.token_manager')->isTokenValid(new CsrfToken('calendar-connection-form', $token));
dump($res); // always return false...
if ($user->getPassword() === $encodedPass /* && $res*/) { // but $res is false everytime
$responseCode = 200;
$success = true;
} else {
$responseCode = 400;
}
}
}
$return = json_encode(array('responseCode' => $responseCode, 'success' => $success));
return new Response($return, 200, array('Content-Type'=>'application/json'));
}
In my twig :
<input type="hidden" name="_csrf_token" value="{{ csrf_token('calendar-connection-form') }}" />
So, how can I implement the CSRF token in my authentication ?
By the way, if you see some improvement, tell me (I didn't do the connection part, just the verification, for the moment).
Thanks
