Problem with error checking at login time

0

Good evening, I have a problem checking for login errors with symfony 4.

I'm trying to log into the system, but I do not know why form , even being method POST sends GET and because of that I can not check if form has been sent, no information comes , BUT I can log into the system.

If I change in security.yaml the tag of form_login o check_path of login to /login I can do the checks, but I can not login.

Can you help me? Here is my code below:

security.yaml

security:
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
    main:
        entity: { class: App\Entity\User, property: username }

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    main:
        anonymous: true


        # activate different ways to authenticate

        # http_basic: true
        # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate

        form_login:
            login_path: login
            check_path: /login
            default_target_path: admin
            always_use_default_target_path: true

        # https://symfony.com/doc/current/security/form_login_setup.html
        logout:
            path: /logout
            target: /admin/login


# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
    - { path: ^/admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/recoveryPassword, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/forgotPassword, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin, roles: ROLE_ADMIN }

encoders:
    App\Entity\User:
        algorithm: bcrypt
        cost: 12

LoginController.php

<?php
namespace App\Controller;

use App\Entity\User;
use App\Utils\AntiSQL;
use App\Utils\Password;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Annotation\Route;

class LoginController extends Controller
{

    /**
     * @Route("/admin/login", name="login")
     * @Template("login/login.html.twig")
     * @param Request $request
     *
     * @return array
     */
    public function login(Request $request)
    {

        if($request->getMethod() == 'POST'):

            $data = AntiSQL::filterAll($request->request->all());

            $em = $this->getDoctrine()->getManager();
            $user = $em->getRepository(User::class)->findOneByUsername($data['_username']);


            // Verifica se algum campo está em branco
            if(empty($data['_username']) OR empty($data['_password'])):
                return [
                    'mensagem' => [
                        'texto' => 'Usuário ou senha em branco',
                        'icone' => 'fas fa-exclamation-triangle',
                        'class' => 'alert-danger',
                        'alerta' => 'Alerta'
                    ]
                ];
            endif;

            // Verifica se o usuário existe
            if($user->getUsername() == null):
                return [
                    'mensagem' => [
                        'texto' => 'Usuário ou senha inválidos',
                        'icone' => 'fas fa-exclamation-triangle',
                        'class' => 'alert-danger',
                        'alerta' => 'Alerta'
                    ]
                ];
            endif;

            // Verifica se a senha e o token são válidos
            if(Password::verifyPassword($data['_password'], $user->getPassword()) OR $this->isCsrfTokenValid("form_login", $data['_token']) == false ):

            endif;
        endif;

        return [
            'mensagem' => []
        ];
    }

}

login.html.twig

{% extends 'layout/base_login.html.twig' %}

{% block content %}
<form action="{{ path('login') }}" method="POST" class="smart-form client-form">
    <header >
        Acessar Painel de Controle
    </header>
    <fieldset>
        <section>
            <label class="label">Usuário</label>
            <label class="input"><i class="icon-append fa fa-user txt-color-teal"></i>
                <input type="text" name="_username" id="username" autofocus>
                <b class="tooltip tooltip-top-right"><i class="fa fa-user txt-color-teal" ></i> Digite seu Usuário</b></label>
        </section>

        <section>
            <label class="label">Senha</label>
            <label class="input"> <i class="icon-append fa fa-lock txt-color-teal"></i>
                <input type="password" name="_password" id="password">
                <b class="tooltip tooltip-top-right"><i class="fa fa-lock txt-color-teal"></i> Digite sua Senha</b> </label>
            <div class="note">
                <a href="forgotpassword.html" class="txt-color-teal">Esqueceu a Senha?</a>
            </div>
            <input type="hidden" name="_token" value="{{ csrf_token('form_login') }}">
        </section>
    </fieldset>
    <footer>
        <button type="submit" class="btn bg-color-teal txt-color-white">
            Entrar
        </button>
    </footer>
</form>
{% endblock %}
    
asked by anonymous 13.09.2018 / 03:48

0 answers