Good evening, I have a problem checking for login errors with symfony 4.
I'm trying to log into the system, but I do not know why form , even being method POST sends GET and because of that I can not check if form has been sent, no information comes , BUT I can log into the system.
If I change in security.yaml the tag of form_login o check_path of login to /login I can do the checks, but I can not login.
Can you help me? Here is my code below:
security.yaml
security:
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
main:
entity: { class: App\Entity\User, property: username }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: true
# activate different ways to authenticate
# http_basic: true
# https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
form_login:
login_path: login
check_path: /login
default_target_path: admin
always_use_default_target_path: true
# https://symfony.com/doc/current/security/form_login_setup.html
logout:
path: /logout
target: /admin/login
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/recoveryPassword, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/forgotPassword, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_ADMIN }
encoders:
App\Entity\User:
algorithm: bcrypt
cost: 12
LoginController.php
<?php
namespace App\Controller;
use App\Entity\User;
use App\Utils\AntiSQL;
use App\Utils\Password;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Annotation\Route;
class LoginController extends Controller
{
/**
* @Route("/admin/login", name="login")
* @Template("login/login.html.twig")
* @param Request $request
*
* @return array
*/
public function login(Request $request)
{
if($request->getMethod() == 'POST'):
$data = AntiSQL::filterAll($request->request->all());
$em = $this->getDoctrine()->getManager();
$user = $em->getRepository(User::class)->findOneByUsername($data['_username']);
// Verifica se algum campo está em branco
if(empty($data['_username']) OR empty($data['_password'])):
return [
'mensagem' => [
'texto' => 'Usuário ou senha em branco',
'icone' => 'fas fa-exclamation-triangle',
'class' => 'alert-danger',
'alerta' => 'Alerta'
]
];
endif;
// Verifica se o usuário existe
if($user->getUsername() == null):
return [
'mensagem' => [
'texto' => 'Usuário ou senha inválidos',
'icone' => 'fas fa-exclamation-triangle',
'class' => 'alert-danger',
'alerta' => 'Alerta'
]
];
endif;
// Verifica se a senha e o token são válidos
if(Password::verifyPassword($data['_password'], $user->getPassword()) OR $this->isCsrfTokenValid("form_login", $data['_token']) == false ):
endif;
endif;
return [
'mensagem' => []
];
}
}
login.html.twig
{% extends 'layout/base_login.html.twig' %}
{% block content %}
<form action="{{ path('login') }}" method="POST" class="smart-form client-form">
<header >
Acessar Painel de Controle
</header>
<fieldset>
<section>
<label class="label">Usuário</label>
<label class="input"><i class="icon-append fa fa-user txt-color-teal"></i>
<input type="text" name="_username" id="username" autofocus>
<b class="tooltip tooltip-top-right"><i class="fa fa-user txt-color-teal" ></i> Digite seu Usuário</b></label>
</section>
<section>
<label class="label">Senha</label>
<label class="input"> <i class="icon-append fa fa-lock txt-color-teal"></i>
<input type="password" name="_password" id="password">
<b class="tooltip tooltip-top-right"><i class="fa fa-lock txt-color-teal"></i> Digite sua Senha</b> </label>
<div class="note">
<a href="forgotpassword.html" class="txt-color-teal">Esqueceu a Senha?</a>
</div>
<input type="hidden" name="_token" value="{{ csrf_token('form_login') }}">
</section>
</fieldset>
<footer>
<button type="submit" class="btn bg-color-teal txt-color-white">
Entrar
</button>
</footer>
</form>
{% endblock %}