我的问题
我应该返回哪种不会更改默认响应的响应?或者是否有更好的方法将记录器附加到登录失败/badcredentialsexception?
详情
我找到了这篇文章 here其中声明您可以(在 Symfony 2.4 中)像这样自定义身份验证失败或成功:
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
class CustomTimeAuthenticator extends TimeAuthenticator implements AuthenticationFailureHandlerInterface, AuthenticationSuccessHandlerInterface
{
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
error_log('You are out!');
}
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
error_log(sprintf('Yep, you are in "%s"!', $token->getUsername()));
}
}
它还指出
...you can also bypass the default behavior altogether by returning a Response instance:
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
if ($exception->getCode()) {
return new Response('Not the right time to log in, come back later.');
}
}
不幸的是,它似乎出现在 Symfony 4 中 you have to return a Response (与上面的 2.4 代码不同)所以我的代码是:
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Psr\Log\LoggerInterface;
class LoginFailureLogger implements AuthenticationFailureHandlerInterface
{
private $logger;
private $security;
public function __construct(TokenStorageInterface $security, LoggerInterface $logger)
{
$this->logger = $logger;
$this->security = $security;
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
$user = $exception->getToken()->getUser();
$this->logger->notice('Failed to login user: "'. $user. '"". Reason: '. $exception->getMessage());
}
}
但是当页面运行时我得到:
Authentication Failure Handler did not return a Response.
最佳答案
您应该重定向到登录页面,因为这是默认行为。请根据您的具体要求进行修改。
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Session\Flash\FlashBagInterface;
...
private $flashBag;
private $logger;
private $security;
public function __construct(TokenStorageInterface $security, LoggerInterface $logger, FlashBagInterface $flashBag)
{
$this->logger = $logger;
$this->security = $security;
$this->flashBag = $flashBag;
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
$user = $exception->getToken()->getUser();
$this->logger->notice('Failed to login user: "'. $user. '"". Reason: '. $exception->getMessage());
$this->flashBag()->add('notice', 'Failed to login.');
return new RedirectResponse('/login');
}
编辑:添加了即显消息
关于php - 如何在 Symfony 4 中记录登录失败?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52727403/