Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UserChecker Exception Messages are lost. It is only "bad credentials" when there is any issue with credentials #588

Closed
EresDev opened this issue Nov 20, 2018 · 1 comment · Fixed by #650
Closed

UserChecker Exception Messages are lost. It is only "bad credentials" when there is any issue with credentials #588

EresDev opened this issue Nov 20, 2018 · 1 comment · Fixed by #650
Labels
Bug Needs Review

Comments

@EresDev
Copy link

EresDev commented Nov 20, 2018
edited
Loading

I've written a UserChecker to check for active user, and deleted account. If any of these issues happen, a CustomUserMessageAuthenticationException is thrown. With that there is specific message related to the issue. But extension always give a message of "Bad Credentials" when these exceptions are thrown. I need these detail messages to be in response. Please help.

/**
 * Class UserChecker
 * @package App\Security
 *
 * Validate username/email before authentication
 * Also make sure that the user is not deleted or inactive
 */
class UserChecker implements UserCheckerInterface
{
    /**
     * @var ValidatorInterface
     */
    private $validator;

    /**
     * UserChecker constructor.
     * @param ValidatorInterface $validator
     */
    public function __construct(ValidatorInterface $validator)
    {
        $this->validator = $validator;
    }

    /**
     * @param UserInterface $user
     */
    public function checkPreAuth(UserInterface $user) : void
    {
        if (!$user instanceof User) {
            return;
        }
        $errors = $this->validator->validate($user);

        if ($errors->count()) {
            /*
             * Uses a __toString method on the $errors variable which is a
             * ConstraintViolationList object. This gives us a nice string
             * for debugging.
             */
            //$errorsString = (string) $errors;

            throw new CustomUserMessageAuthenticationException(
                $errors, [], 1
            );

        }

        // user is deleted, show a generic Account Not Found message.
        if ($user->isDeleted()) {
            //throw new AccountDeletedException('Account Deleted');

            // or to customize the message shown
            throw new CustomUserMessageAuthenticationException(
                'Your account was deleted. Sorry about that!', [],2
            );
        }
        throw new CustomUserMessageAuthenticationException(
            'Your account is not active. Sorry about that!'
        );
        if (!$user->isActive()) {
            //throw new AccountDeletedException('Account Not Active');

            // or to customize the message shown
            throw new CustomUserMessageAuthenticationException(
                'Your account is not active. Sorry about that!'
            );
        }

    }
    /**
     * @param UserInterface $user
     */
    public function checkPostAuth(UserInterface $user) : void
    {
        if (!$user instanceof User) {
            return;
        }

    }
}
dmatora added a commit to dmatora/LexikJWTAuthenticationBundle that referenced this issue Apr 26, 2019
@dmatora
Implemented support for custom UserChecker
2d7a551 
Solves lexik#588
@dmatora dmatora mentioned this issue Apr 26, 2019
Closed
@dmatora
Copy link

dmatora commented May 2, 2019

@EresDev @maximerenou @piperRyan let me know if my fix works for you

@EresDev EresDev mentioned this issue May 2, 2019
Merged
chalasr added a commit that referenced this issue May 5, 2019
@chalasr
bug #650 Fixed AuthenticaionFailureHandler to utilize messages from c…
14262e8 
…ustom exceptions (EresDev)

This PR was squashed before being merged into the 2.x-dev branch (closes #650).

Discussion
----------

Fixed AuthenticaionFailureHandler to utilize messages from custom exceptions

Fixed #588

Commits
-------

9414427 Fixed AuthenticaionFailureHandler to utilize messages from custom exceptions
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Needs Review
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixed AuthenticaionFailureHandler to utilize messages from custom exceptions
3 participants
@dmatora @chalasr @EresDev