mysql - How to use recaptcha in login page of FOSUserBundle -
i m working on symfony 2.2 project in m using "fosuserbundle" security works . m using "ewzrecaptchabundle" working fine . problem want use recaptcha in login page of fosuserbundle . follow adding captcha symfony2 login page link overriding firewall still after making new form , passing recaptcha not checking recaptcha value .
i have edited code follow :
my listener :
<?php /* * file part of symfony package. * * (c) fabien potencier <fabien@symfony.com> * * full copyright , license information, please view license * file distributed source code. */ namespace webmuch\userbundle\listener; use symfony\component\security\http\firewall\usernamepasswordformauthenticationlistener baselistener; use symfony\component\form\extension\csrf\csrfprovider\csrfproviderinterface; use symfony\component\httpfoundation\request; use psr\log\loggerinterface; /** * canduuserloginformlistener custom implementation of * authentication via simple form composed of username , password. * * @author fabien potencier <fabien@symfony.com> */ class userloginformlistener extends baselistener { private $csrfprovider; /** * {@inheritdoc} */ public function __construct(securitycontextinterface $securitycontext, authenticationmanagerinterface $authenticationmanager,sessionauthenticationstrategyinterface $sessionstrategy, httputils $httputils, $providerkey, authenticationsuccesshandlerinterface $successhandler, authenticationfailurehandlerinterface $failurehandler, array $options = array(), loggerinterface $logger = null, eventdispatcherinterface $dispatcher = null, csrfproviderinterface $csrfprovider = null) { parent::__construct($securitycontext, $authenticationmanager, $sessionstrategy, $httputils, $providerkey, $successhandler, $failurehandler, array_merge(array( 'username_parameter' => '_username', 'password_parameter' => '_password', 'csrf_parameter' => '_csrf_token', 'captcha' => 'ewz_recaptcha', 'intention' => 'authenticate', 'post_only' => true, ), $options), $logger, $dispatcher); $this->csrfprovider = $csrfprovider; } /** * {@inheritdoc} */ protected function requiresauthentication(request $request) { if ($this->options['post_only'] && !$request->ismethod('post')) { return false; } return parent::requiresauthentication($request); } /** * {@inheritdoc} */ protected function attemptauthentication(request $request) { if ($this->options['post_only'] && 'post' !== strtolower($request->getmethod())) { if (null !== $this->logger) { $this->logger->debug(sprintf('authentication method not supported: %s.', $request->getmethod())); } return null; } if (null !== $this->csrfprovider) { $csrftoken = $request->get($this->options['csrf_parameter'], null, true); if (false === $this->csrfprovider->iscsrftokenvalid($this->options['intention'],$csrftoken)) { throw new invalidcsrftokenexception('invalid csrf token.'); } } // check here captcha value $usercaptcha = $request->get($this->options['captcha'], null, true); $dummy = $request->getsession()->get('gcb_captcha'); $sessioncaptcha = $dummy['phrase']; // if captcha not correct, throw exception if ($usercaptcha !== $sessioncaptcha) { throw new badcredentialsexception('captcha invalid'); } $username = trim($request->get($this->options['username_parameter'], null, true)); $password = $request->get($this->options['password_parameter'], null, true); $request->getsession()->set(securitycontextinterface::last_username,$username); return $this->authenticationmanager->authenticate(new usernamepasswordtoken($username, $password, $this->providerkey)); } }
while set service in parameters.yml below
parameters: database_driver: pdo_mysql database_host: localhost database_port: null database_name: project database_user: root database_password: root mailer_transport: smtp mailer_host: smtp.gmail.com mailer_auth_mode: login mailer_user: mymail@gmail.com mailer_password: mymailpassword locale: en secret: thistokenisnotsosecretchangeit database_path: null security.authentication.listener.form.class: webmuch\userbundle\listener\userloginformlistener
then after created userformtype below:
<?php /* * file part of fosuserbundle package. * * (c) friendsofsymfony <http://friendsofsymfony.github.com/> * * full copyright , license information, please view license * file distributed source code. */ namespace webmuch\userbundle\form; class newuserloginformtype extends abstracttype { public function buildform(formbuilderinterface $builder, array $options) { $builder ->add('_username', 'email', array('label' => 'form.username', 'translation_domain' => 'fosuserbundle')) // todo: user can login email inhibit user enter username ->add('_password', 'password', array( 'label' => 'form.current_password', 'translation_domain' => 'fosuserbundle', 'mapped' => false,)) ->add('recaptcha', 'ewz_recaptcha', array( 'attr' => array( 'options' => array( 'theme' => 'red' ) ), 'label' => "verification", 'property_path' => false, 'constraints' => array( new true() ), 'label' => "enter words in box.")) ->add('recaptcha_challenge_field', 'hidden', array('property_path' => false)) ->add('recaptcha_response_field', 'hidden', array('property_path' => false)); } public function setdefaultoptions(optionsresolverinterface $resolver) { $resolver->setdefaults(array( 'data_class' => 'webmuch\userbundle\entity\user', 'intention' => 'authenticate', )); } public function getname() { return 'webmuch_user_newloginform'; } }
in security controller:
public function loginaction() { $form = $this->container->get('form.factory')->create(new newuserloginformtype()); $request = $this->container->get('request'); /* @var $request \symfony\component\httpfoundation\request */ $session = $request->getsession(); /* @var $session \symfony\component\httpfoundation\session */ // error if (works forward , redirect -- see below) if ($request->attributes->has(securitycontext::authentication_error)) { $error = $request->attributes- >get(securitycontext::authentication_error); } elseif (null !== $session && $session->has(securitycontext::authentication_error)) { $error = $session->get(securitycontext::authentication_error); $session->remove(securitycontext::authentication_error); } else { $error = ''; } if ($error) { // todo: potential security risk (see http://trac.symfony- project.org/ticket/9523) //$error = $error->getmessage(); $session = $this->container->get('session'); $session->setflash('error','invalid username or password'); return new redirectresponse($this->container->get('router')- >generate('fos_user_security_login')); } // last username entered user $lastusername = (null === $session) ? '' : $session- >get(securitycontext::last_username); $csrftoken = $this->container->get('form.csrf_provider')->generatecsrftoken('authenticate'); return $this->renderlogin(array( `enter code here` 'last_username' => $lastusername, 'error' => $error, 'csrf_token' => $csrftoken, 'form' => $form->createview(), )); }
and login.html.twig:
{% extends "::base1.html.twig" %} {% block userprofile %} {% if error %} <div>{{ error|trans({}, 'fosuserbundle') }}</div> {% endif %} <h2 class="gradwellhead">login here</h2> <div class="row-fluid marginbottom10"> <div class="span6 well"> <form class="form-horizontal" action="{{ path("fos_user_security_check") }}" method="post"> <input type="hidden" name="_csrf_token" value="{{ csrf_token }}" /> <div class="control-group"> <label class="control-label" for="username">{{ 'form.username'|trans({}, 'fosuserbundle') }}</label> <div class="controls"> <input type="text" id="username" name="_username" value="{{ last_username }}" required="required" placeholder="username"/> </div> </div> <div class="control-group"> <label class="control-label" for="password">{{ 'form.password'|trans({}, 'fosuserbundle') }}</label> <div class="controls"> <input type="password" id="password" name="_password" required="required" placeholder="password"/> </div> </div> <div class="control-group"> <label class="control-label" for="recaptcha">recaptcha</label> <div class="controls"> {% form_theme form 'ewzrecaptchabundle:form:ewz_recaptcha_widget.html.twig' %} {{ form_widget(form.recaptcha, { 'attr': {'options' : {'theme' : 'clean',},} }) }} </div> </div> <div class="control-group"> <div class="controls"> <label class="checkbox"> <input type="checkbox" id="remember_me" name="_remember_me" value="on" />remember me? </label> <input class="btn" type="submit" id="_submit" name="_submit" value="{{ 'form.submit'|trans({}, 'fosuserbundle') }}" /> <a href="{{ path('fos_user_resetting_request') }}">forget password ?</a> {{ facebook_login_button({'autologoutlink': true}) }} </div> </div> </form> </div> <div class="span6 well"> <img src="{{asset('img/candu_manifesto_starburst.jpg')}}"> </div> </div> {% endblock %}
if have idea please me .
thanks in advance !
i have solved issue making custom authenticator ..
Comments
Post a Comment