[Security] Replace message data in JSON security error response
This commit is contained in:
parent
8fc46dc894
commit
5e5795acd1
@ -126,10 +126,10 @@ class JsonLoginAuthenticator implements InteractiveAuthenticatorInterface
|
||||
public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
|
||||
{
|
||||
if (null === $this->failureHandler) {
|
||||
$errorMessage = $exception->getMessageKey();
|
||||
|
||||
if (null !== $this->translator) {
|
||||
$errorMessage = $this->translator->trans($exception->getMessageKey(), $exception->getMessageData(), 'security');
|
||||
} else {
|
||||
$errorMessage = strtr($exception->getMessageKey(), $exception->getMessageData());
|
||||
}
|
||||
|
||||
return new JsonResponse(['error' => $errorMessage], JsonResponse::HTTP_UNAUTHORIZED);
|
||||
|
@ -147,6 +147,25 @@ class JsonLoginAuthenticatorTest extends TestCase
|
||||
$this->assertSame(['error' => 'foo'], json_decode($response->getContent(), true));
|
||||
}
|
||||
|
||||
public function testOnFailureReplacesMessageDataWithoutTranslator()
|
||||
{
|
||||
$this->setUpAuthenticator();
|
||||
|
||||
$response = $this->authenticator->onAuthenticationFailure(new Request(), new class() extends AuthenticationException {
|
||||
public function getMessageData(): array
|
||||
{
|
||||
return ['%failed_attempts%' => 3];
|
||||
}
|
||||
|
||||
public function getMessageKey(): string
|
||||
{
|
||||
return 'Session locked after %failed_attempts% failed attempts.';
|
||||
}
|
||||
});
|
||||
|
||||
$this->assertSame(['error' => 'Session locked after 3 failed attempts.'], json_decode($response->getContent(), true));
|
||||
}
|
||||
|
||||
private function setUpAuthenticator(array $options = [])
|
||||
{
|
||||
$this->authenticator = new JsonLoginAuthenticator(new HttpUtils(), $this->userProvider, null, null, $options);
|
||||
|
Reference in New Issue
Block a user