/** * * TODO: Add Recaptcha, but first: * * add recaptcha config to newscoop preferences not in recaptcha plugin config * * remove old recaptcha libraries * * reenable failed logins counter here Newscoop\NewscoopBundle\Security\Http\Authentication\AuthenticationFailedHandler * * clean code * * {@inheritdoc} */ protected function attemptAuthentication(Request $request) { if ($request->request->has('captcha_code', $request->query->has('captcha_code')) && \LoginAttempts::MaxLoginAttemptsExceeded()) { if (false) { throw new AuthenticationException($translator->trans("CAPTCHA code is not valid. Please try again.", array(), 'home')); } } return parent::attemptAuthentication($request); }
protected function attemptAuthentication(Request $request) { // check for a valid captcha here // I am using the GregwarCaptchaBundle // only shown when throttling in my case $captcha = $request->request->get('login[recaptcha]', null, true); if (null !== $captcha) { $check = $request->getSession()->get('gcb_recaptcha'); if ($captcha !== $check['phrase']) { throw new BadCredentialsException('Captcha is invalid'); } } return parent::attemptAuthentication($request); }
/** * @dataProvider getUsernameForLength */ public function testHandleWhenUsernameLength($username, $ok) { $request = Request::create('/login_check', 'POST', array('_username' => $username)); $request->setSession($this->getMockBuilder('Symfony\\Component\\HttpFoundation\\Session\\SessionInterface')->getMock()); $httpUtils = $this->getMockBuilder('Symfony\\Component\\Security\\Http\\HttpUtils')->getMock(); $httpUtils->expects($this->any())->method('checkRequestPath')->will($this->returnValue(true)); $failureHandler = $this->getMockBuilder('Symfony\\Component\\Security\\Http\\Authentication\\AuthenticationFailureHandlerInterface')->getMock(); $failureHandler->expects($ok ? $this->never() : $this->once())->method('onAuthenticationFailure')->will($this->returnValue(new Response())); $authenticationManager = $this->getMockBuilder('Symfony\\Component\\Security\\Core\\Authentication\\AuthenticationProviderManager')->disableOriginalConstructor()->getMock(); $authenticationManager->expects($ok ? $this->once() : $this->never())->method('authenticate')->will($this->returnValue(new Response())); $listener = new UsernamePasswordFormAuthenticationListener($this->getMockBuilder('Symfony\\Component\\Security\\Core\\Authentication\\Token\\Storage\\TokenStorageInterface')->getMock(), $authenticationManager, $this->getMockBuilder('Symfony\\Component\\Security\\Http\\Session\\SessionAuthenticationStrategyInterface')->getMock(), $httpUtils, 'TheProviderKey', $this->getMockBuilder('Symfony\\Component\\Security\\Http\\Authentication\\AuthenticationSuccessHandlerInterface')->getMock(), $failureHandler, array('require_previous_session' => false)); $event = $this->getMockBuilder('Symfony\\Component\\HttpKernel\\Event\\GetResponseEvent')->disableOriginalConstructor()->getMock(); $event->expects($this->any())->method('getRequest')->will($this->returnValue($request)); $listener->handle($event); }
protected function attemptAuthentication(Request $request) { $options = $this->getFilter($request); $accessSession = $this->registerAttempt($request); $request->getSession()->set(Security::LAST_USERNAME, $options['username']); $formType = 'LoginCidadao\\CoreBundle\\Form\\Type\\LoginFormType'; $check_captcha = $accessSession->getVal() >= $this->bruteForceThreshold; $form = $this->formFactory->create($formType, null, compact('check_captcha')); $form->handleRequest($request); if (!$form->isValid()) { $translator = $this->translator; foreach ($form->getErrors() as $error) { if ($error->getOrigin()->getName() === 'recaptcha') { throw new RecaptchaException($error->getMessage()); } throw new BadCredentialsException($translator->trans($error->getMessage())); } throw new BadCredentialsException(); } return parent::attemptAuthentication($request); }
/** * {@inheritdoc} * @SuppressWarnings(PHPMD.ExcessiveParameterList) */ public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = array(), LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfProviderInterface $csrfProvider = null) { parent::__construct($securityContext, $authenticationManager, $sessionStrategy, $httpUtils, $providerKey, $successHandler, $failureHandler, $options, $logger, $dispatcher, $csrfProvider); $this->csrfProvider = $csrfProvider; }