Skip to content

Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler::onAuthenticationFailure should could return null #59801

New issue
New issue
Open
Open
Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler::onAuthenticationFailure should could return null#59801
Labels
FeatureSecurity
@yedprior

Description

@yedprior
yedprior
opened on Feb 18, 2025

Description

Hello,
If Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler::onAuthenticationFailure could return null,
(Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface)

custom AuthenticationSuccessHandler::onAuthenticationFailure could be used for simply manage the authenticator chain when we want to go next authenticator if first failed.

No need to write a listener for LoginFailureEvent in
Symfony\Component\Security\Http\Authentication\AuthenticatorManager::handleAuthenticationFailure

private function handleAuthenticationFailure(AuthenticationException $authenticationException, Request $request, AuthenticatorInterface $authenticator, ?Passport $passport): ?Response
    {
        $this->logger?->info('Authenticator failed.', ['exception' => $authenticationException, 'authenticator' => ($authenticator instanceof TraceableAuthenticator ? $authenticator->getAuthenticator() : $authenticator)::class]);


        if ($this->hideUserNotFoundExceptions && ($authenticationException instanceof UserNotFoundException || ($authenticationException instanceof AccountStatusException && !$authenticationException instanceof CustomUserMessageAccountStatusException))) {
            $authenticationException = new BadCredentialsException('Bad credentials.', 0, $authenticationException);
        }

        $response = $authenticator->onAuthenticationFailure($request, $authenticationException);
        dump('onAuthenticationFailure',$response);
        if (null !== $response && null !== $this->logger) {
            $this->logger->debug('The "{authenticator}" authenticator set the failure response.', ['authenticator' => ($authenticator instanceof TraceableAuthenticator ? $authenticator->getAuthenticator() : $authenticator)::class]);
        }

        $this->eventDispatcher->dispatch($loginFailureEvent = new LoginFailureEvent($authenticationException, $authenticator, $request, $response, $this->firewallName, $passport));

        // returning null is ok, it means they want the request to continue
        return $loginFailureEvent->getResponse();
    }

Bye

Example

class AuthenticationFailureHandler extends DefaultAuthenticationFailureHandler
{
  
    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
    {   return null;

    }

}

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    FeatureSecurity

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions