Skip to content

Commit

Permalink
Merge remote-tracking branch 'symfony-se/maker-bundle-userenum' into …
Browse files Browse the repository at this point in the history
…main

* symfony-se/maker-bundle-userenum:
  [MakerBundle] Prevent user enumeration
  • Loading branch information
chalasr committed May 12, 2021
2 parents 060ce03 + 64c284b commit 4f57a44
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
<?= $user_needs_encoder ? "use Symfony\\Component\\Security\\Core\\Encoder\\UserPasswordEncoderInterface;\n" : null ?>
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
Expand Down Expand Up @@ -73,8 +73,7 @@ public function getUser($credentials, UserProviderInterface $userProvider)
\$user = \$userProvider->loadUserByUsername(\$credentials['$username_field']);\n"; ?>

if (!$user) {
// fail authentication with a custom error
throw new CustomUserMessageAuthenticationException('<?= ucfirst($username_field_label) ?> could not be found.');
throw new UsernameNotFoundException('<?= ucfirst($username_field_label) ?> could not be found.');
}

return $user;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
Expand Down Expand Up @@ -70,7 +70,7 @@ public function getUser($credentials, UserProviderInterface $userProvider)
$user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => $credentials['email']]);

if (!$user) {
throw new CustomUserMessageAuthenticationException('Email could not be found.');
throw new UsernameNotFoundException('Email could not be found.');
}

return $user;
Expand Down

0 comments on commit 4f57a44

Please sign in to comment.