From 93cf9bdedc96fb0228785149860905f7569ad6b6 Mon Sep 17 00:00:00 2001 From: Damien Alexandre Date: Mon, 13 Mar 2017 17:57:55 +0100 Subject: [PATCH 1/3] Add the `_failure_path` hidden field in template --- security/form_login.rst | 137 +++++++++++++++++++++------------------- 1 file changed, 72 insertions(+), 65 deletions(-) diff --git a/security/form_login.rst b/security/form_login.rst index 38ec7ed182d..b937429194a 100644 --- a/security/form_login.rst +++ b/security/form_login.rst @@ -218,57 +218,14 @@ this by setting ``use_referer`` to true (it defaults to false): ), )); -Control the Redirect URL from inside the Form -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -You can also override where the user is redirected to via the form itself by -including a hidden field with the name ``_target_path``. For example, to -redirect to the URL defined by some ``account`` route, use the following: - -.. configuration-block:: - - .. code-block:: html+twig - - {# src/AppBundle/Resources/views/Security/login.html.twig #} - {% if error %} -
{{ error.message }}
- {% endif %} - -
- - - - - - - - - -
- - .. code-block:: html+php - - - -
getMessage() ?>
- - -
- - - - - - - - - -
+Redirecting on Login Failure +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Now, the user will be redirected to the value of the hidden form field. The -value attribute can be a relative path, absolute URL, or a route name. You -can even change the name of the hidden form field by changing the ``target_path_parameter`` -option to another value. +In addition to redirecting the user after a successful login, you can also set +the URL that the user should be redirected to after a failed login (e.g. an +invalid username or password was submitted). By default, the user is redirected +back to the login form itself. You can set this to a different route (e.g. +``login_failure``) with the following config: .. configuration-block:: @@ -282,7 +239,8 @@ option to another value. main: # ... form_login: - target_path_parameter: redirect_url + # ... + failure_path: login_failure .. code-block:: xml @@ -299,7 +257,7 @@ option to another value. - + @@ -314,20 +272,68 @@ option to another value. 'main' => array( // ... 'form_login' => array( - 'target_path_parameter' => 'redirect_url', + // ... + 'failure_path' => 'login_failure', ), ), ), )); -Redirecting on Login Failure -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Control the Redirect URL from inside the Form +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -In addition to redirecting the user after a successful login, you can also set -the URL that the user should be redirected to after a failed login (e.g. an -invalid username or password was submitted). By default, the user is redirected -back to the login form itself. You can set this to a different route (e.g. -``login_failure``) with the following config: +You can also override where the user is redirected to via the form itself by +including a hidden field with the name ``_target_path`` for success and +``_failure_path`` for failure. For example, to redirect to the URL defined +by some ``account`` route, use the following: + +.. configuration-block:: + + .. code-block:: html+twig + + {# src/AppBundle/Resources/views/Security/login.html.twig #} + {% if error %} +
{{ error.message }}
+ {% endif %} + +
+ + + + + + + + + + +
+ + .. code-block:: html+php + + + +
getMessage() ?>
+ + +
+ + + + + + + + + + +
+ +Now, the user will be redirected to the value of the hidden form field. The +value attribute can be a relative path, absolute URL, or a route name. +You can even change the name of the hidden form field by changing the +``target_path_parameter`` and ``failure_path_parameter`` options to another +value. .. configuration-block:: @@ -341,8 +347,8 @@ back to the login form itself. You can set this to a different route (e.g. main: # ... form_login: - # ... - failure_path: login_failure + target_path_parameter: redirect_url + failure_path_parameter: redirect_url .. code-block:: xml @@ -359,7 +365,8 @@ back to the login form itself. You can set this to a different route (e.g. - + + @@ -374,8 +381,8 @@ back to the login form itself. You can set this to a different route (e.g. 'main' => array( // ... 'form_login' => array( - // ... - 'failure_path' => 'login_failure', + 'target_path_parameter' => 'redirect_url', + 'failure_path_parameter' => 'redirect_url', ), ), ), From 1fc80af9c9fd41ca9c76d1931503ca5c3fb99a88 Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Tue, 14 Mar 2017 08:41:53 +0100 Subject: [PATCH 2/3] Minor rewords --- security/form_login.rst | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/security/form_login.rst b/security/form_login.rst index b937429194a..9e70e0715f9 100644 --- a/security/form_login.rst +++ b/security/form_login.rst @@ -221,11 +221,9 @@ this by setting ``use_referer`` to true (it defaults to false): Redirecting on Login Failure ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -In addition to redirecting the user after a successful login, you can also set -the URL that the user should be redirected to after a failed login (e.g. an -invalid username or password was submitted). By default, the user is redirected -back to the login form itself. You can set this to a different route (e.g. -``login_failure``) with the following config: +After a failed login (e.g. an invalid username or password was submitted), the +user is redirected back to the login form itself. Use the ``failure_path`` +option to define the route or URL the user is redirected to: .. configuration-block:: @@ -283,9 +281,8 @@ Control the Redirect URL from inside the Form ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You can also override where the user is redirected to via the form itself by -including a hidden field with the name ``_target_path`` for success and -``_failure_path`` for failure. For example, to redirect to the URL defined -by some ``account`` route, use the following: +including a hidden field with the name ``_target_path`` for successful logins +and ``_failure_path`` for login errors: .. configuration-block:: @@ -331,9 +328,8 @@ by some ``account`` route, use the following: Now, the user will be redirected to the value of the hidden form field. The value attribute can be a relative path, absolute URL, or a route name. -You can even change the name of the hidden form field by changing the -``target_path_parameter`` and ``failure_path_parameter`` options to another -value. +The name of the hidden fields in the login form is also configurable using the +``target_path_parameter`` and ``failure_path_parameter`` options of the firewall. .. configuration-block:: From a865da17722bea77e6841eb5763c2b3de530d075 Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Tue, 14 Mar 2017 11:07:10 +0100 Subject: [PATCH 3/3] Use different values for target_path_parameter and failure_path_parameter --- security/form_login.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/security/form_login.rst b/security/form_login.rst index 9e70e0715f9..6f6b14e7fc4 100644 --- a/security/form_login.rst +++ b/security/form_login.rst @@ -343,8 +343,8 @@ The name of the hidden fields in the login form is also configurable using the main: # ... form_login: - target_path_parameter: redirect_url - failure_path_parameter: redirect_url + target_path_parameter: login_success + failure_path_parameter: login_fail .. code-block:: xml @@ -361,8 +361,8 @@ The name of the hidden fields in the login form is also configurable using the - - + + @@ -377,8 +377,8 @@ The name of the hidden fields in the login form is also configurable using the 'main' => array( // ... 'form_login' => array( - 'target_path_parameter' => 'redirect_url', - 'failure_path_parameter' => 'redirect_url', + 'target_path_parameter' => 'login_success', + 'failure_path_parameter' => 'login_fail', ), ), ),