1

fellow Symfonians.

I need to integrate my system's login with client's login form, which exists already on their page and was used for their old systems. I use FOSUserBundle with custom view for login form, but unfortunately they want to keep their login form as is ("for reasons"). It's not even on the same server.

Is there a way to pass my CSRF login token to their form (I have the access to their code), or do I have to disable CSRF on my login?

b174008
  • 285
  • 3
  • 13

1 Answers1

1

I'm aware that his is not an answer to your specific question Is there a way to pass my CSRF login token to their form? but rather a different way of achieving a login from an external form.

You can login programmatically: How to programmatically login/authenticate a user?

The answer uses a "register" action, but it's similar for you. The important part is this: 

$token = new UsernamePasswordToken($user, $password, "public", $user->getRoles());
$this->get("security.token_storage")->setToken($token);

$event = new InteractiveLoginEvent($request, $token);
$this->get("event_dispatcher")->dispatch("security.interactive_login", $event);

which will login the user.

Community
  • 1
  • 1
Daniele D
  • 838
  • 1
  • 8
  • 21
  • So basically I would have to create separate controller action for that external form, which would at first validate the user/pass data and then dispatch login event? I'm not sure it's perfect for my strange case (I've got some on-login redirects to other systems, but fortunately on interactive_login event, so it may work), but I will check it, it may be the solution, thanks. – b174008 Aug 10 '16 at 08:37