Symfony2 AJAX Login

Question

I have an example where I am trying to create an AJAX login using Symfony2 and FOSUserBundle. I am setting my own success_handler and failure_handler under form_login in my security.yml file.

Here is the class:

class AjaxAuthenticationListener implements AuthenticationSuccessHandlerInterface, AuthenticationFailureHandlerInterface
{  
    /**
     * This is called when an interactive authentication attempt succeeds. This
     * is called by authentication listeners inheriting from
     * AbstractAuthenticationListener.
     *
     * @see \Symfony\Component\Security\Http\Firewall\AbstractAuthenticationListener
     * @param Request        $request
     * @param TokenInterface $token
     * @return Response the response to return
     */
    public function onAuthenticationSuccess(Request $request, TokenInterface $token)
    {
        if ($request->isXmlHttpRequest()) {
            $result = array('success' => true);
            $response = new Response(json_encode($result));
            $response->headers->set('Content-Type', 'application/json');
            return $response;
        }
    }

    /**
     * This is called when an interactive authentication attempt fails. This is
     * called by authentication listeners inheriting from
     * AbstractAuthenticationListener.
     *
     * @param Request                 $request
     * @param AuthenticationException $exception    
     * @return Response the response to return
     */
    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
    {
        if ($request->isXmlHttpRequest()) {
            $result = array('success' => false, 'message' => $exception->getMessage());
            $response = new Response(json_encode($result));
            $response->headers->set('Content-Type', 'application/json');
            return $response;
        }
    }
}

This works great for handling both successful and failed AJAX login attempts. However, when enabled - I am unable to login via the standard form POST method (non-AJAX). I receive the following error:

Catchable Fatal Error: Argument 1 passed to Symfony\Component\HttpKernel\Event\GetResponseEvent::setResponse() must be an instance of Symfony\Component\HttpFoundation\Response, null given

I'd like for my onAuthenticationSuccess and onAuthenticationFailure overrides to only be executed for XmlHttpRequests (AJAX requests) and to simply hand the execution back to the original handler if not.

Is there a way to do this?

TL;DR I want AJAX requested login attempts to return a JSON response for success and failure but I want it to not affect standard login via form POST.

I have the same exact problem. I have posted a question here: http://stackoverflow.com/questions/8654265/calling-default-handler-from-a-custom-authentication-handler but no answers for now :( — David Morales, Dec 28 '11 at 10:32
There's a great article explaining how to do this here: http://www.webtipblog.com/adding-an-ajax-login-form-to-a-symfony-project/ — joe42, Mar 07 '14 at 12:51

score 50 · Accepted Answer · edited May 23 '17 at 12:02

David's answer is good, but it's lacking a little detail for newbs - so this is to fill in the blanks.

In addition to creating the AuthenticationHandler you'll need to set it up as a service using the service configuration in the bundle where you created the handler. The default bundle generation creates an xml file, but I prefer yml. Here's an example services.yml file:

#src/Vendor/BundleName/Resources/config/services.yml

parameters:
    vendor_security.authentication_handler: Vendor\BundleName\Handler\AuthenticationHandler

services:
    authentication_handler:
        class:  %vendor_security.authentication_handler%
        arguments:  [@router]
        tags:
            - { name: 'monolog.logger', channel: 'security' }

You'd need to modify the DependencyInjection bundle extension to use yml instead of xml like so:

#src/Vendor/BundleName/DependencyInjection/BundleExtension.php

$loader = new Loader\YamlFileLoader($container, new FileLocator(__DIR__.'/../Resources/config'));
$loader->load('services.yml');

Then in your app's security configuration you set up the references to the authentication_handler service you just defined:

# app/config/security.yml

security:
    firewalls:
        secured_area:
            pattern:    ^/
            anonymous: ~
            form_login:
                login_path:  /login
                check_path:  /login_check
                success_handler: authentication_handler
                failure_handler: authentication_handler

There's a typo in the services.yml configuration. A comma (,) is required before channel. - { name: 'monolog.logger', channel: 'security' } — Victor Henriquez, Jun 07 '13 at 08:06
Thanks this did help to fill in the gaps from Davids Answer! — Shawn Northrop, Jun 20 '13 at 19:30

David Morales · Answer 2 · 2013-08-28T09:23:23.477

namespace YourVendor\UserBundle\Handler;

use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Bundle\FrameworkBundle\Routing\Router;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;

class AuthenticationHandler
implements AuthenticationSuccessHandlerInterface,
           AuthenticationFailureHandlerInterface
{
    private $router;

    public function __construct(Router $router)
    {
        $this->router = $router;
    }

    public function onAuthenticationSuccess(Request $request, TokenInterface $token)
    {
        if ($request->isXmlHttpRequest()) {
            // Handle XHR here
        } else {
            // If the user tried to access a protected resource and was forces to login
            // redirect him back to that resource
            if ($targetPath = $request->getSession()->get('_security.target_path')) {
                $url = $targetPath;
            } else {
                // Otherwise, redirect him to wherever you want
                $url = $this->router->generate('user_view', array(
                    'nickname' => $token->getUser()->getNickname()
                ));
            }

            return new RedirectResponse($url);
        }
    }

    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
    {
        if ($request->isXmlHttpRequest()) {
            // Handle XHR here
        } else {
            // Create a flash message with the authentication error message
            $request->getSession()->setFlash('error', $exception->getMessage());
            $url = $this->router->generate('user_login');

            return new RedirectResponse($url);
        }
    }
}

This code was answered by @elnur to a similar question that I made. — David Morales, Dec 29 '11 at 15:26
This is a great answer - apologies having not seen your similar question. However, I'm not going to mark it as accepted because I only want to modify the response when the current request is an XMLHttpRequest -- otherwise, I want Symfony to pretend like I never intercepted. — leek, Jan 05 '12 at 09:41
That's the easy part. You just should return a json response with the content you like, and then read it through jquery. I think the most difficult (and sadly undocummented) part is the non-ajax login handler. — David Morales, Jan 05 '12 at 15:54
This is the best answer and with it I was able to accomplish *basically* what I need - so thanks! — leek, Feb 13 '12 at 19:09
Thanks, very helpful ! I would just add I had to redirect to `fos_user_security_login` to make it work. — Bonswouar, Mar 03 '14 at 10:37
To handle the ajax/non-ajax login for the view : http://richardmiller.co.uk/2013/02/18/symfony2-ajax-and-full-page-templates/ — Laurent W., Sep 10 '14 at 12:16

score 4 · Answer 3 · edited Feb 06 '13 at 22:35

4

If you want the FOS UserBundle form error support, you must use:

$request->getSession()->set(SecurityContext::AUTHENTICATION_ERROR, $exception);

instead of:

$request->getSession()->setFlash('error', $exception->getMessage());

In the first answer.

(of course remember about the header: use Symfony\Component\Security\Core\SecurityContext;)

edited Feb 06 '13 at 22:35

John Dvorak

26,799
13
69
83

answered Feb 06 '13 at 22:17

user2048716

41
1

stoefln · Answer 4 · 2012-02-23T14:14:13.167

I handled this entirely with javascript:

if($('a.login').length > 0) { // if login button shows up (only if logged out)
        var formDialog = new MyAppLib.AjaxFormDialog({ // create a new ajax dialog, which loads the loginpage
            title: 'Login',
            url: $('a.login').attr('href'),
            formId: '#login-form',
            successCallback: function(nullvalue, dialog) { // when the ajax request is finished, look for a login error. if no error shows up -> reload the current page
                if(dialog.find('.error').length == 0) {
                    $('.ui-dialog-content').slideUp();
                    window.location.reload();
                }
            }
        });

        $('a.login').click(function(){
            formDialog.show();
            return false;
        });
    }

Here is the AjaxFormDialog class. Unfortunately I have not ported it to a jQuery plugin by now... https://gist.github.com/1601803

Good idea, even if it's dirty (the accepted answer is the best way to handle this), it helps out. — Laurent W., Sep 10 '14 at 12:14

score 2 · Answer 5 · answered Dec 23 '11 at 06:05

2

You must return a Response object in both case (Ajax or not). Add an `else' and you're good to go.

The default implementation is:

$response = $this->httpUtils->createRedirectResponse($request, $this->determineTargetUrl($request));

in AbstractAuthenticationListener::onSuccess

answered Dec 23 '11 at 06:05

DaveT

21
1

The problem with this is that I don't have any access to the instance of `$this->httpUtils`. Also, I just want to pass execution back to `AbstractAuthenticationListener` - I don't want to copy and paste the code from it into my handlers. – leek Dec 23 '11 at 17:49
I hoped you could find a good way to do it as I'm stuck exactly like you with this ;-) – DaveT Dec 25 '11 at 03:49

score 1 · Answer 6 · answered Feb 28 '13 at 21:00

I made a little bundle for new users to provide an AJAX login form : https://github.com/Divi/AjaxLoginBundle

You just have to replace to form_login authentication by ajax_form_login in the security.yml.

Feel free to suggest new feature in the Github issue tracker !

score 0 · Answer 7 · edited May 23 '17 at 12:02

This may not be what the OP asked, but I came across this question, and thought others might have the same problem that I did.

For those who are implementing an AJAX login using the method that is described in the accepted answer and who are ALSO using AngularJS to perform the AJAX request, this won't work by default. Angular's $http does not set the headers that Symfony is using when calling the $request->isXmlHttpRequest() method. In order to use this method, you need to set the appropriate header in the Angular request. This is what I did to get around the problem:

$http({
    method  : 'POST',
    url     : {{ path('login_check') }},
    data    : data,
    headers: {'X-Requested-With': 'XMLHttpRequest'}
})

Before you use this method, be aware that this header does not work well with CORS. See this question

Symfony2 AJAX Login

7 Answers7

Linked

Related