Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security] On Authentication failure, replace MessageData #840

Merged
merged 1 commit into from
Feb 17, 2021

Conversation

mpiot
Copy link
Contributor

@mpiot mpiot commented Feb 15, 2021

When Authentication fail, the returned message contains: %var% that is not replaced.
Eg with login_throttling:

"Too many failed login attempts, please try again in %minutes% minute."
no replace %minutes%

In symfony they use the translator or the strtr() function if the translator is not used, in the case of an API login, I'm not sure the Translation is needed, then I directly use the strtr() function.

@chalasr chalasr changed the base branch from master to 2.x February 17, 2021 21:38
@chalasr chalasr force-pushed the authentication-failure-message branch from cead9c6 to 0ae3781 Compare February 17, 2021 21:38
@chalasr
Copy link
Collaborator

chalasr commented Feb 17, 2021

Thank you @mpiot.

@chalasr chalasr merged commit 1cdcc65 into lexik:2.x Feb 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants