Symfony2 FOSUser/SonataBundle invalid CSRF token value

Question

I want to have two different(by different I mean the template) forms that can login my user in different twigs. But I am getting an error from one of my forms... This is what I did step by step:

I have the main login template on the route /login. This login works!.

To make the second form work in /product_frm I did this:

1) Created the route for the second login controller. So now I have two login routes:

login:  
    path: /login
    defaults: { _controller: ApplicationSonataUserBundle:SecurityFOSUser1:login }

loginForm:
    path: /login_frm
    defaults: { _controller: ApplicationSonataUserBundle:LoginFormType:login }

Now this is the controller for the /login_frm which is identical to the /login controller, only the rendered template is different:

<?php
/*
 * This file is part of the Sonata package.
 *
 * (c) Thomas Rabaix <thomas.rabaix@sonata-project.org>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */


namespace Application\Sonata\UserBundle\Controller;

use FOS\UserBundle\Controller\SecurityController;
use Sonata\UserBundle\Model\UserInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;

use Sonata\UserBundle\Controller\SecurityFOSUser1Controller as BaseController;


class LoginFormTypeController extends BaseController
{
    public function loginAction()
    {
        $user = $this->container->get('security.context')->getToken()->getUser();

        if ($user instanceof UserInterface) {
            $this->container->get('session')->getFlashBag()->set('sonata_user_error', 'sonata_user_already_authenticated');
            $url = $this->container->get('router')->generate('sonata_user_profile_show');

            return new RedirectResponse($url);
        }

        return parent::loginAction();
    }
    public function renderLogin(array $data)
    {
        $template = sprintf('MpShopBundle:Form:login_form2.html.%s', $this->container->getParameter('fos_user.template.engine'));

        return $this->container->get('templating')->renderResponse($template, $data);
    }

}

Finally, I made the template that loads the form:

{% block fos_user_content %}

    <div class="span9">
        <div class="well">
            {% block sonata_user_login %}
                <div class="panel panel-info">

                <div class="panel-heading">
                    <h2 class="panel-title">{{ 'title_user_authentication'|trans({}, 'SonataUserBundle') }}</h2>
                </div>

                <div class="panel-body">

                    {% block sonata_user_login_error %}
                        {% if error %}
                            <div class="alert alert-danger alert-error">{{ error|trans({}, 'FOSUserBundle') }}</div>
                        {% endif %}
                    {% endblock %}

                    {% block sonata_user_login_form %}
                        <form action="{{ path("fos_user_security_check") }}" method="post" role="form"
                              class="form-horizontal">
                            <input type="hidden" name="_csrf_token" value="{{ csrf_token }}"/>

                            <div class="control-group">
                                <label class="control-label control-label required" for="username"
                                       class="col-sm-4 control-label">{{ 'security.login.username'|trans({}, 'SonataUserBundle') }}</label>

                                <div class="controls">

                                <input type="text" class="form-control" id="username" name="_username" value="{{ last_username }}" required="required"/></div>
                            </div>


                            <div class="form-group control-group">
                                <label class="control-label control-label required" for="password"
                                       class="col-sm-4 control-label">{{ 'security.login.password'|trans({}, 'SonataUserBundle') }}</label>

                                <div class="controls">
                                <input type="password" class="form-control" id="password" name="_password" required="required"/></div>
                            </div>

                            <div class="control-group">
                                <div class="col-sm-offset-4 col-sm-8">
                                    <div class="checkbox control-group">
                                        <label class="checkbox pull-left" for="remember_me">
                                            <input type="checkbox" id="remember_me" name="_remember_me" value="on"/>
                                            {{ 'security.login.remember_me'|trans({}, 'FOSUserBundle') }}
                                        </label>
                                    </div>
                                </div>
                            </div>

                            <div class=" control-group pull-left">
                                <div class="">
                                    <a href="{{ path('forgetpass') }}">{{ 'forgotten_password'|trans({}, 'SonataUserBundle') }}</a>
                                </div>
                            </div>

                            <div class="form-actions">
                                <div class="pull-left">
                                    <input type="submit" id="_submit" name="_submit" class="btn btn-primary pull-right"
                                           value="{{ 'security.login.submit'|trans({}, 'FOSUserBundle') }}"/>
                                </div>
                            </div>
                        </form>
                    {% endblock %}
                </div>
            </div>
            {% endblock %}
        </div>
       </div>

{% endblock fos_user_content %}

The full ERROR: If I try to login in /login_frm I get the Invalid CSRF token. error. If I login from /login it works fine. Why is that? Cant I have two forms to login?

possible duplicate of [The CSRF token is invalid. Please try to resubmit the form](http://stackoverflow.com/questions/23455780/the-csrf-token-is-invalid-please-try-to-resubmit-the-form) — Michael Sivolobov, May 22 '15 at 11:59

score 0 · Answer 1 · answered May 22 '15 at 11:57

0

Because in standard form you have CSRF token and in your custom form you haven't.

You should add {{ form_widget(form._token) }} inside the form block of your HTML in twig.

answered May 22 '15 at 11:57

Michael Sivolobov

12,388
3
43
64

he has "" which is fine for fosuser – Koalabaerchen May 22 '15 at 12:00
input with the name `_csrf_token` but what about form name? Try my solution. I think it will generate input with another name. – Michael Sivolobov May 22 '15 at 12:57

Symfony2 FOSUser/SonataBundle invalid CSRF token value

1 Answers1