3

I have implemented a login form manually in Twig and I am using the default authentication provided by Symfony 3.4 (based on username and password). Users are stored in a database, therefore I have an Entity which extends AdvancedUserInterface. I am using neither FOSUserBundle nor form builder. Just a simple form. It actually works.

The problem is that I want to integrate Google reCAPTCHA in the login process. I know how to check if the captcha is valid and implemented a custom AuthenticationListener (let's call it MyAuthenticationListener).

I know that Symfony uses UsernamePasswordFormAuthenticationListener as its default listener. The problem is that I could not find a way to change the used listener to that I have implemented.

It seems that in Symfony2 it was as easy as adding the following line in the config.yml:

parameters:
   security.authentication.listener.form.class: 
       MyBundle\EventListener\MyAuthenticationListener

However, I cannot find a way for Symfony3. Any suggestions? I also tried to find a specific bundle for Symfony3, but I actually could not find anything that is correctly integrated with Symfony Security, allowing me to use the recaptcha in a login form.

Thank you

user1923631
  • 383
  • 2
  • 5
  • 15

1 Answers1

1

Your question may be answered here:

https://stackoverflow.com/a/50800993/7408561

The solution is based on a custom-listener triggered by SecurityEvents::INTERACTIVE_LOGIN. That event is fired after verification of credentials but before redirecting to default_target_path defined in security.yml. At this position you can verify the request parameter g-recaptcha-response by calling the google recaptcha api with the corresponding secret.

If the verification fails you can throw an exception and you will be redirected to the login page.

Chris P. Bacon
  • 533
  • 2
  • 15