minor #7620 Add the _failure_path hidden field in template (damienalexandre, javiereguiluz)

xabbuh · xabbuh · commit 4de859970dd7 · 2017-04-15T14:20:05.000+02:00
This PR was merged into the 2.7 branch. Discussion ---------- Add the `_failure_path` hidden field in template Today I learnt about this [feature](symfony/symfony@d0057d0) so I guess it was time to document it. Basically, what we can do with the `_target_path` form field is also possible for failure via the `_failure_path` field. It's very useful when you want multiple login forms for the same firewall (a general login, and a login during e-commerce checkout for example). I also moved the sections to me more logic, as the last section was about **Redirecting on Login Failure** via the option - because it was not explained yet in the page. This section is now just before the updated **Control the Redirect URL from inside the Form**. Commits ------- a865da1 Use different values for target_path_parameter and failure_path_parameter 1fc80af Minor rewords 93cf9bd Add the `_failure_path` hidden field in template
diff --git a/security/form_login.rst b/security/form_login.rst
@@ -218,57 +218,12 @@ this by setting ``use_referer`` to true (it defaults to false):
             ),
         ));
 
-Control the Redirect URL from inside the Form
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-You can also override where the user is redirected to via the form itself by
-including a hidden field with the name ``_target_path``. For example, to
-redirect to the URL defined by some ``account`` route, use the following:
-
-.. configuration-block::
-
-    .. code-block:: html+twig
-
-        {# src/AppBundle/Resources/views/Security/login.html.twig #}
-        {% if error %}
-            <div>{{ error.message }}</div>
-        {% endif %}
-
-        <form action="{{ path('login') }}" method="post">
-            <label for="username">Username:</label>
-            <input type="text" id="username" name="_username" value="{{ last_username }}" />
-
-            <label for="password">Password:</label>
-            <input type="password" id="password" name="_password" />
-
-            <input type="hidden" name="_target_path" value="account" />
-
-            <input type="submit" name="login" />
-        </form>
-
-    .. code-block:: html+php
-
-        <!-- src/AppBundle/Resources/views/Security/login.html.php -->
-        <?php if ($error): ?>
-            <div><?php echo $error->getMessage() ?></div>
-        <?php endif ?>
-
-        <form action="<?php echo $view['router']->generate('login') ?>" method="post">
-            <label for="username">Username:</label>
-            <input type="text" id="username" name="_username" value="<?php echo $last_username ?>" />
-
-            <label for="password">Password:</label>
-            <input type="password" id="password" name="_password" />
-
-            <input type="hidden" name="_target_path" value="account" />
-
-            <input type="submit" name="login" />
-        </form>
+Redirecting on Login Failure
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Now, the user will be redirected to the value of the hidden form field. The
-value attribute can be a relative path, absolute URL, or a route name. You
-can even change the name of the hidden form field by changing the ``target_path_parameter``
-option to another value.
+After a failed login (e.g. an invalid username or password was submitted), the
+user is redirected back to the login form itself. Use the ``failure_path``
+option to define the route or URL the user is redirected to:
 
 .. configuration-block::
 
@@ -282,7 +237,8 @@ option to another value.
                 main:
                     # ...
                     form_login:
-                        target_path_parameter: redirect_url
+                        # ...
+                        failure_path: login_failure
 
     .. code-block:: xml
 
@@ -299,7 +255,7 @@ option to another value.
 
                 <firewall name="main">
                     <!-- ... -->
-                    <form-login target-path-parameter="redirect_url" />
+                    <form-login failure-path="login_failure" />
                 </firewall>
             </config>
         </srv:container>
@@ -314,20 +270,66 @@ option to another value.
                 'main' => array(
                     // ...
                     'form_login' => array(
-                        'target_path_parameter' => 'redirect_url',
+                        // ...
+                        'failure_path' => 'login_failure',
                     ),
                 ),
             ),
         ));
 
-Redirecting on Login Failure
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Control the Redirect URL from inside the Form
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-In addition to redirecting the user after a successful login, you can also set
-the URL that the user should be redirected to after a failed login (e.g. an
-invalid username or password was submitted). By default, the user is redirected
-back to the login form itself. You can set this to a different route (e.g.
-``login_failure``) with the following config:
+You can also override where the user is redirected to via the form itself by
+including a hidden field with the name ``_target_path`` for successful logins
+and ``_failure_path`` for login errors:
+
+.. configuration-block::
+
+    .. code-block:: html+twig
+
+        {# src/AppBundle/Resources/views/Security/login.html.twig #}
+        {% if error %}
+            <div>{{ error.message }}</div>
+        {% endif %}
+
+        <form action="{{ path('login') }}" method="post">
+            <label for="username">Username:</label>
+            <input type="text" id="username" name="_username" value="{{ last_username }}" />
+
+            <label for="password">Password:</label>
+            <input type="password" id="password" name="_password" />
+
+            <input type="hidden" name="_target_path" value="account" />
+            <input type="hidden" name="_failure_path" value="login" />
+
+            <input type="submit" name="login" />
+        </form>
+
+    .. code-block:: html+php
+
+        <!-- src/AppBundle/Resources/views/Security/login.html.php -->
+        <?php if ($error): ?>
+            <div><?php echo $error->getMessage() ?></div>
+        <?php endif ?>
+
+        <form action="<?php echo $view['router']->path('login') ?>" method="post">
+            <label for="username">Username:</label>
+            <input type="text" id="username" name="_username" value="<?php echo $last_username ?>" />
+
+            <label for="password">Password:</label>
+            <input type="password" id="password" name="_password" />
+
+            <input type="hidden" name="_target_path" value="account" />
+            <input type="hidden" name="_failure_path" value="login" />
+
+            <input type="submit" name="login" />
+        </form>
+
+Now, the user will be redirected to the value of the hidden form field. The
+value attribute can be a relative path, absolute URL, or a route name. 
+The name of the hidden fields in the login form is also configurable using the
+``target_path_parameter`` and ``failure_path_parameter`` options of the firewall.
 
 .. configuration-block::
 
@@ -341,8 +343,8 @@ back to the login form itself. You can set this to a different route (e.g.
                 main:
                     # ...
                     form_login:
-                        # ...
-                        failure_path: login_failure
+                        target_path_parameter: login_success
+                        failure_path_parameter: login_fail
 
     .. code-block:: xml
 
@@ -359,7 +361,8 @@ back to the login form itself. You can set this to a different route (e.g.
 
                 <firewall name="main">
                     <!-- ... -->
-                    <form-login failure-path="login_failure" />
+                    <form-login target-path-parameter="login_success" />
+                    <form-login failure-path-parameter="login_fail" />
                 </firewall>
             </config>
         </srv:container>
@@ -374,8 +377,8 @@ back to the login form itself. You can set this to a different route (e.g.
                 'main' => array(
                     // ...
                     'form_login' => array(
-                        // ...
-                        'failure_path' => 'login_failure',
+                        'target_path_parameter' => 'login_success',
+                        'failure_path_parameter' => 'login_fail',
                     ),
                 ),
             ),
