refactor: use flash message for error message if login is not successful

thorsten · thorsten · commit 6bf445aba0f7 · 2026-01-01T19:31:56.000+01:00
diff --git a/phpmyfaq/assets/templates/default/login.twig b/phpmyfaq/assets/templates/default/login.twig
@@ -8,7 +8,9 @@
   </p>
   {% endif %}
 
-  {{ loginMessage | raw }}
+  {% if errorMessage %}
+    <div class="alert alert-danger" role="alert">{{ errorMessage }}</div>
+  {% endif %}
 
   <div id="phpmyfaq-login" class="mb-5">
     <div id="phpmyfaq-login-content">
diff --git a/phpmyfaq/index.php b/phpmyfaq/index.php
@@ -44,7 +44,7 @@
 use phpMyFAQ\User\CurrentUser;
 use phpMyFAQ\User\TwoFactor;
 use phpMyFAQ\User\UserAuthentication;
-use phpMyFAQ\User\UserSession;
+use phpMyFAQ\User\UserException;use phpMyFAQ\User\UserSession;
 use Symfony\Component\Config\FileLocator;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Loader\PhpFileLoader;
@@ -235,10 +235,11 @@
     try {
         $user = $userAuth->authenticate($faqusername, $faqpassword);
         $userId = $user->getUserId();
-    } catch (Exception $e) {
+    } catch (UserException $e) {
         $faqConfig->getLogger()->error('Failed login: ' . $e->getMessage());
-        $action = 'login';
-        $error = $e->getMessage();
+        $container->get('session')->getFlashBag()->add('error', $e->getMessage());
+        $redirect = new RedirectResponse($faqConfig->getDefaultUrl() . 'login');
+        $redirect->send();
     }
 } else {
     // Try to authenticate with cookie information
diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Frontend/LoginController.php b/phpmyfaq/src/phpMyFAQ/Controller/Frontend/LoginController.php
@@ -37,25 +37,17 @@ public function index(Request $request): Response
         $faqSession->setCurrentUser($this->currentUser);
         $faqSession->userTracking('login', 0);
 
-        // @todo Implement login message and action handling
-        // $loginMessage = '';
-        // if (!is_null($error)) {
-        //     $loginMessage = '<div class="alert alert-danger" role="alert">' . $error . '</div>';
-        // }
-        //
-        // $templateFile = './login.twig';
-        // if ($action == 'twofactor') {
-        //     $templateFile = './twofactor.twig';
-        // }
+        $session = $this->container->get('session');
+        $errorMessages = $session->getFlashBag()->get('error');
+        $errorMessage = !empty($errorMessages) ? $errorMessages[0] : null;
 
         return $this->render('login.twig', [
             ...$this->getHeader($request),
             'title' => sprintf('%s - %s', Translation::get(key: 'msgLoginUser'), $this->configuration->getTitle()),
             'loginHeader' => Translation::get(key: 'msgLoginUser'),
             'sendPassword' => Translation::get(key: 'lostPassword'),
-            'loginMessage' => '', //$loginMessage,
+            'errorMessage' => $errorMessage,
             'writeLoginPath' => $this->configuration->getDefaultUrl(),
-            'faqloginaction' => '', //$action,
             'login' => Translation::get(key: 'ad_auth_ok'),
             'username' => Translation::get(key: 'ad_auth_user'),
             'password' => Translation::get(key: 'ad_auth_passwd'),
diff --git a/phpmyfaq/src/phpMyFAQ/User.php b/phpmyfaq/src/phpMyFAQ/User.php
@@ -265,7 +265,7 @@ public function getUserByCookie(string $cookie): bool
 
         $user = $this->configuration->getDb()->fetchArray($res);
 
-        // Don't ever log in via anonymous user
+        // Don't ever log in via an anonymous user
         if (-1 === $user['user_id']) {
             return false;
         }
@@ -300,7 +300,7 @@ public function getUserId(): int
     }
 
     /**
-     * Checks if display name is already used. Returns true, if already in use.
+     * Checks if the display name is already used. Returns true, if already in use.
      */
     public function checkDisplayName(string $name): bool
     {
@@ -312,7 +312,7 @@ public function checkDisplayName(string $name): bool
     }
 
     /**
-     * Checks if email address is already used. Returns true, if already in use.
+     * Checks if the email address is already used. Returns true, if already in use.
      */
     public function checkMailAddress(string $name): bool
     {
diff --git a/phpmyfaq/src/phpMyFAQ/User/CurrentUser.php b/phpmyfaq/src/phpMyFAQ/User/CurrentUser.php
@@ -25,6 +25,7 @@
 namespace phpMyFAQ\User;
 
 use phpMyFAQ\Auth\AuthDriverInterface;
+use phpMyFAQ\Auth\AuthException;
 use phpMyFAQ\Configuration;
 use phpMyFAQ\Core\Exception;
 use phpMyFAQ\Database;
@@ -119,7 +120,8 @@ public function __construct(Configuration $configuration)
      *
      * @param string $login Login name
      * @param string $password Password
-     * @throws Exception
+     * @throws UserException
+     * @throws AuthException
      * @throws \Exception
      */
     public function login(string $login, #[SensitiveParameter] string $password): bool
@@ -139,7 +141,7 @@ public function login(string $login, #[SensitiveParameter] string $password): bo
         // First check for brute force attack
         $this->getUserByLogin($login);
         if ($this->isFailedLastLoginAttempt()) {
-            throw new Exception(parent::ERROR_USER_TOO_MANY_FAILED_LOGINS);
+            throw new UserException(parent::ERROR_USER_TOO_MANY_FAILED_LOGINS);
         }
 
         // Extract domain if LDAP is active and ldap_use_domain_prefix is true
@@ -212,11 +214,11 @@ public function login(string $login, #[SensitiveParameter] string $password): bo
             $this->configuration->get(item: 'security.loginWithEmailAddress')
             && !Filter::filterVar($login, FILTER_VALIDATE_EMAIL)
         ) {
-            throw new Exception(parent::ERROR_USER_INCORRECT_LOGIN);
+            throw new UserException(parent::ERROR_USER_INCORRECT_LOGIN);
         }
 
         if (!$this->isFailedLastLoginAttempt()) {
-            throw new Exception(parent::ERROR_USER_INCORRECT_PASSWORD);
+            throw new UserException(parent::ERROR_USER_INCORRECT_PASSWORD);
         }
 
         return false;
diff --git a/phpmyfaq/src/phpMyFAQ/User/UserAuthentication.php b/phpmyfaq/src/phpMyFAQ/User/UserAuthentication.php
@@ -24,6 +24,7 @@
 
 namespace phpMyFAQ\User;
 
+use phpMyFAQ\Auth\AuthException;
 use phpMyFAQ\Auth\AuthLdap;
 use phpMyFAQ\Auth\AuthSso;
 use phpMyFAQ\Configuration;
@@ -65,9 +66,9 @@ public function setTwoFactorAuth(bool $twoFactorAuth): void
 
     /**
      * Authenticates a user with a given username and password against
-     * LDAP, SSO or local database.
+     * LDAP, SSO, or local database.
      *
-     * @throws UserException|Exception
+     * @throws UserException
      */
     public function authenticate(string $username, #[SensitiveParameter] string $password): CurrentUser
     {
@@ -78,20 +79,24 @@ public function authenticate(string $username, #[SensitiveParameter] string $pas
         $this->authenticateLdap();
         $this->authenticateSso();
 
-        if ($this->currentUser->login($username, $password)) {
-            if ($this->currentUser->getUserData('twofactor_enabled')) {
-                $this->setTwoFactorAuth(true);
-                $this->currentUser->setLoggedIn(false);
-            } elseif ($this->currentUser->getStatus() !== 'blocked') {
-                $this->currentUser->setLoggedIn(true);
+        try {
+            if ($this->currentUser->login($username, $password)) {
+                if ($this->currentUser->getUserData('twofactor_enabled')) {
+                    $this->setTwoFactorAuth(true);
+                    $this->currentUser->setLoggedIn(false);
+                } elseif ($this->currentUser->getStatus() !== 'blocked') {
+                    $this->currentUser->setLoggedIn(true);
+                } else {
+                    $this->currentUser->setLoggedIn(false);
+                    throw new UserException(
+                        (Translation::get(key: 'ad_auth_fail') ?? 'Authentication failed') . ' (' . $username . ')',
+                    );
+                }
             } else {
-                $this->currentUser->setLoggedIn(false);
-                throw new UserException(
-                    (Translation::get(key: 'ad_auth_fail') ?? 'Authentication failed') . ' (' . $username . ')',
-                );
+                throw new UserException(Translation::get(key: 'ad_auth_fail') ?? 'Authentication failed');
             }
-        } else {
-            throw new UserException(Translation::get(key: 'ad_auth_fail') ?? 'Authentication failed');
+        } catch (AuthException $e) {
+            throw new UserException($e->getMessage());
         }
 
         return $this->currentUser;

Original file line number	Diff line number	Diff line change
`@@ -265,7 +265,7 @@ public function getUserByCookie(string $cookie): bool`
`265`	`265`
`266`	`266`	`$user = $this->configuration->getDb()->fetchArray($res);`
`267`	`267`
`268`		`- // Don't ever log in via anonymous user`
	`268`	`+ // Don't ever log in via an anonymous user`
`269`	`269`	`if (-1 === $user['user_id']) {`
`270`	`270`	`return false;`
`271`	`271`	`}`
`@@ -300,7 +300,7 @@ public function getUserId(): int`
`300`	`300`	`}`
`301`	`301`
`302`	`302`	`/**`
`303`		`- * Checks if display name is already used. Returns true, if already in use.`
	`303`	`+ * Checks if the display name is already used. Returns true, if already in use.`
`304`	`304`	`*/`
`305`	`305`	`public function checkDisplayName(string $name): bool`
`306`	`306`	`{`
`@@ -312,7 +312,7 @@ public function checkDisplayName(string $name): bool`
`312`	`312`	`}`
`313`	`313`
`314`	`314`	`/**`
`315`		`- * Checks if email address is already used. Returns true, if already in use.`
	`315`	`+ * Checks if the email address is already used. Returns true, if already in use.`
`316`	`316`	`*/`
`317`	`317`	`public function checkMailAddress(string $name): bool`
`318`	`318`	`{`