Should Symfony translate security exception messages? #33168
Comments
|
Some people said on Slack that the current behavior is correct. The returned value is the translation key because "you can translate it" ... not because "it's translated by Symfony automatically". And we use real messages instead of message keys to make messages readable when you don't have the Translation component installed. |
|
Could make this behavior configurable in the authenticator, as there can be valid cases where you don't want to translate it yet. |
|
I just looked at the translation integration of the Form component and I don't think there is anything to do here. The form component integrates with translation only in their default Twig templates. The Security component is "translation ready", we ship translations ( Automatically translating them would mean we have to catch them somewhere, translate them (if translator is enabled) and then rethrow it. That would also require an option to opt-out/in of this feature. I don't think it's worth it. We might benefit from better documenting this though |
|
I agree with Wouter. |
|
UsernamePasswordJsonAuthenticationListener not translating the security exception looks like a bug to me btw :) |
I think this is an interesting idea and quite simple to implement. We can add a Just checked, this is the only authenticator/failure handler that explicitly creates an error response. |
|
Is it a bug or new feature? At the moment i changed it in master. |
|
technically a new feature, behavior-wise a bug. Let's be safe and target master :) |
…te Schlüter) This PR was squashed before being merged into the 5.2-dev branch. Discussion ---------- Translate failure messages of json authentication | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | Resolves #33168 | License | MIT | Doc PR | - Until now the failure messages of the json authentication were not translated. I'm not sure if it's a bug or a new feature. The changes shouldn't be a BC. Commits ------- 7684663 Translate failure messages of json authentication
|
I know this issue is already merged and closed but i added some tests now. See #38044. |
…cation (Malte Schlüter) This PR was merged into the 5.2-dev branch. Discussion ---------- Add tests for translated error messages of json authentication | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | #33168 | License | MIT | Doc PR | - In PR #38037 i added the translator to the json authenticator but there are some tests missing. I added some now. Commits ------- b50fc19 Add tests for translated error messages of json authentication
Description
Symfony includes the translation of Security exception messages ... but they are not used automatically.
For example, if you build a custom Guard-based login mechanism ...
UsernamePasswordJsonAuthenticationListenercan returnreturn new JsonResponse(['error' => $failed->getMessageKey()], 401);and you getBad credentials.message in English, regardless of the current application locale.Is this correct? Look at PHPdoc:
So, this is meant to be translated. Should we do it?
In the login form docs we translate this manually:
{% if error %} <div class="alert alert-danger">{{ error.messageKey|trans(error.messageData, 'security') }}</div> {% endif %}Should this message come translated instead?
The text was updated successfully, but these errors were encountered: