[Security] Replace message data in JSON security error response

wouterj · wouterj · commit f0c28c793e77 · 2021-01-16T23:34:24.000+01:00
diff --git a/Firewall/UsernamePasswordJsonAuthenticationListener.php b/Firewall/UsernamePasswordJsonAuthenticationListener.php
@@ -191,7 +191,9 @@ private function onFailure(Request $request, AuthenticationException $failed): R
         }
 
         if (!$this->failureHandler) {
-            return new JsonResponse(['error' => $failed->getMessageKey()], 401);
+            $errorMessage = strtr($failed->getMessageKey(), $failed->getMessageData());
+
+            return new JsonResponse(['error' => $errorMessage], 401);
         }
 
         $response = $this->failureHandler->onAuthenticationFailure($request, $failed);

Original file line number	Diff line number	Diff line change
`@@ -191,7 +191,9 @@ private function onFailure(Request $request, AuthenticationException $failed): R`
`191`	`191`	`}`
`192`	`192`
`193`	`193`	`if (!$this->failureHandler) {`
`194`		`- return new JsonResponse(['error' => $failed->getMessageKey()], 401);`
	`194`	`+ $errorMessage = strtr($failed->getMessageKey(), $failed->getMessageData());`
	`195`	`+`
	`196`	`+ return new JsonResponse(['error' => $errorMessage], 401);`
`195`	`197`	`}`
`196`	`198`
`197`	`199`	`$response = $this->failureHandler->onAuthenticationFailure($request, $failed);`