tweaks thanks to the guys

weaverryan · weaverryan · commit 3d672022a21b · 2015-11-29T23:37:14.000-05:00
diff --git a/cookbook/security/api_key_authentication.rst b/cookbook/security/api_key_authentication.rst
@@ -70,7 +70,8 @@ value and then a User object is created::
             $username = $userProvider->getUsernameForApiKey($apiKey);
 
             if (!$username) {
-                // this message will be returned to the client
+                // CAUTION: this message will be returned to the client
+                // (so don't put any un-trusted messages / error strings here)
                 throw new CustomUserMessageAuthenticationException(
                     sprintf('API Key "%s" does not exist.', $apiKey)
                 );
diff --git a/cookbook/security/custom_password_authenticator.rst b/cookbook/security/custom_password_authenticator.rst
@@ -47,7 +47,8 @@ the user::
             try {
                 $user = $userProvider->loadUserByUsername($token->getUsername());
             } catch (UsernameNotFoundException $e) {
-                // error will be shown to the client
+                // CAUTION: this message will be returned to the client
+                // (so don't put any un-trusted messages / error strings here)
                 throw new CustomUserMessageAuthenticationException('Invalid username or password');
             }
 
@@ -56,7 +57,8 @@ the user::
             if ($passwordValid) {
                 $currentHour = date('G');
                 if ($currentHour < 14 || $currentHour > 16) {
-                    // error will be shown to the client
+                    // CAUTION: this message will be returned to the client
+                    // (so don't put any un-trusted messages / error strings here)
                     throw new CustomUserMessageAuthenticationException(
                         'You can only log in between 2 and 4!',
                         100
@@ -71,7 +73,8 @@ the user::
                 );
             }
 
-            // error will be shown to the client
+            // CAUTION: this message will be returned to the client
+            // (so don't put any un-trusted messages / error strings here)
             throw new CustomUserMessageAuthenticationException('Invalid username or password');
         }
 

Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,8 @@ the user::`
`47`	`47`	`try {`
`48`	`48`	`$user = $userProvider->loadUserByUsername($token->getUsername());`
`49`	`49`	`} catch (UsernameNotFoundException $e) {`
`50`		`- // error will be shown to the client`
	`50`	`+ // CAUTION: this message will be returned to the client`
	`51`	`+ // (so don't put any un-trusted messages / error strings here)`
`51`	`52`	`throw new CustomUserMessageAuthenticationException('Invalid username or password');`
`52`	`53`	`}`
`53`	`54`
`@@ -56,7 +57,8 @@ the user::`
`56`	`57`	`if ($passwordValid) {`
`57`	`58`	`$currentHour = date('G');`
`58`	`59`	`if ($currentHour < 14 \|\| $currentHour > 16) {`
`59`		`- // error will be shown to the client`
	`60`	`+ // CAUTION: this message will be returned to the client`
	`61`	`+ // (so don't put any un-trusted messages / error strings here)`
`60`	`62`	`throw new CustomUserMessageAuthenticationException(`
`61`	`63`	`'You can only log in between 2 and 4!',`
`62`	`64`	`100`
`@@ -71,7 +73,8 @@ the user::`
`71`	`73`	`);`
`72`	`74`	`}`
`73`	`75`
`74`		`- // error will be shown to the client`
	`76`	`+ // CAUTION: this message will be returned to the client`
	`77`	`+ // (so don't put any un-trusted messages / error strings here)`
`75`	`78`	`throw new CustomUserMessageAuthenticationException('Invalid username or password');`
`76`	`79`	`}`
`77`	`80`