private function handleAuthenticationFailure(AuthenticationException
$authenticationException, Request
$request, AuthenticatorInterface
$authenticator, ?Passport
$passport): ?Response
{ $this->logger?->
info('Authenticator failed.',
['exception' =>
$authenticationException, 'authenticator'
=> ($authenticator instanceof TraceableAuthenticator ?
$authenticator->
getAuthenticator() :
$authenticator)::
class]);
// Avoid leaking error details in case of invalid user (e.g. user not found or invalid account status)
// to prevent user enumeration via response content comparison
if ($this->hideUserNotFoundExceptions
&& ($authenticationException instanceof UserNotFoundException
|| ($authenticationException instanceof AccountStatusException && !
$authenticationException instanceof CustomUserMessageAccountStatusException
))) { $authenticationException =
new BadCredentialsException('Bad credentials.', 0,
$authenticationException);
} $response =
$authenticator->
onAuthenticationFailure($request,
$authenticationException);
if (null !==
$response && null !==
$this->logger
) { $this->logger->
debug('The "{authenticator}" authenticator set the failure response.',
['authenticator'
=> ($authenticator instanceof TraceableAuthenticator ?
$authenticator->
getAuthenticator() :
$authenticator)::
class]);
} $this->eventDispatcher->
dispatch($loginFailureEvent =
new LoginFailureEvent($authenticationException,
$authenticator,
$request,
$response,
$this->firewallName,
$passport));
// returning null is ok, it means they want the request to continue
return $loginFailureEvent->
getResponse();
}}