This looks wrong to me. The message key of the BadCredentialsException is Invalid credentials. (which is already translated), not Bad credentials.

It looks to me that you are rendering the security exceptions using their unsafe message rather than their safe message key (the exception message itself can leak informations about your DB structure for instance, in case it comes from a PDO exception. It is not safe to display it for end users)

👎

We use https://github.com/FriendsOfSymfony/FOSUserBundle/blob/1.3.x/Controller/SecurityController.php#L38
Bad credentials has more sense for user than Invalid credentials, it mean in most cases "You sent wrong username or password" instead of "Something wrong"
But you are right, i missed the standard way to translate error messages of authentication.

@linniksa if you are using FOSUserBundle 1.3, you are not using the Symfony translation messages

@stof Why not? I can change the default template.

Well, FOSUserBundle 1.3 does not give you the Symfony translation key. This means that you are translating other stuff, expecting them to be provided by the Symfony translations

I know that the default translation domain is FosUserBundle https://github.com/FriendsOfSymfony/FOSUserBundle/blob/1.3.x/Resources/views/Security/login.html.twig#L5
Bad credentials a string in symfony code, and the meaning of my pull request is to put a translation in symfony.
You point me standart way of translate auth exceptions (as described in docs) and i agree that in this case, my PR has little meaning

@linniksa Symfony does not provide translation for exception messages. It provides only translations for strings it considers as translation keys. Exception messages are not because they are targetted at developers, not at being displayed in the interface for end users (they are not safe to be displayed there as they might leak internal implementation details)