symfony2 difference between error.message and error.messageKey

Question

I am implementing a simple custom login form. I am following two different example , the official one http://symfony.com/doc/current/cookbook/security/form_login_setup.html and this other one https://knpuniversity.com/screencast/symfony2-ep2/logout#play which is substantially the same but with some differences. Giving a look at the login.html.twig of the two examples, one of the differences is in the error message reporting where the first reports

<div class="error">{{ error.message|trans }}</div>

while the other reports

div class="error">{{ error.messageKey|trans(error.messageData, 'security') }}</div>

Please here's my question : what's the difference between "error.message" and "error.messageKey" and what do error.messageData means in the second example ?

Answer 1

In the second example, according to the doc you provided:

"The error variable passed into the template is an instance of AuthenticationException. It may contain more information - or even sensitive information - about the authentication failure, so use it wisely!"

And the class associated:

http://api.symfony.com/2.7/Symfony/Component/Security/Core/Exception/AuthenticationException.html

So the variable error sent to the template is and object gotten by:

$error = $authenticationUtils->getLastAuthenticationError();

In the first example, the variableerroris class constant gotten by :

$error = $session->get(SecurityContextInterface::AUTHENTICATION_ERROR);

And the class associated:

http://api.symfony.com/2.0/Symfony/Component/Security/Core/SecurityContextInterface.html

So you can notice that both variable error share only the same name ! They are not instances of the same class

** EDIT **

This is an answer to your commentary, Both methods do the same job

1. First method

class AuthenticationUtils
{
    /**
     * @param bool $clearSession
     *
     * @return AuthenticationException|null
     */
    public function getLastAuthenticationError($clearSession = true)
    {
        $request = $this->getRequest();
        $session = $request->getSession();
        $authenticationException = null;

        if ($request->attributes->has(Security::AUTHENTICATION_ERROR)) {
            $authenticationException = $request->attributes->get(Security::AUTHENTICATION_ERROR);
        } elseif ($session !== null &&   $session->has(Security::AUTHENTICATION_ERROR)) {
            $authenticationException = $session->get(Security::AUTHENTICATION_ERROR);

            if ($clearSession) {
                $session->remove(Security::AUTHENTICATION_ERROR);
            }
        }

        return $authenticationException;
    }



class AuthenticationException extends \RuntimeException implements \Serializable
  {


   /**
    * Message key to be used by the translation component.
    *
    * @return string
    */
   public function getMessageKey()
   {
       return 'An authentication exception occurred.';
   }

   /**
    * Message data to be used by the translation component.
    *
    * @return array
    */
   public function getMessageData()
   {
       return array();
   }
 }

So :

$error = $authenticationUtils->getLastAuthenticationError();

Followed by

{{ error.messageKey|trans(error.messageData, 'security') }}

Will return :

'An authentication exception occurred.'

2. Second method

interface SecurityContextInterface extends TokenStorageInterface, AuthorizationCheckerInterface
{
   const AUTHENTICATION_ERROR = Security::AUTHENTICATION_ERROR;
}

final class Security
{
    const AUTHENTICATION_ERROR = '_security.last_error';
}

So

$error = $session->get(SecurityContextInterface::AUTHENTICATION_ERROR);

Followed by

{{ error.message|trans }}

Will return

the last authentication error stored in session

Answer 2

in first case (error.message|trans) error.message just holds translation key.

second one (error.messageKey|trans(error.messageData, 'security')) little more complex:

• you have message key in error.messageKey

• you have data that will be used to fill placeholders in translated string (some kind of sprintf('test: %s', messageData) see http://symfony.com/doc/current/book/translation.html#translations-in-templates

• you have message domain security (an optional way to organize messages into groups) see http://symfony.com/doc/current/components/translation/introduction.html#using-message-domains