diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2013-03-23 14:17:47 +0100 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2013-03-23 14:17:47 +0100 |
| commit | 13725dd05a7fac7387aa8aedbb9ca1ea83f1df8d (patch) | |
| tree | bf8fc3424317b006c3a462299c2ebe1fb9913baf | |
| parent | dcffbb1b6873f2f5519e6afe0f3ce65d0d0e0439 (diff) | |
| parent | 38657489962caba23677abfb4ceee6cde86bc464 (diff) | |
| download | symfony-security-13725dd05a7fac7387aa8aedbb9ca1ea83f1df8d.zip symfony-security-13725dd05a7fac7387aa8aedbb9ca1ea83f1df8d.tar.gz symfony-security-13725dd05a7fac7387aa8aedbb9ca1ea83f1df8d.tar.bz2 | |
merged branch adrienbrault/security-feature (PR #4776)
This PR was merged into the master branch.
Discussion
----------
[2.2] [Security] Add an option to disable the hasPreviousSession() check in AbstractAuthenticationListener
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: [](http://travis-ci.org/adrienbrault/symfony)
Fixes the following tickets: #3703
Todo: Add this option to the symfony doc security configuration reference
License of the code: MIT
Documentation PR: N/A
As stated in #3703, all authentication listeners that inherit from AbstractAuthenticationListener, only work when a previous session has been created.
This PR allows to change the default behavior in the security.yml file.
Example:
```yml
security:
firewalls:
secured_area:
pattern: ^/demo/secured/
form_login:
check_path: /demo/secured/login_check
login_path: /demo/secured/login
require_previous_session: false # The default value is true
logout:
path: /demo/secured/logout
target: /demo/
#anonymous: ~
#http_basic:
# realm: "Secured Demo Area"
```
PS: While removing my old commit, it closed the #4774 PR ...
Commits
-------
0562463 [Security] Add an option to disable the hasPreviousSession() check in AbstractAuthenticationListener
| -rw-r--r-- | Http/Firewall/AbstractAuthenticationListener.php | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/Http/Firewall/AbstractAuthenticationListener.php b/Http/Firewall/AbstractAuthenticationListener.php index 80f47f7..562ba10 100644 --- a/Http/Firewall/AbstractAuthenticationListener.php +++ b/Http/Firewall/AbstractAuthenticationListener.php @@ -92,6 +92,14 @@ abstract class AbstractAuthenticationListener implements ListenerInterface $this->failureHandler = $failureHandler; $this->options = array_merge(array( 'check_path' => '/login_check', + 'login_path' => '/login', + 'always_use_default_target_path' => false, + 'default_target_path' => '/', + 'target_path_parameter' => '_target_path', + 'use_referer' => false, + 'failure_path' => null, + 'failure_forward' => false, + 'require_previous_session' => true, ), $options); $this->logger = $logger; $this->dispatcher = $dispatcher; @@ -129,7 +137,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface } try { - if (!$request->hasPreviousSession()) { + if ($this->options['require_previous_session'] && !$request->hasPreviousSession()) { throw new SessionUnavailableException('Your session has timed out, or you have disabled cookies.'); } |