diff options
| author | Albert Casademont <albertcasademont@gmail.com> | 2012-10-23 11:27:38 +0200 |
|---|---|---|
| committer | Albert Casademont <albertcasademont@gmail.com> | 2012-10-23 11:27:38 +0200 |
| commit | 21332f546badf2016da6ab3fe34c61a7a0978c3b (patch) | |
| tree | a5d682d2c6923bbb6278e59daacecb7c9616d216 | |
| parent | c8eee73f855b1c1b0af8f6292c7f291866d06b21 (diff) | |
| download | symfony-security-21332f546badf2016da6ab3fe34c61a7a0978c3b.zip symfony-security-21332f546badf2016da6ab3fe34c61a7a0978c3b.tar.gz symfony-security-21332f546badf2016da6ab3fe34c61a7a0978c3b.tar.bz2 | |
[Security] Tweak UsernamePasswordFormAuthenticationListener
- Do not check twice for the only_post condition
- If the expected request is only_post, check only the post variables for the username and password parameters
| -rw-r--r-- | Http/Firewall/UsernamePasswordFormAuthenticationListener.php | 19 |
1 files changed, 8 insertions, 11 deletions
diff --git a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php index 057ff71..388c014 100644 --- a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php +++ b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php @@ -55,7 +55,7 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL */ protected function requiresAuthentication(Request $request) { - if ($this->options['post_only'] && !$request->isMethod('post')) { + if ($this->options['post_only'] && !$request->isMethod('POST')) { return false; } @@ -67,14 +67,6 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL */ protected function attemptAuthentication(Request $request) { - if ($this->options['post_only'] && !$request->isMethod('post')) { - if (null !== $this->logger) { - $this->logger->debug(sprintf('Authentication method not supported: %s.', $request->getMethod())); - } - - return null; - } - if (null !== $this->csrfProvider) { $csrfToken = $request->get($this->options['csrf_parameter'], null, true); @@ -83,8 +75,13 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL } } - $username = trim($request->get($this->options['username_parameter'], null, true)); - $password = $request->get($this->options['password_parameter'], null, true); + if ($this->options['post_only']) { + $username = trim($request->request->get($this->options['username_parameter'], null, true)); + $password = $request->request->get($this->options['password_parameter'], null, true); + } else { + $username = trim($request->get($this->options['username_parameter'], null, true)); + $password = $request->get($this->options['password_parameter'], null, true); + } $request->getSession()->set(SecurityContextInterface::LAST_USERNAME, $username); |