diff options
| author | Gunnar Lium <gunnar@aptoma.com> | 2013-02-04 10:27:49 +0100 |
|---|---|---|
| committer | Gunnar Lium <gunnar@aptoma.com> | 2013-03-23 15:10:50 +0100 |
| commit | e39584c65a12697c1e85d811357b6687e06043a5 (patch) | |
| tree | f419bb9f1111e034ad5c8d5abfc4a644914c1c4f | |
| parent | aa6acbad8d17f7c8fd6ba4c8ff5ea1009ef5738a (diff) | |
| download | symfony-security-e39584c65a12697c1e85d811357b6687e06043a5.zip symfony-security-e39584c65a12697c1e85d811357b6687e06043a5.tar.gz symfony-security-e39584c65a12697c1e85d811357b6687e06043a5.tar.bz2 | |
[Security] Return 401 when using use_forward for form authentication
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | Http/EntryPoint/FormAuthenticationEntryPoint.php | 7 | ||||
| -rw-r--r-- | Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php | 7 |
3 files changed, 12 insertions, 3 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 7ce1a43..e29de9f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ CHANGELOG 2.3.0 ----- + * [BC BREAK] return 401 instead of 500 when using use_forward during for form authentication * added a `require_previous_session` option to `AbstractAuthenticationListener` 2.2.0 diff --git a/Http/EntryPoint/FormAuthenticationEntryPoint.php b/Http/EntryPoint/FormAuthenticationEntryPoint.php index 2170e9e..3eaae82 100644 --- a/Http/EntryPoint/FormAuthenticationEntryPoint.php +++ b/Http/EntryPoint/FormAuthenticationEntryPoint.php @@ -53,7 +53,12 @@ class FormAuthenticationEntryPoint implements AuthenticationEntryPointInterface if ($this->useForward) { $subRequest = $this->httpUtils->createRequest($request, $this->loginPath); - return $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST); + $response = $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST); + if (200 === $response->getStatusCode()) { + $response->headers->set('X-Status-Code', 401); + } + + return $response; } return $this->httpUtils->createRedirectResponse($request, $this->loginPath); diff --git a/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php b/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php index 1cf2c2d..cbec1bd 100644 --- a/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php +++ b/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php @@ -50,7 +50,7 @@ class FormAuthenticationEntryPointTest extends \PHPUnit_Framework_TestCase { $request = $this->getMock('Symfony\Component\HttpFoundation\Request', array(), array(), '', false, false); $subRequest = $this->getMock('Symfony\Component\HttpFoundation\Request', array(), array(), '', false, false); - $response = $this->getMock('Symfony\Component\HttpFoundation\Response'); + $response = new \Symfony\Component\HttpFoundation\Response('', 200); $httpUtils = $this->getMock('Symfony\Component\Security\Http\HttpUtils'); $httpUtils @@ -70,6 +70,9 @@ class FormAuthenticationEntryPointTest extends \PHPUnit_Framework_TestCase $entryPoint = new FormAuthenticationEntryPoint($httpKernel, $httpUtils, '/the/login/path', true); - $this->assertEquals($response, $entryPoint->start($request)); + $entryPointResponse = $entryPoint->start($request); + + $this->assertEquals($response, $entryPointResponse); + $this->assertEquals(401, $entryPointResponse->headers->get('X-Status-Code')); } } |