diff options
| -rw-r--r-- | CHANGELOG.md | 6 | ||||
| -rw-r--r-- | Core/Validator/Constraint/UserPassword.php | 29 | ||||
| -rw-r--r-- | Core/Validator/Constraint/UserPasswordValidator.php | 29 | ||||
| -rw-r--r-- | Http/EntryPoint/FormAuthenticationEntryPoint.php | 7 | ||||
| -rw-r--r-- | Http/Firewall/AbstractAuthenticationListener.php | 10 | ||||
| -rw-r--r-- | Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php | 7 | ||||
| -rw-r--r-- | composer.json | 8 |
7 files changed, 30 insertions, 66 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 82c4312..e29de9f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,12 @@ CHANGELOG ========= +2.3.0 +----- + + * [BC BREAK] return 401 instead of 500 when using use_forward during for form authentication + * added a `require_previous_session` option to `AbstractAuthenticationListener` + 2.2.0 ----- diff --git a/Core/Validator/Constraint/UserPassword.php b/Core/Validator/Constraint/UserPassword.php deleted file mode 100644 index 93ca24d..0000000 --- a/Core/Validator/Constraint/UserPassword.php +++ /dev/null @@ -1,29 +0,0 @@ -<?php - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier <fabien@symfony.com> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Core\Validator\Constraint; - -use Symfony\Component\Security\Core\Validator\Constraints\UserPassword as BaseUserPassword; - -/** - * @Annotation - * - * @deprecated Deprecated since version 2.2, to be removed in 2.3. - */ -class UserPassword extends BaseUserPassword -{ - public function __construct($options = null) - { - trigger_error('UserPassword class in Symfony\Component\Security\Core\Validator\Constraint namespace is deprecated since version 2.2 and will be removed in 2.3. Use the Symfony\Component\Security\Core\Validator\Constraints\UserPassword class instead.', E_USER_DEPRECATED); - - parent::__construct($options); - } -} diff --git a/Core/Validator/Constraint/UserPasswordValidator.php b/Core/Validator/Constraint/UserPasswordValidator.php deleted file mode 100644 index 0195fe5..0000000 --- a/Core/Validator/Constraint/UserPasswordValidator.php +++ /dev/null @@ -1,29 +0,0 @@ -<?php - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier <fabien@symfony.com> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Core\Validator\Constraint; - -use Symfony\Component\Security\Core\SecurityContextInterface; -use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface; -use Symfony\Component\Security\Core\Validator\Constraints\UserPasswordValidator as BaseUserPasswordValidator; - -/** - * @deprecated Deprecated since version 2.2, to be removed in 2.3. - */ -class UserPasswordValidator extends BaseUserPasswordValidator -{ - public function __construct(SecurityContextInterface $securityContext, EncoderFactoryInterface $encoderFactory) - { - trigger_error('UserPasswordValidator class in Symfony\Component\Security\Core\Validator\Constraint namespace is deprecated since version 2.2 and will be removed in 2.3. Use the Symfony\Component\Security\Core\Validator\Constraints\UserPasswordValidator class instead.', E_USER_DEPRECATED); - - parent::__construct($securityContext, $encoderFactory); - } -} diff --git a/Http/EntryPoint/FormAuthenticationEntryPoint.php b/Http/EntryPoint/FormAuthenticationEntryPoint.php index 2170e9e..3eaae82 100644 --- a/Http/EntryPoint/FormAuthenticationEntryPoint.php +++ b/Http/EntryPoint/FormAuthenticationEntryPoint.php @@ -53,7 +53,12 @@ class FormAuthenticationEntryPoint implements AuthenticationEntryPointInterface if ($this->useForward) { $subRequest = $this->httpUtils->createRequest($request, $this->loginPath); - return $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST); + $response = $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST); + if (200 === $response->getStatusCode()) { + $response->headers->set('X-Status-Code', 401); + } + + return $response; } return $this->httpUtils->createRedirectResponse($request, $this->loginPath); diff --git a/Http/Firewall/AbstractAuthenticationListener.php b/Http/Firewall/AbstractAuthenticationListener.php index 80f47f7..562ba10 100644 --- a/Http/Firewall/AbstractAuthenticationListener.php +++ b/Http/Firewall/AbstractAuthenticationListener.php @@ -92,6 +92,14 @@ abstract class AbstractAuthenticationListener implements ListenerInterface $this->failureHandler = $failureHandler; $this->options = array_merge(array( 'check_path' => '/login_check', + 'login_path' => '/login', + 'always_use_default_target_path' => false, + 'default_target_path' => '/', + 'target_path_parameter' => '_target_path', + 'use_referer' => false, + 'failure_path' => null, + 'failure_forward' => false, + 'require_previous_session' => true, ), $options); $this->logger = $logger; $this->dispatcher = $dispatcher; @@ -129,7 +137,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface } try { - if (!$request->hasPreviousSession()) { + if ($this->options['require_previous_session'] && !$request->hasPreviousSession()) { throw new SessionUnavailableException('Your session has timed out, or you have disabled cookies.'); } diff --git a/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php b/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php index 1cf2c2d..cbec1bd 100644 --- a/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php +++ b/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php @@ -50,7 +50,7 @@ class FormAuthenticationEntryPointTest extends \PHPUnit_Framework_TestCase { $request = $this->getMock('Symfony\Component\HttpFoundation\Request', array(), array(), '', false, false); $subRequest = $this->getMock('Symfony\Component\HttpFoundation\Request', array(), array(), '', false, false); - $response = $this->getMock('Symfony\Component\HttpFoundation\Response'); + $response = new \Symfony\Component\HttpFoundation\Response('', 200); $httpUtils = $this->getMock('Symfony\Component\Security\Http\HttpUtils'); $httpUtils @@ -70,6 +70,9 @@ class FormAuthenticationEntryPointTest extends \PHPUnit_Framework_TestCase $entryPoint = new FormAuthenticationEntryPoint($httpKernel, $httpUtils, '/the/login/path', true); - $this->assertEquals($response, $entryPoint->start($request)); + $entryPointResponse = $entryPoint->start($request); + + $this->assertEquals($response, $entryPointResponse); + $this->assertEquals(401, $entryPointResponse->headers->get('X-Status-Code')); } } diff --git a/composer.json b/composer.json index 083ce94..dd4eecf 100644 --- a/composer.json +++ b/composer.json @@ -18,13 +18,13 @@ "require": { "php": ">=5.3.3", "symfony/event-dispatcher": "~2.1", - "symfony/http-foundation": ">=2.1,<2.3-dev", + "symfony/http-foundation": ">=2.1,<2.4-dev", "symfony/http-kernel": ">=2.1,<=2.3-dev" }, "require-dev": { "symfony/form": "~2.0", - "symfony/routing": ">=2.2,<2.3-dev", - "symfony/validator": ">=2.2,<2.3-dev", + "symfony/routing": ">=2.2,<2.4-dev", + "symfony/validator": ">=2.2,<2.4-dev", "doctrine/common": "~2.2", "doctrine/dbal": "~2.2", "psr/log": "~1.0" @@ -44,7 +44,7 @@ "minimum-stability": "dev", "extra": { "branch-alias": { - "dev-master": "2.2-dev" + "dev-master": "2.3-dev" } } } |