diff options
Diffstat (limited to 'Http')
| -rw-r--r-- | Http/Firewall/AbstractAuthenticationListener.php | 11 | ||||
| -rw-r--r-- | Http/Firewall/UsernamePasswordFormAuthenticationListener.php | 2 |
2 files changed, 11 insertions, 2 deletions
diff --git a/Http/Firewall/AbstractAuthenticationListener.php b/Http/Firewall/AbstractAuthenticationListener.php index 2b2db40..2ab0cfd 100644 --- a/Http/Firewall/AbstractAuthenticationListener.php +++ b/Http/Firewall/AbstractAuthenticationListener.php @@ -18,6 +18,7 @@ use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; +use Symfony\Component\Security\Core\Exception\SessionUnavailableException; use Symfony\Component\HttpKernel\Log\LoggerInterface; use Symfony\Component\HttpKernel\HttpKernelInterface; use Symfony\Component\HttpKernel\Events as KernelEvents; @@ -123,6 +124,14 @@ abstract class AbstractAuthenticationListener implements ListenerInterface return; } + if (!$request->hasSession()) { + throw new \RuntimeException('This authentication method requires a session.'); + } + + if (!$request->hasPreviousSession()) { + throw new SessionUnavailableException('Your session has timed-out, or you have disabled cookies.'); + } + if ($returnValue instanceof TokenInterface) { $this->sessionStrategy->onAuthentication($request, $returnValue); @@ -222,7 +231,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface if (null !== $this->successHandler) { $response = $this->successHandler->onAuthenticationSuccess($request, $token); } else { - $path = $this->determineTargetUrl($request); + $path = strtr($this->determineTargetUrl($request), '{_locale}', $session->getLocale()); $response = new RedirectResponse(0 !== strpos($path, 'http') ? $request->getUriForPath($path) : $path, 302); } diff --git a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php index 51546c0..e76b1bf 100644 --- a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php +++ b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php @@ -63,7 +63,7 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL } if (null !== $this->csrfProvider) { - $csrfToken = $request->get($this->options['csrf_parameter']); + $csrfToken = $request->get($this->options['csrf_parameter'], null, true); if (false === $this->csrfProvider->isCsrfTokenValid($this->options['intention'], $csrfToken)) { throw new InvalidCsrfTokenException('Invalid CSRF token.'); |