[Security] changed order of checks to check for more specific things first
This commit is contained in:
parent
4259530856
commit
29e4063825
@ -126,19 +126,19 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
|
||||||
if (null === $returnValue = $this->attemptAuthentication($request)) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!$request->hasSession()) {
|
if (!$request->hasSession()) {
|
||||||
throw new \RuntimeException('This authentication method requires a session.');
|
throw new \RuntimeException('This authentication method requires a session.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
if (!$request->hasPreviousSession()) {
|
if (!$request->hasPreviousSession()) {
|
||||||
throw new SessionUnavailableException('Your session has timed-out, or you have disabled cookies.');
|
throw new SessionUnavailableException('Your session has timed-out, or you have disabled cookies.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (null === $returnValue = $this->attemptAuthentication($request)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if ($returnValue instanceof TokenInterface) {
|
if ($returnValue instanceof TokenInterface) {
|
||||||
$this->sessionStrategy->onAuthentication($request, $returnValue);
|
$this->sessionStrategy->onAuthentication($request, $returnValue);
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user