[Security] changed order of checks to check for more specific things first
This commit is contained in:
parent
4259530856
commit
29e4063825
@ -126,19 +126,19 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
if (null === $returnValue = $this->attemptAuthentication($request)) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!$request->hasSession()) {
|
||||
throw new \RuntimeException('This authentication method requires a session.');
|
||||
}
|
||||
|
||||
try {
|
||||
if (!$request->hasPreviousSession()) {
|
||||
throw new SessionUnavailableException('Your session has timed-out, or you have disabled cookies.');
|
||||
}
|
||||
|
||||
if (null === $returnValue = $this->attemptAuthentication($request)) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ($returnValue instanceof TokenInterface) {
|
||||
$this->sessionStrategy->onAuthentication($request, $returnValue);
|
||||
|
||||
|
Reference in New Issue
Block a user