diogo
/
symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bug #19334 [Security] Fix the retrieval of the last username when using forwarding (stof) 

This PR was merged into the 2.7 branch.

Discussion
----------

[Security] Fix the retrieval of the last username when using forwarding

| Q             | A
| ------------- | ---
| Branch?       | 2.7
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | n/a
| License       | MIT
| Doc PR        | n/a

When using forwarding to render the login page (which is not the default), the info are stored in the subrequest attributes rather than the session. ``getLastAuthenticationError`` was handling this properly but ``getLastUsername`` was not checking the attributes.
This fixes it by checking the attributes (I'm checking them before the session, to be consistent with ``getLastAuthenticationError``)

Commits
-------

e041365 Fix the retrieval of the last username when using forwarding
This commit is contained in:
Fabien Potencier 2016-07-13 10:42:38 +02:00
parent 5922d715d8 e04136524c
commit 30997a4005
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/Symfony/Component/Security/Http/Authentication/AuthenticationUtils.php
View File

@ -65,7 +65,13 @@ class AuthenticationUtils
*/
public function getLastUsername()
{
$session = $this->getRequest()->getSession();
$request = $this->getRequest();
if ($request->attributes->has(Security::LAST_USERNAME)) {
return $request->attributes->get(Security::LAST_USERNAME);
}
$session = $request->getSession();
return null === $session ? '' : $session->get(Security::LAST_USERNAME);
}