merged branch snc/issue-1798-sf21 (PR #2598)
Commits
-------
4d80ebd
Remove security token if user was deleted, is disabled or locked to prevent infinite redirect loops to the login path (fixes #1798).
Discussion
----------
[2.1] Fix for issue 1798
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: #1798
This is a simplified PR of #2528 for the master branch.
This commit is contained in:
commit
47b09f791b
@ -160,10 +160,9 @@ class ExceptionListener
|
||||
|
||||
$this->setTargetPath($request);
|
||||
|
||||
if ($authException instanceof AccountStatusException && ($token = $this->context->getToken()) instanceof UsernamePasswordToken) {
|
||||
if ($authException instanceof AccountStatusException) {
|
||||
// remove the security token to prevent infinite redirect loops
|
||||
$this->context->setToken(null);
|
||||
$request->getSession()->remove('_security_' . $token->getProviderKey());
|
||||
}
|
||||
|
||||
return $this->authenticationEntryPoint->start($request, $authException);
|
||||
|
Reference in New Issue
Block a user