merged branch henrikbjorn/require-authentication (PR #4525)

Commits ------- 6a01d3d [Security] Check post_only option and request method Discussion ---------- [Security] Take `post_only` into consideration in requiresAuthentication Change requiresAuthentication to look at the `post_only` option. Fixes #4524 --------------------------------------------------------------------------- by travisbot at 2012-06-08T18:26:21Z This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1570033) (merged 6d799494 into b84b46ba). --------------------------------------------------------------------------- by travisbot at 2012-06-09T11:34:59Z This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1575681) (merged af676bb5 into b84b46ba). --------------------------------------------------------------------------- by stof at 2012-06-09T14:01:21Z @henrikbjorn could you squash the commit, or cherry-pick the third one so that it is the only one ? The reverted commit seems weird in the PR. --------------------------------------------------------------------------- by henrikbjorn at 2012-06-09T14:18:08Z @stof there. Actually it cannot be squashed. But maybe what i did was wrong. ``` shell git reset --hard b84b46ba1a git cherry-pick af676bb5d01f835b2f9913e129e6c6eb3320dd26 git push -f henrikbjorn require-authentication ``` --------------------------------------------------------------------------- by travisbot at 2012-06-09T14:22:59Z This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1576658) (merged 6a01d3dd into 3bb7dc0b). --------------------------------------------------------------------------- by stof at 2012-06-09T14:39:25Z @fabpot 👍
2012-06-09 17:11:11 +02:00 · 2012-06-09 17:11:11 +02:00 · ae2ec36e27
parent dedaa82ec4 6a01d3dd54
commit ae2ec36e27
1 changed files with 12 additions and 0 deletions
--- a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
@ -50,6 +50,18 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL
        $this->csrfProvider = $csrfProvider;
    }

+    /**
+     * @{inheritdoc}
+     */
+    protected function requiresAuthentication(Request $request)
+    {
+        if ($this->options['post_only'] && !$request->isMethod('post')) {
+            return false;
+        }
+
+        return parent::requiresAuthentication($request);
+    }
+
    /**
     * {@inheritdoc}
     */