merged branch henrikbjorn/require-authentication (PR #4525)
Commits -------6a01d3d
[Security] Check post_only option and request method Discussion ---------- [Security] Take `post_only` into consideration in requiresAuthentication Change requiresAuthentication to look at the `post_only` option. Fixes #4524 --------------------------------------------------------------------------- by travisbot at 2012-06-08T18:26:21Z This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1570033) (merged 6d799494 intob84b46ba
). --------------------------------------------------------------------------- by travisbot at 2012-06-09T11:34:59Z This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1575681) (merged af676bb5 intob84b46ba
). --------------------------------------------------------------------------- by stof at 2012-06-09T14:01:21Z @henrikbjorn could you squash the commit, or cherry-pick the third one so that it is the only one ? The reverted commit seems weird in the PR. --------------------------------------------------------------------------- by henrikbjorn at 2012-06-09T14:18:08Z @stof there. Actually it cannot be squashed. But maybe what i did was wrong. ``` shell git reset --hardb84b46ba1a
git cherry-pick af676bb5d01f835b2f9913e129e6c6eb3320dd26 git push -f henrikbjorn require-authentication ``` --------------------------------------------------------------------------- by travisbot at 2012-06-09T14:22:59Z This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1576658) (merged6a01d3dd
into3bb7dc0b
). --------------------------------------------------------------------------- by stof at 2012-06-09T14:39:25Z @fabpot 👍
This commit is contained in:
commit
ae2ec36e27
|
@ -50,6 +50,18 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL
|
|||
$this->csrfProvider = $csrfProvider;
|
||||
}
|
||||
|
||||
/**
|
||||
* @{inheritdoc}
|
||||
*/
|
||||
protected function requiresAuthentication(Request $request)
|
||||
{
|
||||
if ($this->options['post_only'] && !$request->isMethod('post')) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return parent::requiresAuthentication($request);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
|
|
Reference in New Issue