diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Security] Return 401 when using use_forward for form authentication

Browse Source
This commit is contained in:
Gunnar Lium 2013-02-04 10:27:49 +01:00
parent d901afdd2f
commit b5597e8209
3 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Symfony/Component/Security/CHANGELOG.md
View File

@ -4,6 +4,7 @@ CHANGELOG
2.3.0
-----
* [BC BREAK] return 401 instead of 500 when using use_forward during for form authentication
* added a `require_previous_session` option to `AbstractAuthenticationListener`
2.2.0

7
src/Symfony/Component/Security/Http/EntryPoint/FormAuthenticationEntryPoint.php
View File

@ -53,7 +53,12 @@ class FormAuthenticationEntryPoint implements AuthenticationEntryPointInterface
if ($this->useForward) {
$subRequest = $this->httpUtils->createRequest($request, $this->loginPath);
return $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
$response = $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
if (200 === $response->getStatusCode()) {
$response->headers->set('X-Status-Code', 401);
}
return $response;
}
return $this->httpUtils->createRedirectResponse($request, $this->loginPath);

7
src/Symfony/Component/Security/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php
View File

@ -50,7 +50,7 @@ class FormAuthenticationEntryPointTest extends \PHPUnit_Framework_TestCase
{
$request = $this->getMock('Symfony\Component\HttpFoundation\Request', array(), array(), '', false, false);
$subRequest = $this->getMock('Symfony\Component\HttpFoundation\Request', array(), array(), '', false, false);
$response = $this->getMock('Symfony\Component\HttpFoundation\Response');
$response = new \Symfony\Component\HttpFoundation\Response('', 200);
$httpUtils = $this->getMock('Symfony\Component\Security\Http\HttpUtils');
$httpUtils
@ -70,6 +70,9 @@ class FormAuthenticationEntryPointTest extends \PHPUnit_Framework_TestCase
$entryPoint = new FormAuthenticationEntryPoint($httpKernel, $httpUtils, '/the/login/path', true);
$this->assertEquals($response, $entryPoint->start($request));
$entryPointResponse = $entryPoint->start($request);
$this->assertEquals($response, $entryPointResponse);
$this->assertEquals(401, $entryPointResponse->headers->get('X-Status-Code'));
}
}