[Security] updated with "intention"
This commit is contained in:
parent
914620f948
commit
b645278f8b
@ -30,7 +30,7 @@ class FormLoginFactory extends AbstractFactory
|
||||
$this->addOption('username_parameter', '_username');
|
||||
$this->addOption('password_parameter', '_password');
|
||||
$this->addOption('csrf_parameter', '_csrf_token');
|
||||
$this->addOption('csrf_page_id', 'form_login');
|
||||
$this->addOption('intention', 'authenticate');
|
||||
$this->addOption('post_only', true);
|
||||
}
|
||||
|
||||
|
@ -42,7 +42,7 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL
|
||||
'username_parameter' => '_username',
|
||||
'password_parameter' => '_password',
|
||||
'csrf_parameter' => '_csrf_token',
|
||||
'csrf_page_id' => 'form_login',
|
||||
'intention' => 'authenticate',
|
||||
'post_only' => true,
|
||||
), $options), $successHandler, $failureHandler, $logger, $dispatcher);
|
||||
|
||||
@ -65,7 +65,7 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL
|
||||
if (null !== $this->csrfProvider) {
|
||||
$csrfToken = $request->get($this->options['csrf_parameter']);
|
||||
|
||||
if (false === $this->csrfProvider->isCsrfTokenValid($this->options['csrf_page_id'], $csrfToken)) {
|
||||
if (false === $this->csrfProvider->isCsrfTokenValid($this->options['intention'], $csrfToken)) {
|
||||
throw new InvalidCsrfTokenException('Invalid CSRF token.');
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user