Skip to content

Commit 3e58893

Browse files
acasademontacasademont
committed
[Security] Tweak UsernamePasswordFormAuthenticationListener
- Do not check twice for the only_post condition - If the expected request is only_post, check only the post variables for the username and password parameters
1 parent 188589c commit 3e58893

File tree

1 file changed

+8
-11
lines changed

1 file changed

+8
-11
lines changed

src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php

Lines changed: 8 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,7 @@ public function __construct(SecurityContextInterface $securityContext, Authentic
5555
*/
5656
protected function requiresAuthentication(Request $request)
5757
{
58-
if ($this->options['post_only'] && !$request->isMethod('post')) {
58+
if ($this->options['post_only'] && !$request->isMethod('POST')) {
5959
return false;
6060
}
6161

@@ -67,14 +67,6 @@ protected function requiresAuthentication(Request $request)
6767
*/
6868
protected function attemptAuthentication(Request $request)
6969
{
70-
if ($this->options['post_only'] && !$request->isMethod('post')) {
71-
if (null !== $this->logger) {
72-
$this->logger->debug(sprintf('Authentication method not supported: %s.', $request->getMethod()));
73-
}
74-
75-
return null;
76-
}
77-
7870
if (null !== $this->csrfProvider) {
7971
$csrfToken = $request->get($this->options['csrf_parameter'], null, true);
8072

@@ -83,8 +75,13 @@ protected function attemptAuthentication(Request $request)
8375
}
8476
}
8577

86-
$username = trim($request->get($this->options['username_parameter'], null, true));
87-
$password = $request->get($this->options['password_parameter'], null, true);
78+
if ($this->options['post_only']) {
79+
$username = trim($request->request->get($this->options['username_parameter'], null, true));
80+
$password = $request->request->get($this->options['password_parameter'], null, true);
81+
} else {
82+
$username = trim($request->get($this->options['username_parameter'], null, true));
83+
$password = $request->get($this->options['password_parameter'], null, true);
84+
}
8885

8986
$request->getSession()->set(SecurityContextInterface::LAST_USERNAME, $username);
9087

0 commit comments

Comments
 (0)