[Security] Tweak UsernamePasswordFormAuthenticationListener

- Do not check twice for the only_post condition - If the expected request is only_post, check only the post variables for the username and password parameters
symfony · Oct 23, 2012 · 3e58893 · 3e58893
1 parent 188589c
commit 3e58893
Showing 1 changed file with 8 additions and 11 deletions.
diff --git a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
@@ -55,7 +55,7 @@ public function __construct(SecurityContextInterface $securityContext, Authentic
      */
     protected function requiresAuthentication(Request $request)
     {
-        if ($this->options['post_only'] && !$request->isMethod('post')) {
+        if ($this->options['post_only'] && !$request->isMethod('POST')) {
             return false;
         }
 
@@ -67,14 +67,6 @@ protected function requiresAuthentication(Request $request)
      */
     protected function attemptAuthentication(Request $request)
     {
-        if ($this->options['post_only'] && !$request->isMethod('post')) {
-            if (null !== $this->logger) {
-                $this->logger->debug(sprintf('Authentication method not supported: %s.', $request->getMethod()));
-            }
-
-            return null;
-        }
-
         if (null !== $this->csrfProvider) {
             $csrfToken = $request->get($this->options['csrf_parameter'], null, true);
 
@@ -83,8 +75,13 @@ protected function attemptAuthentication(Request $request)
             }
         }
 
-        $username = trim($request->get($this->options['username_parameter'], null, true));
-        $password = $request->get($this->options['password_parameter'], null, true);
+        if ($this->options['post_only']) {
+            $username = trim($request->request->get($this->options['username_parameter'], null, true));
+            $password = $request->request->get($this->options['password_parameter'], null, true);
+        } else {
+            $username = trim($request->get($this->options['username_parameter'], null, true));
+            $password = $request->get($this->options['password_parameter'], null, true);
+        }
 
         $request->getSession()->set(SecurityContextInterface::LAST_USERNAME, $username);