From 3e58893d0f184525cfbe8d6337fdb4ff7378eb7f Mon Sep 17 00:00:00 2001
From: Albert Casademont <albertcasademont@gmail.com>
Date: Tue, 23 Oct 2012 11:27:38 +0200
Subject: [PATCH] [Security] Tweak UsernamePasswordFormAuthenticationListener

- Do not check twice for the only_post condition
- If the expected request is only_post, check only the post variables for the username and password parameters
---
 ...namePasswordFormAuthenticationListener.php | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
index 057ff7141ab2..388c0149488c 100644
--- a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
@@ -55,7 +55,7 @@ public function __construct(SecurityContextInterface $securityContext, Authentic
      */
     protected function requiresAuthentication(Request $request)
     {
-        if ($this->options['post_only'] && !$request->isMethod('post')) {
+        if ($this->options['post_only'] && !$request->isMethod('POST')) {
             return false;
         }
 
@@ -67,14 +67,6 @@ protected function requiresAuthentication(Request $request)
      */
     protected function attemptAuthentication(Request $request)
     {
-        if ($this->options['post_only'] && !$request->isMethod('post')) {
-            if (null !== $this->logger) {
-                $this->logger->debug(sprintf('Authentication method not supported: %s.', $request->getMethod()));
-            }
-
-            return null;
-        }
-
         if (null !== $this->csrfProvider) {
             $csrfToken = $request->get($this->options['csrf_parameter'], null, true);
 
@@ -83,8 +75,13 @@ protected function attemptAuthentication(Request $request)
             }
         }
 
-        $username = trim($request->get($this->options['username_parameter'], null, true));
-        $password = $request->get($this->options['password_parameter'], null, true);
+        if ($this->options['post_only']) {
+            $username = trim($request->request->get($this->options['username_parameter'], null, true));
+            $password = $request->request->get($this->options['password_parameter'], null, true);
+        } else {
+            $username = trim($request->get($this->options['username_parameter'], null, true));
+            $password = $request->get($this->options['password_parameter'], null, true);
+        }
 
         $request->getSession()->set(SecurityContextInterface::LAST_USERNAME, $username);