Skip to content

Commit

Permalink
Merge pull request #4016 from chihiro-adachi/fix-redirect
Browse files Browse the repository at this point in the history
リダイレクト処理の修正(3.0)
  • Loading branch information
kanako-kina committed Nov 26, 2018
2 parents 19997b9 + b94279a commit 87087e7
Show file tree
Hide file tree
Showing 4 changed files with 155 additions and 1 deletion.
40 changes: 40 additions & 0 deletions src/Eccube/Application.php
Original file line number Diff line number Diff line change
Expand Up @@ -613,6 +613,46 @@ public function initSecurity()
return new \Symfony\Component\Security\Core\Authorization\AccessDecisionManager($app['security.voters'], 'unanimous');
});

$app = $this;
$app['security.authentication.success_handler.admin'] = $app->share(function ($app) {
$handler = new \Eccube\Security\Http\Authentication\EccubeAuthenticationSuccessHandler(
$app['security.http_utils'],
$app['security.firewalls']['admin']['form']
);

$handler->setProviderKey('admin');

return $handler;
});

$app['security.authentication.failure_handler.admin'] = $app->share(function ($app) {
return new \Eccube\Security\Http\Authentication\EccubeAuthenticationFailureHandler(
$app,
$app['security.http_utils'],
$app['security.firewalls']['admin']['form'],
$app['logger']
);
});

$app['security.authentication.success_handler.customer'] = $app->share(function ($app) {
$handler = new \Eccube\Security\Http\Authentication\EccubeAuthenticationSuccessHandler(
$app['security.http_utils'],
$app['security.firewalls']['customer']['form']
);

$handler->setProviderKey('customer');

return $handler;
});

$app['security.authentication.failure_handler.customer'] = $app->share(function ($app) {
return new \Eccube\Security\Http\Authentication\EccubeAuthenticationFailureHandler(
$app,
$app['security.http_utils'],
$app['security.firewalls']['customer']['form'],
$app['logger']
);
});
}

/**
Expand Down
2 changes: 1 addition & 1 deletion src/Eccube/Common/Constant.php
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ class Constant {
/**
* EC-CUBE VERSION.
*/
const VERSION = '3.0.16';
const VERSION = '3.0.17';

/**
* Enable value.
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
<?php

/*
* This file is part of EC-CUBE
*
* Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved.
*
* http://www.lockon.co.jp/
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/

namespace Eccube\Security\Http\Authentication;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler;

class EccubeAuthenticationFailureHandler extends DefaultAuthenticationFailureHandler
{
/**
* {@inheritdoc}
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
$response = parent::onAuthenticationFailure($request, $exception);
$targetUrl = $response->getTargetUrl();

if (preg_match('/^https?:\\\\/i', $targetUrl)) {
$response->setTargetUrl($request->getUriForPath('/'));

return $response;
}

$host = $request->getHttpHost();
$targetRequest = Request::create($response->getTargetUrl());
$targetHost = $targetRequest->getHttpHost();

if (strpos($targetHost, $host) !== 0) {
$response->setTargetUrl($request->getUriForPath('/'));
}

return $response;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
<?php

/*
* This file is part of EC-CUBE
*
* Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved.
*
* http://www.lockon.co.jp/
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/

namespace Eccube\Security\Http\Authentication;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler;

class EccubeAuthenticationSuccessHandler extends DefaultAuthenticationSuccessHandler
{
/**
* {@inheritdoc}
*/
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
$response = parent::onAuthenticationSuccess($request, $token);
$targetUrl = $response->getTargetUrl();

if (preg_match('/^https?:\\\\/i', $targetUrl)) {
$response->setTargetUrl($request->getUriForPath('/'));

return $response;
}

$host = $request->getHttpHost();
$targetRequest = Request::create($response->getTargetUrl());
$targetHost = $targetRequest->getHttpHost();

if (strpos($targetHost, $host) !== 0) {
$response->setTargetUrl($request->getUriForPath('/'));
}

return $response;
}
}

0 comments on commit 87087e7

Please sign in to comment.