-
-
Notifications
You must be signed in to change notification settings - Fork 158
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Correctly handle denied access in the firewall (see #6805)
Description ----------- This now fixes and improves a lot of things 🙈 1. Fixes the authentication system to correctly render the Contao login page even if the current route is not a Contao page (e.g. a custom controller) 1. Fixes the `ContaoLoginAuthenticator` from rendering the wrong page for login (if the user is not fully authenticated). 2. ~Fixes the remember me authentication system~ (see #6815) 3. Adds an `AccessDeniedHandler` to render the 403 page via the firewall exception handler 4. Correctly enforces fully authentication for changing personal data, changing the user password and configuring two-factor authentication 5. Removes the ExceptionConverter and PrettyErrorScreen from rendering 401 and 403 pages, because these are rendered by the firewall There are two "behaviour changes" I can think of - obviously the fully-authentication works and is now enforces as described in point 4 - If no 401 or 403 pages are configured in root page, we now render the generic error (through the pretty error screen listener) instead of the generic Symfony 401/403 message. Since we are in Contao frontend scope, I think that should be fine. ### TODO: - [x] ~Needs a migration for existing RememberMe tokens (the migration tool cannot migrate binary data to string value because the binary data is null-padded and therefore longer than the new string field).~ Commits ------- 9cba1e8 Correctly handle denied access in firewall 5d88701 Handle full authentication in login and user modules 8ffa520 Fix the rememberme functionality 45b2916 CS & Tests ec43cfc CS & Tests 272f0ad Update the security configs 9dc8d9e Improved re-authentication in login module a4f7264 Tests b807be1 Update core-bundle/contao/languages/en/default.xlf e917497 Do not treat the "please verify your identity" message as error 7e07f1c Handle re-authentication on the redirect page d9d05c3 Correctly handle request object 90d5b70 Correctly handle request object Co-authored-by: leofeyer <1192057+leofeyer@users.noreply.github.com>
- Loading branch information
Showing
22 changed files
with
413 additions
and
424 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.