Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Override the authentication listener to validate FORM_SUBMIT #1118
I have update the basic PR features according to my findings yesterday with @richardhj
The current frontend login implementation works around several issues Contao core has with Symfony security. Symfony assumes there's a URL where you POST the login data, and that there is a page where the login form is. By default, Symfony will redirect a user to the
All of this is not actually how Contao works. In the Contao front end, one can place the login module on any page, and on that page the credentials should be checked. We also do not know a login redirect URL, we merely render the 401/403 page type in place.
This is what this PR finally implements now: instead of using the default authentication entry point, which redirects or internally forwards to a
This PR is feature-complete now, but I need to fix tests etc. Basically, we're moving away from configuring Symfony from behaving as needed by Contao, and simply implement the necessary 20% ourselves.
To summarize the changes and make them more "readable":
…tao#1118) Description ----------- @richardhj can you see if this fixes contao#558 ? Commits ------- b0cb841 Override the authentication listener to validate FORM_SUBMIT af1786e Fix the coding style 1981f28 Fix the coding style and add a unit test for the authentication listener c285cf6 Adjust entry point to display the login page 1283054 Merge branch 'master' into feature/login-form # Conflicts: # core-bundle/src/Resources/config/services.yml # core-bundle/src/Security/Authentication/AuthenticationEntryPoint.php e760b3d Adjust contao login security f59b230 Fix the coding style a507cf7 Added some unit tests 6d27792 Added remaining unit tests 5e4bfc8 CS 48a8506 Fix the coding style