Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

merged branch adrienbrault/security-feature (PR #4776)

This PR was merged into the master branch.

Discussion
----------

[2.2] [Security] Add an option to disable the hasPreviousSession() check in AbstractAuthenticationListener

Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: [![Build Status](https://secure.travis-ci.org/adrienbrault/symfony.png?branch=security-feature)](http://travis-ci.org/adrienbrault/symfony)
Fixes the following tickets: #3703
Todo: Add this option to the symfony doc security configuration reference
License of the code: MIT
Documentation PR: N/A

As stated in #3703, all authentication listeners that inherit from AbstractAuthenticationListener, only work when a previous session has been created.
This PR allows to change the default behavior in the security.yml file.

Example:

```yml
security:
    firewalls:
        secured_area:
            pattern:    ^/demo/secured/
            form_login:
                check_path: /demo/secured/login_check
                login_path: /demo/secured/login
                require_previous_session: false # The default value is true
            logout:
                path:   /demo/secured/logout
                target: /demo/
            #anonymous: ~
            #http_basic:
            #    realm: "Secured Demo Area"
```

PS: While removing my old commit, it closed the #4774 PR ...

Commits
-------

0562463 [Security] Add an option to disable the hasPreviousSession() check in AbstractAuthenticationListener
  • Loading branch information...
commit aa26e663b1fecdbcd3afe83e07fa31fd36875d43 2 parents 74f96bf + 0562463
@fabpot fabpot authored
View
1  src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AbstractFactory.php
@@ -44,6 +44,7 @@
'failure_forward' => false,
'login_path' => '/login',
'failure_path_parameter' => '_failure_path',
+ 'require_previous_session' => true,
);
public function create(ContainerBuilder $container, $id, $config, $userProviderId, $defaultEntryPointId)
View
10 src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php
@@ -92,6 +92,14 @@ public function __construct(SecurityContextInterface $securityContext, Authentic
$this->failureHandler = $failureHandler;
$this->options = array_merge(array(
'check_path' => '/login_check',
+ 'login_path' => '/login',
+ 'always_use_default_target_path' => false,
+ 'default_target_path' => '/',
+ 'target_path_parameter' => '_target_path',
+ 'use_referer' => false,
+ 'failure_path' => null,
+ 'failure_forward' => false,
+ 'require_previous_session' => true,
), $options);
$this->logger = $logger;
$this->dispatcher = $dispatcher;
@@ -129,7 +137,7 @@ public function setRememberMeServices(RememberMeServicesInterface $rememberMeSer
}
try {
- if (!$request->hasPreviousSession()) {
+ if ($this->options['require_previous_session'] && !$request->hasPreviousSession()) {
throw new SessionUnavailableException('Your session has timed out, or you have disabled cookies.');
}
Please sign in to comment.
Something went wrong with that request. Please try again.