Skip to content
Browse files

[Security] Return 401 when using use_forward for form authentication

  • Loading branch information...
1 parent d901afd commit b5597e8209a4d906383b192062eb5402f53213a2 @gunnarlium gunnarlium committed Feb 4, 2013
View
1 src/Symfony/Component/Security/CHANGELOG.md
@@ -4,6 +4,7 @@ CHANGELOG
2.3.0
-----
+ * [BC BREAK] return 401 instead of 500 when using use_forward during for form authentication
* added a `require_previous_session` option to `AbstractAuthenticationListener`
2.2.0
View
7 src/Symfony/Component/Security/Http/EntryPoint/FormAuthenticationEntryPoint.php
@@ -53,7 +53,12 @@ public function start(Request $request, AuthenticationException $authException =
if ($this->useForward) {
$subRequest = $this->httpUtils->createRequest($request, $this->loginPath);
- return $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
+ $response = $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
+ if (200 === $response->getStatusCode()) {
+ $response->headers->set('X-Status-Code', 401);
+ }
+
+ return $response;
}
return $this->httpUtils->createRedirectResponse($request, $this->loginPath);
View
7 src/Symfony/Component/Security/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php
@@ -50,7 +50,7 @@ public function testStartWithUseForward()
{
$request = $this->getMock('Symfony\Component\HttpFoundation\Request', array(), array(), '', false, false);
$subRequest = $this->getMock('Symfony\Component\HttpFoundation\Request', array(), array(), '', false, false);
- $response = $this->getMock('Symfony\Component\HttpFoundation\Response');
+ $response = new \Symfony\Component\HttpFoundation\Response('', 200);
$httpUtils = $this->getMock('Symfony\Component\Security\Http\HttpUtils');
$httpUtils
@@ -70,6 +70,9 @@ public function testStartWithUseForward()
$entryPoint = new FormAuthenticationEntryPoint($httpKernel, $httpUtils, '/the/login/path', true);
- $this->assertEquals($response, $entryPoint->start($request));
+ $entryPointResponse = $entryPoint->start($request);
+
+ $this->assertEquals($response, $entryPointResponse);
+ $this->assertEquals(401, $entryPointResponse->headers->get('X-Status-Code'));
}
}

0 comments on commit b5597e8

Please sign in to comment.
Something went wrong with that request. Please try again.