Navigation Menu

Skip to content

Commit

Permalink
[Security] Return 401 when using use_forward for form authentication
Browse files Browse the repository at this point in the history
  • Loading branch information
@gunnarlium
gunnarlium committed Mar 23, 2013
1 parent d901afd commit b5597e8
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 3 deletions.
1 change: 1 addition & 0 deletions src/Symfony/Component/Security/CHANGELOG.md
View file
Expand Up @@ -4,6 +4,7 @@ CHANGELOG
2.3.0
-----

* [BC BREAK] return 401 instead of 500 when using use_forward during for form authentication
* added a `require_previous_session` option to `AbstractAuthenticationListener`

2.2.0
Expand Down
7 changes: 6 additions & 1 deletion src/Symfony/Component/Security/Http/EntryPoint/FormAuthenticationEntryPoint.php
View file
Expand Up @@ -53,7 +53,12 @@ public function start(Request $request, AuthenticationException $authException =
if ($this->useForward) {
$subRequest = $this->httpUtils->createRequest($request, $this->loginPath);

return $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
$response = $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
if (200 === $response->getStatusCode()) {
$response->headers->set('X-Status-Code', 401);
}

return $response;
}

return $this->httpUtils->createRedirectResponse($request, $this->loginPath);
Expand Down
7 changes: 5 additions & 2 deletions src/Symfony/Component/Security/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php
View file
Expand Up @@ -50,7 +50,7 @@ public function testStartWithUseForward()
{
$request = $this->getMock('Symfony\Component\HttpFoundation\Request', array(), array(), '', false, false);
$subRequest = $this->getMock('Symfony\Component\HttpFoundation\Request', array(), array(), '', false, false);
$response = $this->getMock('Symfony\Component\HttpFoundation\Response');
$response = new \Symfony\Component\HttpFoundation\Response('', 200);

$httpUtils = $this->getMock('Symfony\Component\Security\Http\HttpUtils');
$httpUtils
Expand All @@ -70,6 +70,9 @@ public function testStartWithUseForward()

$entryPoint = new FormAuthenticationEntryPoint($httpKernel, $httpUtils, '/the/login/path', true);

$this->assertEquals($response, $entryPoint->start($request));
$entryPointResponse = $entryPoint->start($request);

$this->assertEquals($response, $entryPointResponse);
$this->assertEquals(401, $entryPointResponse->headers->get('X-Status-Code'));
}
}

0 comments on commit b5597e8

Please sign in to comment.