Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] json_login tries to handle every request #22423

Closed
lsmith77 opened this issue Apr 13, 2017 · 2 comments
Closed

[Security] json_login tries to handle every request #22423

lsmith77 opened this issue Apr 13, 2017 · 2 comments
Assignees
@dunglas
Labels
Security

Comments

@lsmith77
Copy link
Contributor

Q A
Bug report? yes
Feature request? no
BC Break report? no
RFC? no
Symfony version 3.3-dev

#18952

UsernamePasswordJsonAuthenticationListener seems to "high-jack" every request. While the documentation http://symfony.com/doc/master/security/json_login_setup.html seems to imply it supports things like check_path I do not see this in the code at all. It might make sense to extend from AbstractAuthenticationListener. At the very least the listener should check the Content-Type header if its a json request.
@chalasr
Copy link
Member

chalasr commented Apr 13, 2017

duplicate of #21948.
I'm on it.

@chalasr chalasr mentioned this issue Apr 13, 2017
Closed
@chalasr
Copy link
Member

chalasr commented Apr 13, 2017

See #22425

fabpot added a commit that referenced this issue Apr 18, 2017
@fabpot
bug #22425 [Security] Allow to set a check_path on json_login listene…
6c7bced 
…r (chalasr)

This PR was squashed before being merged into the 3.3-dev branch (closes #22425).

Discussion
----------

[Security] Allow to set a check_path on json_login listener

| Q             | A
| ------------- | ---
| Branch?       | 3.3
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no, master only
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #21948, ~~#22423~~
| License       | MIT
| Doc PR        | n/a

The listener should allow to restrict authentication to a given check_path, as stated in the docs http://symfony.com/doc/master/security/json_login_setup.html

Commits
-------

9f7eb61 [Security] Allow to set a check_path on json_login listener
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dunglas dunglas

Labels
Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dunglas @lsmith77 @chalasr