Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

[Security] Add an option to disable the hasPreviousSession() check in AbstractAuthenticationListener #4774

Merged
merged 0 commits into from Jul 6, 2012

Conversation

Projects
None yet
2 participants
Contributor

adrienbrault commented Jul 6, 2012

Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: #3703
Todo: Add this option to the symfony doc security configuration reference
License of the code: MIT
Documentation PR: N/A

As stated in #3703, all authentication listeners that inherit from AbstractAuthenticationListener, only work when a previous session has been created.
This PR allows to change the default behavior in the security.yml file.

Example:

security:
    firewalls:
        secured_area:
            pattern:    ^/demo/secured/
            form_login:
                check_path: /demo/secured/login_check
                login_path: /demo/secured/login
                require_previous_session: false # The default value is true
            logout:
                path:   /demo/secured/logout
                target: /demo/
            #anonymous: ~
            #http_basic:
            #    realm: "Secured Demo Area"
Owner

fabpot commented Jul 6, 2012

That cannot be done in the 2.0 branch.

Contributor

adrienbrault commented Jul 6, 2012

Why ? We're using this fix inside our 2.0 app.
Is your comment just about VCS, like if 2.0 isn't merged into master anymore ?

Sent from my iPhone

On 6 juil. 2012, at 19:49, Fabien Potencierreply@reply.github.com wrote:

That cannot be done in the 2.0 branch.


Reply to this email directly or view it on GitHub:
#4774 (comment)

Owner

fabpot commented Jul 6, 2012

It is a new feature and as such it should be done in master, not 2.0.

@adrienbrault adrienbrault merged commit 9a5e6c9 into symfony:2.0 Jul 6, 2012

fabpot added a commit that referenced this pull request Mar 23, 2013

merged branch adrienbrault/security-feature (PR #4776)
This PR was merged into the master branch.

Discussion
----------

[2.2] [Security] Add an option to disable the hasPreviousSession() check in AbstractAuthenticationListener

Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: [![Build Status](https://secure.travis-ci.org/adrienbrault/symfony.png?branch=security-feature)](http://travis-ci.org/adrienbrault/symfony)
Fixes the following tickets: #3703
Todo: Add this option to the symfony doc security configuration reference
License of the code: MIT
Documentation PR: N/A

As stated in #3703, all authentication listeners that inherit from AbstractAuthenticationListener, only work when a previous session has been created.
This PR allows to change the default behavior in the security.yml file.

Example:

```yml
security:
    firewalls:
        secured_area:
            pattern:    ^/demo/secured/
            form_login:
                check_path: /demo/secured/login_check
                login_path: /demo/secured/login
                require_previous_session: false # The default value is true
            logout:
                path:   /demo/secured/logout
                target: /demo/
            #anonymous: ~
            #http_basic:
            #    realm: "Secured Demo Area"
```

PS: While removing my old commit, it closed the #4774 PR ...

Commits
-------

0562463 [Security] Add an option to disable the hasPreviousSession() check in AbstractAuthenticationListener
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment