탐색 도움말
가입하기 로그인
VendorSoftware
/
symfony
2
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
소스 검색

merged branch snc/issue-1798 (PR #2528)

Commits
-------

f9befb6 Remove only the security token instead of the session cookie.
348bccb Clear session cookie if user was deleted, is disabled or locked to prevent infinite redirect loops to the login path (fixes #1798).

Discussion
----------

Fix for issue 1798

Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes

Clear session cookie if user was deleted, is disabled or locked to prevent infinite redirect loops to the login path (fixes #1798).

---------------------------------------------------------------------------

by snc at 2011/11/01 04:01:49 -0700

@stof I have changed the code so that it only removes the token... do we still need any hook support?

---------------------------------------------------------------------------

by stof at 2011/11/01 04:07:17 -0700

well, the hook is for your own use case but it would be for 2.1 only anyway, not for 2.0

---------------------------------------------------------------------------

by snc at 2011/11/07 15:11:52 -0800

Now that #2414 is merged to 2.1, this could be simplified for the master branch...
Fabien Potencier 13 년 전
부모
877e484529 f9befb6348
커밋
3c584f5683
1개의 변경된 파일8개의 추가작업 그리고 0개의 파일을 삭제
분할 보기 변경상태 보기
  1. 8 0
      src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php

+ 8 - 0
src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
파일 보기 

@@ -15,7 +15,9 @@ use Symfony\Component\HttpFoundation\Response;
 
 use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface;
 
 use Symfony\Component\Security\Core\SecurityContextInterface;
 
 use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
 
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 
 use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
 
+use Symfony\Component\Security\Core\Exception\AccountStatusException;
 
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 
 use Symfony\Component\Security\Core\Exception\InsufficientAuthenticationException;
 
@@ -158,6 +160,12 @@ class ExceptionListener
 
 
         $this->setTargetPath($request);
 
 
+        if ($authException instanceof AccountStatusException && ($token = $this->context->getToken()) instanceof UsernamePasswordToken) {
 
+            // remove the security token to prevent infinite redirect loops
 
+            $this->context->setToken(null);
 
+            $request->getSession()->remove('_security_' . $token->getProviderKey());
 
+        }
 
+
 
         return $this->authenticationEntryPoint->start($request, $authException);
 
     }