8000 bug #22585 [Security] json login listener: ensure a json response is … · symfony/symfony@82a6a35 · GitHub
[go: up one dir, main page]
Skip to content

Commit 82a6a35

Browse files
stofstof
committed
bug #22585 [Security] json login listener: ensure a json response is sent on bad request (ogizanagi)
This PR was merged into the 3.3-dev branch. Discussion ---------- [Security] json login listener: ensure a json response is sent on bad request | Q | A | ------------- | --- | Branch? | master (3.3) | Bug fix? | yesish | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | N/A | License | MIT | Doc PR | N/A I would have simply recommended to set the proper format when declaring the route: ```yml # routing.yml api_login: path: /login defaults: { _format: json } ``` but, since #22477 has been merged, and considering #22477 (comment): > my point above regarding checking the content type is so that one could use form_login and json_login in parallel on the same routes and within the same firewall we may consider setting the request format to json when throwing the `BadRequestHttpException`, so used conjointly with the TwigBundle, the exception is rendered using the `exception.json.twig` template. ping @lsmith77 (An alternative would be to check the Accept header to set the request format to json if it's the preferred one instead of doing it each time we throw the exception. But Symfony never used such content negotiation AFAIK, and I think it's safe enough to assume someone sending json is expecting json as ouput for exceptions.) Commits ------- 4427cf9 [Security] json login listener: ensure a json response is sent on bad request
2 parents 5edbc13 + 4427cf9 commit 82a6a35

File tree

3 files changed

+16
-0
lines changed

3 files changed

+16
-0
lines changed

src/Symfony/Bundle/SecurityBundle/Tests/Functional/JsonLoginTest.php

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,4 +61,15 @@ public function testCustomJsonLoginFailure()
6161
$this->assertSame(500, $response->getStatusCode());
6262
$this->assertSame(array('message' => 'Something went wrong'), json_decode($response->getContent(), true));
6363
}
64+
65+
public function testDefaultJsonLoginBadRequest()
66+
{
67+
$client = $this->createClient(array('test_case' => 'JsonLogin', 'root_config' => 'config.yml'));
68+
$client->request('POST', '/chk', array(), array(), array('CONTENT_TYPE' => 'application/json'), 'Not a json content');
69+
$response = $client->getResponse();
70+
71+
$this->assertSame(400, $response->getStatusCode());
72+
$this->assertSame('application/json', $response->headers->get('Content-Type'));
73+
$this->assertArraySubset(array('error' => array('code' => 400, 'message' => 'Bad Request')), json_decode($response->getContent(), true));
74+
}
6475
}

src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/bundles.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,5 +12,6 @@
1212
return array(
1313
new Symfony\Bundle\SecurityBundle\SecurityBundle(),
1414
new Symfony\Bundle\FrameworkBundle\FrameworkBundle(),
15+
new Symfony\Bundle\TwigBundle\TwigBundle(),
1516
new Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\JsonLoginBundle\JsonLoginBundle(),
1617
);

src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -122,6 +122,10 @@ public function handle(GetResponseEvent $event)
122122
$response = $this->onSuccess($request, $authenticatedToken);
123123
} catch (AuthenticationException $e) {
124124
$response = $this->onFailure($request, $e);
125+
} catch (BadRequestHttpException $e) {
126+
$request->setRequestFormat('json');
127+
128+
throw $e;
125129
}
126130

127131
if (null === $response) {

0 commit comments

Comments
 (0)
0