8000 [Security][Guard] check if session exist before using it by pasdeloup · Pull Request #19218 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

[Security][Guard] check if session exist before using it #19218

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 9 commits into from
Closed

[Security][Guard] check if session exist before using it #19218

Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
3e8c68d
check if session exist before using it
pasdeloup Jun 29, 2016
473bb7f
fix CS on old code according to fabbot.io
pasdeloup Jun 29, 2016
4f1d0db
added tests
pasdeloup Jun 29, 2016
164d327
fix CS according to fabbot.io
pasdeloup Jun 29, 2016
30d1d7d
Move Mock class at the send of the test class
pasdeloup Jun 29, 2016
e0f4924
initialize targetPath to null
pasdeloup Jun 30, 2016
bf7e3e4
improve test lisibility and add case where targetPath is set or not i…
pasdeloup Jun 30, 2016
15e3f06
fix CS: remove useless spaces
pasdeloup Jun 30, 2016
43b9194
rename tested class to TestFormLoginAuthenticator
pasdeloup Jun 30, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
check if session exist before using it
  • Loading branch information
@pasdeloup
pasdeloup committed Jun 29, 2016
commit 3e8c68df4d6e471963164b9caa149929d7d197c1
12 changes: 9 additions & 3 deletions src/Symfony/Component/Security/Guard/Authenticator/AbstractFormLoginAuthenticator.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@

namespace Symfony\Component\Security\Guard\Authenticator;

use Symfony\Component\HttpFoundation\Session\SessionInterface;
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
Expand Down Expand Up @@ -52,7 +53,10 @@ abstract protected function getDefaultSuccessRedirectUrl();
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
$request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
if ($request->getSession() instanceof SessionInterface) {
$request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
}

$url = $this->getLoginUrl();

return new RedirectResponse($url);
Expand All @@ -71,9 +75,11 @@ public function onAuthenticationSuccess(Request $request, TokenInterface $token,
{
// if the user hit a secure page and start() was called, this was
// the URL they were on, and probably where you want to redirect to
$targetPath = $request->getSession()->get('_security.'.$providerKey.'.target_path');
if ($request->getSession() instanceof SessionInterface) {
$targetPath = $request->getSession()->get('_security.' . $providerKey . '.target_path');
}

if (!$targetPath) {
if (!isset($targetPath) || !$targetPath) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would prefer to explicitly initialize $targetPath to nullabove and make a check on null here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, done.
I also improved the tests.

$targetPath = $this->getDefaultSuccessRedirectUrl();
}

Expand Down
0