From ba3eb8d3afd47e89f8c1477b33cd565d1b1ad226 Mon Sep 17 00:00:00 2001 From: WouterJ Date: Wed, 16 Jan 2013 16:37:17 +0100 Subject: [PATCH 1/2] Use routes for security paths, instead of raw paths --- book/security.rst | 13 +++++++------ reference/configuration/security.rst | 6 +++--- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/book/security.rst b/book/security.rst index 57d40606327..fe1e268d264 100644 --- a/book/security.rst +++ b/book/security.rst @@ -296,8 +296,8 @@ First, enable form login under your firewall: pattern: ^/ anonymous: ~ form_login: - login_path: /login - check_path: /login_check + login_path: login + check_path: login_check .. code-block:: xml @@ -355,10 +355,11 @@ First, enable form login under your firewall: 'form_login' => array(), Now, when the security system initiates the authentication process, it will -redirect the user to the login form (``/login`` by default). Implementing -this login form visually is your job. First, create two routes: one that -will display the login form (i.e. ``/login``) and one that will handle the -login form submission (i.e. ``/login_check``): +redirect the user to the login form (``/login`` by default). Implementing this +login form visually is your job. First, the create two routes we used in the +security configuration: the ``login`` route will display the login form (i.e. +``/login``) and the ``login_check`` route will handle the login form +submission (i.e. ``/login_check``): .. configuration-block:: diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst index f892a6a4047..e4c1f3a74d5 100644 --- a/reference/configuration/security.rst +++ b/reference/configuration/security.rst @@ -218,16 +218,16 @@ The Login Form and Process ~~~~~~~~~~~~~~~~~~~~~~~~~~ * ``login_path`` (type: ``string``, default: ``/login``) - This is the URL that the user will be redirected to (unless ``use_forward`` + This is the path that the user will be redirected to (unless ``use_forward`` is set to ``true``) when he/she tries to access a protected resource but isn't fully authenticated. - This URL **must** be accessible by a normal, un-authenticated user, else + This path **must** be accessible by a normal, un-authenticated user, else you may create a redirect loop. For details, see ":ref:`Avoid Common Pitfalls`". * ``check_path`` (type: ``string``, default: ``/login_check``) - This is the URL that your login form must submit to. The firewall will + This is the path that your login form must submit to. The firewall will intercept any requests (``POST`` requests only, by default) to this URL and process the submitted login credentials. From 64a3b2e00c7aa2fa4116d673ce740a4c65cd034e Mon Sep 17 00:00:00 2001 From: WouterJ Date: Thu, 7 Feb 2013 22:46:31 +0100 Subject: [PATCH 2/2] Fixed issues, thanks to @weaverryan --- book/security.rst | 8 ++++---- reference/configuration/security.rst | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/book/security.rst b/book/security.rst index fe1e268d264..c962ae535f5 100644 --- a/book/security.rst +++ b/book/security.rst @@ -313,7 +313,7 @@ First, enable form login under your firewall: - + @@ -327,8 +327,8 @@ First, enable form login under your firewall: 'pattern' => '^/', 'anonymous' => array(), 'form_login' => array( - 'login_path' => '/login', - 'check_path' => '/login_check', + 'login_path' => 'login', + 'check_path' => 'login_check', ), ), ), @@ -558,7 +558,7 @@ see :doc:`/cookbook/security/form_login`. **1. Create the correct routes** - First, be sure that you've defined the ``/login`` and ``/login_check`` + First, be sure that you've defined the ``login`` and ``login_check`` routes correctly and that they correspond to the ``login_path`` and ``check_path`` config values. A misconfiguration here can mean that you're redirected to a 404 page instead of the login page, or that submitting diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst index e4c1f3a74d5..8e14234a0e8 100644 --- a/reference/configuration/security.rst +++ b/reference/configuration/security.rst @@ -218,18 +218,18 @@ The Login Form and Process ~~~~~~~~~~~~~~~~~~~~~~~~~~ * ``login_path`` (type: ``string``, default: ``/login``) - This is the path that the user will be redirected to (unless ``use_forward`` - is set to ``true``) when he/she tries to access a protected resource - but isn't fully authenticated. + This is the route or path that the user will be redirected to (unless + ``use_forward`` is set to ``true``) when he/she tries to access a + protected resource but isn't fully authenticated. This path **must** be accessible by a normal, un-authenticated user, else you may create a redirect loop. For details, see ":ref:`Avoid Common Pitfalls`". * ``check_path`` (type: ``string``, default: ``/login_check``) - This is the path that your login form must submit to. The firewall will - intercept any requests (``POST`` requests only, by default) to this URL - and process the submitted login credentials. + This is the route or path that your login form must submit to. The + firewall will intercept any requests (``POST`` requests only, by default) + to this URL and process the submitted login credentials. Be sure that this URL is covered by your main firewall (i.e. don't create a separate firewall just for ``check_path`` URL).