Skip to content

Use routes for security paths, instead of raw paths #2146

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Feb 11, 2013
Merged

Use routes for security paths, instead of raw paths #2146

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ba3eb8d
Use routes for security paths, instead of raw paths
wouterj Jan 16, 2013
64a3b2e
Fixed issues, thanks to @weaverryan
wouterj Feb 7, 2013
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 11 additions & 10 deletions book/security.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -296,8 +296,8 @@ First, enable form login under your firewall:
pattern: ^/
anonymous: ~
form_login:
login_path: /login
check_path: /login_check
login_path: login
check_path: login_check
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should update the XML and PHP formats here as well


.. code-block:: xml

Expand All @@ -313,7 +313,7 @@ First, enable form login under your firewall:
<config>
<firewall name="secured_area" pattern="^/">
<anonymous />
<form-login login_path="/login" check_path="/login_check" />
<form-login login_path="login" check_path="login_check" />
</firewall>
</config>
</srv:container>
Expand All @@ -327,8 +327,8 @@ First, enable form login under your firewall:
'pattern' => '^/',
'anonymous' => array(),
'form_login' => array(
'login_path' => '/login',
'check_path' => '/login_check',
'login_path' => 'login',
'check_path' => 'login_check',
),
),
),
Expand All @@ -355,10 +355,11 @@ First, enable form login under your firewall:
'form_login' => array(),

Now, when the security system initiates the authentication process, it will
redirect the user to the login form (``/login`` by default). Implementing
this login form visually is your job. First, create two routes: one that
will display the login form (i.e. ``/login``) and one that will handle the
login form submission (i.e. ``/login_check``):
redirect the user to the login form (``/login`` by default). Implementing this
login form visually is your job. First, the create two routes we used in the
security configuration: the ``login`` route will display the login form (i.e.
``/login``) and the ``login_check`` route will handle the login form
submission (i.e. ``/login_check``):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are a few other references we should probably re-read and see if we need to update them. For example, if you search for _path in this document, there is a reference around line 560 (beneath "Create the correct routes") that should have slightly different wording (still referring to the "/login" and "login_check" URLs of the routes, rather than the route names themselves.

So, see what other references you can find, and I'll look again when I merge this in. Between the 2 of us, we should be able to find everything :).


.. configuration-block::

Expand Down Expand Up @@ -557,7 +558,7 @@ see :doc:`/cookbook/security/form_login`.

**1. Create the correct routes**

First, be sure that you've defined the ``/login`` and ``/login_check``
First, be sure that you've defined the ``login`` and ``login_check``
routes correctly and that they correspond to the ``login_path`` and
``check_path`` config values. A misconfiguration here can mean that you're
redirected to a 404 page instead of the login page, or that submitting
Expand Down
14 changes: 7 additions & 7 deletions reference/configuration/security.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -218,18 +218,18 @@ The Login Form and Process
~~~~~~~~~~~~~~~~~~~~~~~~~~

* ``login_path`` (type: ``string``, default: ``/login``)
This is the URL that the user will be redirected to (unless ``use_forward``
is set to ``true``) when he/she tries to access a protected resource
but isn't fully authenticated.
This is the route or path that the user will be redirected to (unless
``use_forward`` is set to ``true``) when he/she tries to access a
protected resource but isn't fully authenticated.

This URL **must** be accessible by a normal, un-authenticated user, else
This path **must** be accessible by a normal, un-authenticated user, else
you may create a redirect loop. For details, see
":ref:`Avoid Common Pitfalls<book-security-common-pitfalls>`".

* ``check_path`` (type: ``string``, default: ``/login_check``)
This is the URL that your login form must submit to. The firewall will
intercept any requests (``POST`` requests only, by default) to this URL
and process the submitted login credentials.
This is the route or path that your login form must submit to. The
firewall will intercept any requests (``POST`` requests only, by default)
to this URL and process the submitted login credentials.

Be sure that this URL is covered by your main firewall (i.e. don't create
a separate firewall just for ``check_path`` URL).
Expand Down