diff --git a/best_practices/security.rst b/best_practices/security.rst index ff7e747ae0d..1a40fdfc260 100644 --- a/best_practices/security.rst +++ b/best_practices/security.rst @@ -57,8 +57,8 @@ which uses a login form to load users from the database: pattern: ^/ anonymous: true form_login: - check_path: security_login_check - login_path: security_login_form + check_path: login + login_path: login logout: path: security_logout diff --git a/cookbook/security/csrf_in_login_form.rst b/cookbook/security/csrf_in_login_form.rst index f98cc160fa9..3af0643f7fe 100644 --- a/cookbook/security/csrf_in_login_form.rst +++ b/cookbook/security/csrf_in_login_form.rst @@ -92,7 +92,7 @@ using the login form: {# src/AppBundle/Resources/views/Security/login.html.twig #} {# ... #} -
+ {# ... the login fields #} - + {{ error.message }} {% endif %} - + @@ -253,7 +253,7 @@ redirect to the URL defined by some ``account`` route, use the following:
getMessage() ?>
- + diff --git a/cookbook/security/form_login_setup.rst b/cookbook/security/form_login_setup.rst index 829ee018cef..4b2e896fcdf 100644 --- a/cookbook/security/form_login_setup.rst +++ b/cookbook/security/form_login_setup.rst @@ -26,8 +26,8 @@ First, enable form login under your firewall: main: anonymous: ~ form_login: - login_path: /login - check_path: /login_check + login_path: login + check_path: login .. code-block:: xml @@ -42,7 +42,7 @@ First, enable form login under your firewall: - + @@ -55,8 +55,8 @@ First, enable form login under your firewall: 'main' => array( 'anonymous' => null, 'form_login' => array( - 'login_path' => '/login', - 'check_path' => '/login_check', + 'login_path' => 'login', + 'check_path' => 'login', ), ), ), @@ -82,8 +82,8 @@ bundle:: { } -Next, create two routes: one for each of the paths you configured earlier -under your ``form_login`` configuration (``/login`` and ``/login_check``): +Next, create a route for the path you configured earlier +under your ``form_login`` configuration (``/login``): .. configuration-block:: @@ -98,34 +98,20 @@ under your ``form_login`` configuration (``/login`` and ``/login_check``): class SecurityController extends Controller { /** - * @Route("/login", name="login_route") + * @Route("/login", name="login") */ public function loginAction(Request $request) { } - - /** - * @Route("/login_check", name="login_check") - */ - public function loginCheckAction() - { - // this controller will not be executed, - // as the route is handled by the Security system - } } .. code-block:: yaml # app/config/routing.yml - login_route: + login: path: /login defaults: { _controller: AppBundle:Security:login } - login_check: - path: /login_check - # no controller is bound to this route - # as it's handled by the Security system - .. code-block:: xml @@ -135,13 +121,9 @@ under your ``form_login`` configuration (``/login`` and ``/login_check``): xsi:schemaLocation="http://symfony.com/schema/routing http://symfony.com/schema/routing/routing-1.0.xsd"> - + AppBundle:Security:login - - - .. code-block:: php @@ -151,14 +133,10 @@ under your ``form_login`` configuration (``/login`` and ``/login_check``): use Symfony\Component\Routing\Route; $collection = new RouteCollection(); - $collection->add('login_route', new Route('/login', array( + $collection->add('login', new Route('/login', array( '_controller' => 'AppBundle:Security:login', ))); - $collection->add('login_check', new Route('/login_check')); - // no controller is bound to this route - // as it's handled by the Security system - return $collection; Great! Next, add the logic to ``loginAction`` that will display the login @@ -220,7 +198,7 @@ Finally, create the template:
{{ error.messageKey|trans(error.messageData, 'security') }}
{% endif %} - + @@ -243,7 +221,7 @@ Finally, create the template:
getMessage() ?>
- + @@ -269,7 +247,7 @@ Finally, create the template: The form can look like anything, but has a few requirements: -* The form must POST to ``/login_check``, since that's what you configured +* The form must POST to ``/login``, since that's what you configured under the ``form_login`` key in ``security.yml``. * The username must have the name ``_username`` and the password must have @@ -297,7 +275,7 @@ To review the whole process: user to the login form (``/login``); #. The ``/login`` page renders login form via the route and controller created in this example; -#. The user submits the login form to ``/login_check``; +#. The user submits the login form to ``/login``; #. The security system intercepts the request, checks the user's submitted credentials, authenticates the user if they are correct, and sends the user back to the login form if they are not. @@ -324,12 +302,11 @@ When setting up your login form, watch out for a few common pitfalls. 1. Create the Correct Routes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -First, be sure that you've defined the ``/login`` and ``/login_check`` -routes correctly and that they correspond to the ``login_path`` and -``check_path`` config values. A misconfiguration here can mean that you're -redirected to a 404 page instead of the login page, or that submitting -the login form does nothing (you just see the login form over and over -again). +First, be sure that you've defined the ``/login`` route correctly and that +it corresponds to the ``login_path`` and``check_path`` config values. +A misconfiguration here can mean that you're redirected to a 404 page instead +of the login page, or that submitting the login form does nothing (you just see +the login form over and over again). 2. Be Sure the Login Page Isn't Secure (Redirect Loop!) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -472,14 +449,14 @@ for the login page: ), ), -3. Be Sure /login_check Is Behind a Firewall -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +3. Be Sure check_path Is Behind a Firewall +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Next, make sure that your ``check_path`` URL (e.g. ``/login_check``) is behind +Next, make sure that your ``check_path`` URL (e.g. ``/login``) is behind the firewall you're using for your form login (in this example, the single -firewall matches *all* URLs, including ``/login_check``). If ``/login_check`` +firewall matches *all* URLs, including ``/login``). If ``/login`` doesn't match any firewall, you'll receive a ``Unable to find the controller -for path "/login_check"`` exception. +for path "/login"`` exception. 4. Multiple Firewalls Don't Share the Same Security Context ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/cookbook/security/remember_me.rst b/cookbook/security/remember_me.rst index 4340bf235f3..586aab92410 100644 --- a/cookbook/security/remember_me.rst +++ b/cookbook/security/remember_me.rst @@ -152,7 +152,7 @@ this:
{{ error.message }}
{% endif %} - + @@ -172,7 +172,7 @@ this:
getMessage() ?>
- + diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst index e400ab003a2..b81f95387d6 100644 --- a/reference/configuration/security.rst +++ b/reference/configuration/security.rst @@ -129,10 +129,10 @@ Each part will be explained in the next section. provider: some_key_from_above form_login: # submit the login form here - check_path: /login_check + check_path: login # the user is redirected here when they need to log in - login_path: /login + login_path: login # if true, forward the user to the login form instead of redirecting use_forward: false @@ -252,7 +252,7 @@ The Login Form and Process login_path .......... -**type**: ``string`` **default**: ``/login`` +**type**: ``string`` **default**: ``login`` This is the route or path that the user will be redirected to (unless ``use_forward`` is set to ``true``) when they try to access a protected resource but isn't @@ -265,7 +265,7 @@ you may create a redirect loop. For details, see check_path .......... -**type**: ``string`` **default**: ``/login_check`` +**type**: ``string`` **default**: ``login`` This is the route or path that your login form must submit to. The firewall will intercept any requests (``POST`` requests only, by default) to this