From 3bd0b4c4811bab6089f0c6ab45fd33e10e91622a Mon Sep 17 00:00:00 2001 From: Henry Snoek Date: Wed, 13 Jan 2016 20:41:50 +0100 Subject: [PATCH 1/3] use same route for login_path and check_path --- best_practices/security.rst | 2 +- cookbook/security/csrf_in_login_form.rst | 4 +- cookbook/security/form_login.rst | 4 +- cookbook/security/form_login_setup.rst | 61 ++++++++---------------- cookbook/security/remember_me.rst | 4 +- reference/configuration/security.rst | 4 +- 6 files changed, 28 insertions(+), 51 deletions(-) diff --git a/best_practices/security.rst b/best_practices/security.rst index ff7e747ae0d..a7ea6ffb1eb 100644 --- a/best_practices/security.rst +++ b/best_practices/security.rst @@ -57,7 +57,7 @@ which uses a login form to load users from the database: pattern: ^/ anonymous: true form_login: - check_path: security_login_check + check_path: security_login_form login_path: security_login_form logout: diff --git a/cookbook/security/csrf_in_login_form.rst b/cookbook/security/csrf_in_login_form.rst index f98cc160fa9..3af0643f7fe 100644 --- a/cookbook/security/csrf_in_login_form.rst +++ b/cookbook/security/csrf_in_login_form.rst @@ -92,7 +92,7 @@ using the login form: {# src/AppBundle/Resources/views/Security/login.html.twig #} {# ... #} -
+ {# ... the login fields #} - + {{ error.message }} {% endif %} - + @@ -253,7 +253,7 @@ redirect to the URL defined by some ``account`` route, use the following:
getMessage() ?>
- + diff --git a/cookbook/security/form_login_setup.rst b/cookbook/security/form_login_setup.rst index 829ee018cef..027bd63fa1f 100644 --- a/cookbook/security/form_login_setup.rst +++ b/cookbook/security/form_login_setup.rst @@ -27,7 +27,7 @@ First, enable form login under your firewall: anonymous: ~ form_login: login_path: /login - check_path: /login_check + check_path: /login .. code-block:: xml @@ -42,7 +42,7 @@ First, enable form login under your firewall: - + @@ -56,7 +56,7 @@ First, enable form login under your firewall: 'anonymous' => null, 'form_login' => array( 'login_path' => '/login', - 'check_path' => '/login_check', + 'check_path' => '/login', ), ), ), @@ -82,8 +82,8 @@ bundle:: { } -Next, create two routes: one for each of the paths you configured earlier -under your ``form_login`` configuration (``/login`` and ``/login_check``): +Next, create a route for the path you configured earlier +under your ``form_login`` configuration (``/login``): .. configuration-block:: @@ -103,15 +103,6 @@ under your ``form_login`` configuration (``/login`` and ``/login_check``): public function loginAction(Request $request) { } - - /** - * @Route("/login_check", name="login_check") - */ - public function loginCheckAction() - { - // this controller will not be executed, - // as the route is handled by the Security system - } } .. code-block:: yaml @@ -121,11 +112,6 @@ under your ``form_login`` configuration (``/login`` and ``/login_check``): path: /login defaults: { _controller: AppBundle:Security:login } - login_check: - path: /login_check - # no controller is bound to this route - # as it's handled by the Security system - .. code-block:: xml @@ -138,10 +124,6 @@ under your ``form_login`` configuration (``/login`` and ``/login_check``): AppBundle:Security:login - - - .. code-block:: php @@ -155,10 +137,6 @@ under your ``form_login`` configuration (``/login`` and ``/login_check``): '_controller' => 'AppBundle:Security:login', ))); - $collection->add('login_check', new Route('/login_check')); - // no controller is bound to this route - // as it's handled by the Security system - return $collection; Great! Next, add the logic to ``loginAction`` that will display the login @@ -220,7 +198,7 @@ Finally, create the template:
{{ error.messageKey|trans(error.messageData, 'security') }}
{% endif %} - + @@ -243,7 +221,7 @@ Finally, create the template:
getMessage() ?>
- + @@ -269,7 +247,7 @@ Finally, create the template: The form can look like anything, but has a few requirements: -* The form must POST to ``/login_check``, since that's what you configured +* The form must POST to ``/login``, since that's what you configured under the ``form_login`` key in ``security.yml``. * The username must have the name ``_username`` and the password must have @@ -297,7 +275,7 @@ To review the whole process: user to the login form (``/login``); #. The ``/login`` page renders login form via the route and controller created in this example; -#. The user submits the login form to ``/login_check``; +#. The user submits the login form to ``/login``; #. The security system intercepts the request, checks the user's submitted credentials, authenticates the user if they are correct, and sends the user back to the login form if they are not. @@ -324,12 +302,11 @@ When setting up your login form, watch out for a few common pitfalls. 1. Create the Correct Routes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -First, be sure that you've defined the ``/login`` and ``/login_check`` -routes correctly and that they correspond to the ``login_path`` and -``check_path`` config values. A misconfiguration here can mean that you're -redirected to a 404 page instead of the login page, or that submitting -the login form does nothing (you just see the login form over and over -again). +First, be sure that you've defined the ``/login`` route correctly and that +it corresponds to the ``login_path`` and``check_path`` config values. +A misconfiguration here can mean that you're redirected to a 404 page instead +of the login page, or that submitting the login form does nothing (you just see +the login form over and over again). 2. Be Sure the Login Page Isn't Secure (Redirect Loop!) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -472,14 +449,14 @@ for the login page: ), ), -3. Be Sure /login_check Is Behind a Firewall -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +3. Be Sure check_path Is Behind a Firewall +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Next, make sure that your ``check_path`` URL (e.g. ``/login_check``) is behind +Next, make sure that your ``check_path`` URL (e.g. ``/login``) is behind the firewall you're using for your form login (in this example, the single -firewall matches *all* URLs, including ``/login_check``). If ``/login_check`` +firewall matches *all* URLs, including ``/login``). If ``/login`` doesn't match any firewall, you'll receive a ``Unable to find the controller -for path "/login_check"`` exception. +for path "/login"`` exception. 4. Multiple Firewalls Don't Share the Same Security Context ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/cookbook/security/remember_me.rst b/cookbook/security/remember_me.rst index 4340bf235f3..586aab92410 100644 --- a/cookbook/security/remember_me.rst +++ b/cookbook/security/remember_me.rst @@ -152,7 +152,7 @@ this:
{{ error.message }}
{% endif %} - + @@ -172,7 +172,7 @@ this:
getMessage() ?>
- + diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst index e400ab003a2..62639165a90 100644 --- a/reference/configuration/security.rst +++ b/reference/configuration/security.rst @@ -129,7 +129,7 @@ Each part will be explained in the next section. provider: some_key_from_above form_login: # submit the login form here - check_path: /login_check + check_path: /login # the user is redirected here when they need to log in login_path: /login @@ -265,7 +265,7 @@ you may create a redirect loop. For details, see check_path .......... -**type**: ``string`` **default**: ``/login_check`` +**type**: ``string`` **default**: ``/login`` This is the route or path that your login form must submit to. The firewall will intercept any requests (``POST`` requests only, by default) to this From ff7b725e15f6f93ab2263ad8e9f0f65f140257a9 Mon Sep 17 00:00:00 2001 From: Henry Snoek Date: Tue, 19 Jan 2016 21:00:01 +0100 Subject: [PATCH 2/3] use same route name (login) --- best_practices/security.rst | 4 ++-- cookbook/security/form_login_setup.rst | 16 ++++++++-------- reference/configuration/security.rst | 8 ++++---- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/best_practices/security.rst b/best_practices/security.rst index a7ea6ffb1eb..1a40fdfc260 100644 --- a/best_practices/security.rst +++ b/best_practices/security.rst @@ -57,8 +57,8 @@ which uses a login form to load users from the database: pattern: ^/ anonymous: true form_login: - check_path: security_login_form - login_path: security_login_form + check_path: login + login_path: login logout: path: security_logout diff --git a/cookbook/security/form_login_setup.rst b/cookbook/security/form_login_setup.rst index 027bd63fa1f..3a06137304d 100644 --- a/cookbook/security/form_login_setup.rst +++ b/cookbook/security/form_login_setup.rst @@ -26,8 +26,8 @@ First, enable form login under your firewall: main: anonymous: ~ form_login: - login_path: /login - check_path: /login + login_path: login + check_path: login .. code-block:: xml @@ -55,8 +55,8 @@ First, enable form login under your firewall: 'main' => array( 'anonymous' => null, 'form_login' => array( - 'login_path' => '/login', - 'check_path' => '/login', + 'login_path' => 'login', + 'check_path' => 'login', ), ), ), @@ -98,7 +98,7 @@ under your ``form_login`` configuration (``/login``): class SecurityController extends Controller { /** - * @Route("/login", name="login_route") + * @Route("/login", name="login") */ public function loginAction(Request $request) { @@ -109,7 +109,7 @@ under your ``form_login`` configuration (``/login``): # app/config/routing.yml login_route: - path: /login + path: login defaults: { _controller: AppBundle:Security:login } .. code-block:: xml @@ -121,7 +121,7 @@ under your ``form_login`` configuration (``/login``): xsi:schemaLocation="http://symfony.com/schema/routing http://symfony.com/schema/routing/routing-1.0.xsd"> - + AppBundle:Security:login @@ -133,7 +133,7 @@ under your ``form_login`` configuration (``/login``): use Symfony\Component\Routing\Route; $collection = new RouteCollection(); - $collection->add('login_route', new Route('/login', array( + $collection->add('login', new Route('/login', array( '_controller' => 'AppBundle:Security:login', ))); diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst index 62639165a90..b81f95387d6 100644 --- a/reference/configuration/security.rst +++ b/reference/configuration/security.rst @@ -129,10 +129,10 @@ Each part will be explained in the next section. provider: some_key_from_above form_login: # submit the login form here - check_path: /login + check_path: login # the user is redirected here when they need to log in - login_path: /login + login_path: login # if true, forward the user to the login form instead of redirecting use_forward: false @@ -252,7 +252,7 @@ The Login Form and Process login_path .......... -**type**: ``string`` **default**: ``/login`` +**type**: ``string`` **default**: ``login`` This is the route or path that the user will be redirected to (unless ``use_forward`` is set to ``true``) when they try to access a protected resource but isn't @@ -265,7 +265,7 @@ you may create a redirect loop. For details, see check_path .......... -**type**: ``string`` **default**: ``/login`` +**type**: ``string`` **default**: ``login`` This is the route or path that your login form must submit to. The firewall will intercept any requests (``POST`` requests only, by default) to this From cb7d534dde3c31b1307bfe0c08ba8bb99b271e46 Mon Sep 17 00:00:00 2001 From: Henry Snoek Date: Tue, 19 Jan 2016 21:02:59 +0100 Subject: [PATCH 3/3] fix route name and path --- cookbook/security/form_login_setup.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cookbook/security/form_login_setup.rst b/cookbook/security/form_login_setup.rst index 3a06137304d..4b2e896fcdf 100644 --- a/cookbook/security/form_login_setup.rst +++ b/cookbook/security/form_login_setup.rst @@ -108,8 +108,8 @@ under your ``form_login`` configuration (``/login``): .. code-block:: yaml # app/config/routing.yml - login_route: - path: login + login: + path: /login defaults: { _controller: AppBundle:Security:login } .. code-block:: xml