Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.6k
Description
Symfony version(s) affected
5,4, 6.4
Description
create AbstractLoginFormAuthenticator with implementing getLoginUrl without overwriting supports:
This supports check doesn't make much sense checking for a relative url
symfony/src/Symfony/Component/Security/Http/Authenticator/AbstractLoginFormAuthenticator.php
Lines 40 to 43 in16a4681
| publicfunctionsupports(Request$request):bool | |
| { | |
| return$request->isMethod('POST') &&$this->getLoginUrl($request) ===$request->getBaseUrl().$request->getPathInfo(); | |
| } |
when implementation of getLoginUrl that would be logical using HttpUtils like this
symfony/src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php
Lines 68 to 71 in16a4681
| protectedfunctiongetLoginUrl(Request$request):string | |
| { | |
| return$this->httpUtils->generateUri($request,$this->options['login_path']); | |
| } |
returns a absolute url
currently, the documentation is wrong:
symfony/src/Symfony/Component/Security/Http/Authenticator/AbstractLoginFormAuthenticator.php
Lines 37 to 38 in16a4681
| * This default implementation handles all POST requests to the | |
| * login path (@see getLoginUrl()). |
How to reproduce
implement getLoginUrl but without overwriting supports
class MyFormAuthenticatorextends AbstractLoginFormAuthenticator private HttpUtils$httpUtils;private array$options;publicfunction__construct(HttpUtils$httpUtils,array$options) {$this->httpUtils =$httpUtils;$this->options =$options; }protectedfunctiongetLoginUrl(Request$request):string {return$this->httpUtils->generateUri($request,$this->options['login_path']); }}
Possible Solution
i don't know what the best solution would be?
- turn getLoginUrl into a relative Url or checking on absolute Url
- use httpUtils->checkRequestPath ?
Additional Context
No response