Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork5.3k
Reworded the article about form login redirects#8192
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
yceruto commentedJul 19, 2017 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
Please, could you take account this commentsymfony/symfony#17529 (comment) in this PR? thanks. |
yceruto commentedJul 19, 2017
See@dmaicher'scomment which also explains the only use case of this option:
|
javiereguiluz commentedJul 20, 2017
@yceruto thanks for letting me know this. I've updated the article. Cheers! |
security/form_login.rst Outdated
| Using a:doc:`form login</security/form_login_setup>` for authentication is a | ||
| common, and flexible, method for handling authentication in Symfony. This | ||
| article explains how to customize the URL which the user is redirected to after | ||
| a successful or failure login. Check out the full |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
"[...] or failed login."?
security/form_login.rst Outdated
| article explains how to customize the URL which the user is redirected to after | ||
| a successful or failure login. Check out the full | ||
| :doc:`form login configuration reference</reference/configuration/security>` to | ||
| learn about the rest of possible customizations. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
[...] of the possile customization options.
security/form_login.rst Outdated
| in several ways. | ||
| By default, the form will redirect to the URL the user requested (i.e. the URL | ||
| which triggered the login form being shown). For example, if the user requested | ||
| ``http://www.example.com/admin/post/18/edit``, then after they successfully log |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
[...] they have successfully logged in, [...]
security/form_login.rst Outdated
| ``default_security_target`` route use the following config: | ||
| Define the``default_security_target`` option to changethe pagewherethe user | ||
| is redirected toif no previous page was stored in the session. The value can be | ||
| relative/absolute URL or a Symfony route name: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
[...] can be a relative/absolute [...]
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
the leading whitespace must be removed by the way (see the build failure)
security/form_login.rst Outdated
| ..code-block::html+twig | ||
| {# src/AppBundle/Resources/views/Security/login.html.twig #} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
{# app/Resources/views/security/login.html.twig #}
security/form_login.rst Outdated
| ..code-block::html+php | ||
| <!-- src/AppBundle/Resources/views/Security/login.html.php --> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
<!-- app/Resources/views/security/login.html.php -->
security/form_login.rst Outdated
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
| ..note:: | ||
| The referrer URL is only used when is different from the URL generated by |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
[...] when it is [...]
security/form_login.rst Outdated
| ..note:: | ||
| The referrer URL is only used when is different from the URL generated by | ||
| the ``login_path`` route, to avoid a redirection loop. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
the comma should be removed
security/form_login.rst Outdated
| ..code-block::html+twig | ||
| {# src/AppBundle/Resources/views/Security/login.html.twig #} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
{# app/Resources/views/security/login.html.twig #}
security/form_login.rst Outdated
| <input type="hidden" name="_failure_path" value="login" /> | ||
| {# ... #} | ||
| <input type="hidden" name="_failure_path" value="{{ path('forgot-password') }}" /> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
forgot_password
security/form_login.rst Outdated
| <input type="hidden" name="_failure_path" value="login" /> | ||
| // ... | ||
| <input type="hidden" name="_failure_path" value="<?php echo $view['router']->generate('forgot-password') ?>" /> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
forgot_password
security/form_login.rst Outdated
| <input type="hidden" name="_target_path" value="account" /> | ||
| <input type="hidden" name="_failure_path" value="login" /> | ||
| // ... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
<!-- ... -->
security/form_login.rst Outdated
| ..code-block::html+php | ||
| <!-- src/AppBundle/Resources/views/Security/login.html.php --> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
<!-- app/Resources/views/security/login.html.php -->
security/form_login.rst Outdated
| ..code-block::html+twig | ||
| {# src/AppBundle/Resources/views/Security/login.html.twig #} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
{# app/Resources/views/security/login.html.twig #}
security/form_login.rst Outdated
| <!-- src/AppBundle/Resources/views/Security/login.html.php --> | ||
| <form action="<?php echo $view['router']->generate('login') ?>" method="post"> | ||
| // ... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
<!-- ... -->
security/form_login.rst Outdated
| ..code-block::html+php | ||
| <!-- src/AppBundle/Resources/views/Security/login.html.php --> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
<!-- app/Resources/views/security/login.html.php -->
security/form_login.rst Outdated
| {# ... #} | ||
| <input type="hidden" name="go_to" value="{{ path('dashboard') }}" /> | ||
| <input type="hidden" name="back_to" value="{{ path('forgot-password') }}" /> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
forgot_password
security/form_login.rst Outdated
| // ... | ||
| <input type="hidden" name="go_to" value="<?php echo $view['router']->generate('dashboard') ?>" /> | ||
| <input type="hidden" name="back_to" value="<?php echo $view['router']->generate('forgot-password') ?>" /> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
forgot_password
javiereguiluz commentedJul 21, 2017
@xabbuh thank you for the time you dedicated to review this. As usual, a great review! Thanks. |
xabbuh commentedJul 21, 2017
Thank you Javier. |
…uiluz)This PR was squashed before being merged into the 2.7 branch (closes#8192).Discussion----------Reworded the article about form login redirectsNow that form login redirects have been fully fixed (seesymfony/symfony#23580) I thought about updating this article, specially its structure.All changes are simple rewordings, except this one: previously, the article said that you can use a Symfony route name as the value of the `_target_path` parameter in the query string or the hidden form field. But if you check the code of this feature, it looks like you can't because we use the value of that parameter "as is" to redirect, so it must be a relative/absolute URL, right?```phpprotected function determineTargetUrl(Request $request){ if ($this->options['always_use_default_target_path']) { return $this->options['default_target_path']; } // We redirect directly to the value of the parameter, so it can't be a route name, right ???? if ($targetUrl = $request->get($this->options['target_path_parameter'], null, true)) { return $targetUrl; } // ...}```Commits-------5015723 Reworded the article about form login redirects
* 2.8: (37 commits) [#8192] use path() in PHP templates Reworded the article about form login redirects Explained the edge-case where the use_referer option doesn't work [#7572] fix wording [#7585] remove trailing whitespaces [#7585] minor rewording Fixed a typo Fixed a typo Update parent_services for tip consistency [#7685] use the method role Minor change Updating doc to specify priority of default normalizer [#7767] remove trailing space [#7767] replace "options" with "entry_options" [#7767] minor rewording [#8047] add inline code comment Fixed the issue in a different way Jquery datePicker syntax update [#8104] minor rewording Add more precision about automatic provider assignation ...
* 3.2: (38 commits) [#8192] use path() in PHP templates Reworded the article about form login redirects Explained the edge-case where the use_referer option doesn't work [#7572] fix wording [#7585] remove trailing whitespaces [#7585] minor rewording Fixed a typo Fixed a typo Update parent_services for tip consistency [#7685] use the method role Minor change Updating doc to specify priority of default normalizer [#7767] remove trailing space [#7767] replace "options" with "entry_options" [#7767] minor rewording [#8047] add inline code comment Fixed the issue in a different way Jquery datePicker syntax update Fix framework instantiation in event-dispatcher [#8104] minor rewording ...
* 3.3: (46 commits) [#8192] use path() in PHP templates Reworded the article about form login redirects Update Flex documentation with latest structure Explained the edge-case where the use_referer option doesn't work [#7572] fix wording [#7585] remove trailing whitespaces [#7585] minor rewording Fixed a typo Fixed a typo Update parent_services for tip consistency [#7685] use the method role Minor change Updating doc to specify priority of default normalizer [#7767] remove trailing space [#7767] replace "options" with "entry_options" [#7767] minor rewording [#8047] add inline code comment Fixed the issue in a different way Jquery datePicker syntax update Fix framework instantiation in event-dispatcher ...
* 3.4: (48 commits) [#8192] use path() in PHP templates Reworded the article about form login redirects Update Flex documentation with latest structure Explained the edge-case where the use_referer option doesn't work [#7572] fix wording [#7585] remove trailing whitespaces [#7585] minor rewording Fixed a typo Fixed a typo Update parent_services for tip consistency [#7685] use the method role Minor change Updating doc to specify priority of default normalizer [#7767] remove trailing space [#7767] replace "options" with "entry_options" [#7767] minor rewording [#8047] add inline code comment Fixed the issue in a different way Jquery datePicker syntax update Fix framework instantiation in event-dispatcher ...
Now that form login redirects have been fully fixed (seesymfony/symfony#23580) I thought about updating this article, specially its structure.
All changes are simple rewordings, except this one: previously, the article said that you can use a Symfony route name as the value of the
_target_pathparameter in the query string or the hidden form field. But if you check the code of this feature, it looks like you can't because we use the value of that parameter "as is" to redirect, so it must be a relative/absolute URL, right?