From 8a03dd64ac5395ee229fdb6c7cf181d066018240 Mon Sep 17 00:00:00 2001
From: Ivo Valchev <Ivo.V.Valchev@gmail.com>
Date: Mon, 13 Dec 2021 11:12:50 +0100
Subject: [PATCH 1/4] Redirect to login page if unauthenticated

---
 config/packages/security.yaml                 |  1 +
 .../AuthenticationEntryPointRedirector.php    | 27 +++++++++++++++++++
 templates/security/login.html.twig            |  4 +++
 yaml-migrations/m_2021-12-10-security_1.yaml  |  1 +
 4 files changed, 33 insertions(+)
 create mode 100644 src/Security/AuthenticationEntryPointRedirector.php

diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index adb4f94e3..4ae163b60 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -31,6 +31,7 @@ security:
             pattern: ^/
             user_checker: Bolt\Security\UserChecker
             switch_user: { role: CAN_SWITCH_USER }
+            entry_point: Bolt\Security\AuthenticationEntryPointRedirector
 
             custom_authenticators:
                 - Bolt\Security\LoginFormAuthenticator
diff --git a/src/Security/AuthenticationEntryPointRedirector.php b/src/Security/AuthenticationEntryPointRedirector.php
new file mode 100644
index 000000000..ad0c02984
--- /dev/null
+++ b/src/Security/AuthenticationEntryPointRedirector.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace Bolt\Security;
+
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
+
+class AuthenticationEntryPointRedirector implements AuthenticationEntryPointInterface
+{
+    private $urlGenerator;
+
+    public function __construct(UrlGeneratorInterface $urlGenerator)
+    {
+        $this->urlGenerator = $urlGenerator;
+    }
+
+    public function start(Request $request, AuthenticationException $authException = null)
+    {
+        // add a custom flash message and redirect to the login page
+        $request->getSession()->getFlashBag()->add('warning', 'You have to login in order to access this page.');
+
+        return new RedirectResponse($this->urlGenerator->generate('bolt_login'));
+    }
+}
diff --git a/templates/security/login.html.twig b/templates/security/login.html.twig
index d04ca12cb..aaa43eaaa 100644
--- a/templates/security/login.html.twig
+++ b/templates/security/login.html.twig
@@ -71,6 +71,10 @@
         </div>
 
     </div>
+
+    <div class="admin__notifications">
+        {{ include('@bolt/_partials/_flash_messages.html.twig') }}
+    </div>
 {% endblock %}
 
 
diff --git a/yaml-migrations/m_2021-12-10-security_1.yaml b/yaml-migrations/m_2021-12-10-security_1.yaml
index a845daf00..b49f53369 100644
--- a/yaml-migrations/m_2021-12-10-security_1.yaml
+++ b/yaml-migrations/m_2021-12-10-security_1.yaml
@@ -10,3 +10,4 @@ add:
             main:
                 custom_authenticators:
                     - Bolt\Security\LoginFormAuthenticator
+                entry_point: Bolt\Security\AuthenticationEntryPointRedirector

From bbc1bc2e26e3484c9084781ee54d3da108785f68 Mon Sep 17 00:00:00 2001
From: Ivo Valchev <Ivo.V.Valchev@gmail.com>
Date: Mon, 13 Dec 2021 11:17:38 +0100
Subject: [PATCH 2/4] Update phpstan.neon

---
 phpstan.neon | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/phpstan.neon b/phpstan.neon
index 0d9048055..0894f1877 100644
--- a/phpstan.neon
+++ b/phpstan.neon
@@ -41,6 +41,11 @@ parameters:
             message: '#Property Bolt\\Entity\\(.*)::\$id is never written, only read#'
             path: %currentWorkingDirectory%/src/Entity/*
 
+        # False positive: Call to an undefined method Symfony\Component\HttpFoundation\Session\SessionInterface::getFlashBag().
+        -
+            message: '#Symfony\\Component\\HttpFoundation\\Session\\SessionInterface::getFlashBag#'
+            path: %currentWorkingDirectory%/src/Security/AuthenticationEntryPointRedirector
+
 includes:
 	- vendor/phpstan/phpstan-symfony/extension.neon
 	- vendor/phpstan/phpstan-doctrine/extension.neon

From 1a5bcccf7db5c0098a71a6d86a9cc9870d871d7a Mon Sep 17 00:00:00 2001
From: Ivo Valchev <Ivo.V.Valchev@gmail.com>
Date: Mon, 13 Dec 2021 11:12:50 +0100
Subject: [PATCH 3/4] Redirect to login page if unauthenticated

---
 config/packages/security.yaml                 |  1 +
 .../AuthenticationEntryPointRedirector.php    | 27 +++++++++++++++++++
 templates/security/login.html.twig            |  4 +++
 yaml-migrations/m_2021-12-10-security_1.yaml  |  1 +
 4 files changed, 33 insertions(+)
 create mode 100644 src/Security/AuthenticationEntryPointRedirector.php

diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index adb4f94e3..4ae163b60 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -31,6 +31,7 @@ security:
             pattern: ^/
             user_checker: Bolt\Security\UserChecker
             switch_user: { role: CAN_SWITCH_USER }
+            entry_point: Bolt\Security\AuthenticationEntryPointRedirector
 
             custom_authenticators:
                 - Bolt\Security\LoginFormAuthenticator
diff --git a/src/Security/AuthenticationEntryPointRedirector.php b/src/Security/AuthenticationEntryPointRedirector.php
new file mode 100644
index 000000000..ad0c02984
--- /dev/null
+++ b/src/Security/AuthenticationEntryPointRedirector.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace Bolt\Security;
+
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
+
+class AuthenticationEntryPointRedirector implements AuthenticationEntryPointInterface
+{
+    private $urlGenerator;
+
+    public function __construct(UrlGeneratorInterface $urlGenerator)
+    {
+        $this->urlGenerator = $urlGenerator;
+    }
+
+    public function start(Request $request, AuthenticationException $authException = null)
+    {
+        // add a custom flash message and redirect to the login page
+        $request->getSession()->getFlashBag()->add('warning', 'You have to login in order to access this page.');
+
+        return new RedirectResponse($this->urlGenerator->generate('bolt_login'));
+    }
+}
diff --git a/templates/security/login.html.twig b/templates/security/login.html.twig
index d04ca12cb..aaa43eaaa 100644
--- a/templates/security/login.html.twig
+++ b/templates/security/login.html.twig
@@ -71,6 +71,10 @@
         </div>
 
     </div>
+
+    <div class="admin__notifications">
+        {{ include('@bolt/_partials/_flash_messages.html.twig') }}
+    </div>
 {% endblock %}
 
 
diff --git a/yaml-migrations/m_2021-12-10-security_1.yaml b/yaml-migrations/m_2021-12-10-security_1.yaml
index a845daf00..b49f53369 100644
--- a/yaml-migrations/m_2021-12-10-security_1.yaml
+++ b/yaml-migrations/m_2021-12-10-security_1.yaml
@@ -10,3 +10,4 @@ add:
             main:
                 custom_authenticators:
                     - Bolt\Security\LoginFormAuthenticator
+                entry_point: Bolt\Security\AuthenticationEntryPointRedirector

From f485cf842b1f3d174cf3ec20fac6ee80663a04f1 Mon Sep 17 00:00:00 2001
From: Ivo Valchev <Ivo.V.Valchev@gmail.com>
Date: Mon, 13 Dec 2021 11:17:38 +0100
Subject: [PATCH 4/4] Update phpstan.neon

---
 phpstan.neon | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/phpstan.neon b/phpstan.neon
index 0d9048055..0894f1877 100644
--- a/phpstan.neon
+++ b/phpstan.neon
@@ -41,6 +41,11 @@ parameters:
             message: '#Property Bolt\\Entity\\(.*)::\$id is never written, only read#'
             path: %currentWorkingDirectory%/src/Entity/*
 
+        # False positive: Call to an undefined method Symfony\Component\HttpFoundation\Session\SessionInterface::getFlashBag().
+        -
+            message: '#Symfony\\Component\\HttpFoundation\\Session\\SessionInterface::getFlashBag#'
+            path: %currentWorkingDirectory%/src/Security/AuthenticationEntryPointRedirector
+
 includes:
 	- vendor/phpstan/phpstan-symfony/extension.neon
 	- vendor/phpstan/phpstan-doctrine/extension.neon