merged branch henrikbjorn/require-authentication (PR #4525)

fabpot · fabpot · commit ae2ec36e275d · 2012-06-09T17:11:11.000+02:00
Commits ------- 6a01d3d [Security] Check post_only option and request method Discussion ---------- [Security] Take `post_only` into consideration in requiresAuthentication Change requiresAuthentication to look at the `post_only` option. Fixes #4524 --------------------------------------------------------------------------- by travisbot at 2012-06-08T18:26:21Z This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1570033) (merged 6d799494 into b84b46b). --------------------------------------------------------------------------- by travisbot at 2012-06-09T11:34:59Z This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1575681) (merged af676bb5 into b84b46b). --------------------------------------------------------------------------- by stof at 2012-06-09T14:01:21Z @henrikbjorn could you squash the commit, or cherry-pick the third one so that it is the only one ? The reverted commit seems weird in the PR. --------------------------------------------------------------------------- by henrikbjorn at 2012-06-09T14:18:08Z @stof there. Actually it cannot be squashed. But maybe what i did was wrong. ``` shell git reset --hard b84b46b git cherry-pick af676bb5d01f835b2f9913e129e6c6eb3320dd26 git push -f henrikbjorn require-authentication ``` --------------------------------------------------------------------------- by travisbot at 2012-06-09T14:22:59Z This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1576658) (merged 6a01d3d into 3bb7dc0). --------------------------------------------------------------------------- by stof at 2012-06-09T14:39:25Z @fabpot 👍
diff --git a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
@@ -50,6 +50,18 @@ public function __construct(SecurityContextInterface $securityContext, Authentic
         $this->csrfProvider = $csrfProvider;
     }
 
+    /**
+     * @{inheritdoc}
+     */
+    protected function requiresAuthentication(Request $request)
+    {
+        if ($this->options['post_only'] && !$request->isMethod('post')) {
+            return false;
+        }
+
+        return parent::requiresAuthentication($request);
+    }
+
     /**
      * {@inheritdoc}
      */
