forked from deblan/gist
security
This commit is contained in:
parent
1f03baafb5
commit
13ceb37df7
|
@ -7,8 +7,9 @@ $app->register(new TwigServiceProvider(), array(
|
||||||
));
|
));
|
||||||
|
|
||||||
$app->extend('twig', function ($twig, $app) {
|
$app->extend('twig', function ($twig, $app) {
|
||||||
$twig->addGlobal('web_path', $app['request']->getBaseUrl().'/');
|
$base = str_replace($app['request']->server->get('SCRIPT_NAME'), '', $app['request']->getBaseUrl());
|
||||||
|
$twig->addGlobal('web_path', $base.'/');
|
||||||
|
|
||||||
return $twig;
|
return $twig;
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
|
@ -44,7 +44,6 @@ $app->get('/', function (Request $request) use ($app) {
|
||||||
$accept = AcceptHeader::fromString($request->headers->get('Accept-Language'));
|
$accept = AcceptHeader::fromString($request->headers->get('Accept-Language'));
|
||||||
$cookie = $request->cookies->get('locale');
|
$cookie = $request->cookies->get('locale');
|
||||||
|
|
||||||
|
|
||||||
if (!empty($cookie) && in_array($cookie, $app['locales'])) {
|
if (!empty($cookie) && in_array($cookie, $app['locales'])) {
|
||||||
$foundLocale = $cookie;
|
$foundLocale = $cookie;
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -37,7 +37,7 @@ $app['security.authentication_listener.factory.form'] = $app->protect(function (
|
||||||
$app['security.authentication_provider.'.$name.'.form']
|
$app['security.authentication_provider.'.$name.'.form']
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
||||||
return [
|
return [
|
||||||
'security.authentication_provider.'.$name.'.form',
|
'security.authentication_provider.'.$name.'.form',
|
||||||
'security.authentication_listener.'.$name.'.form',
|
'security.authentication_listener.'.$name.'.form',
|
||||||
|
@ -55,12 +55,13 @@ $app->register(
|
||||||
'anonymous' => true,
|
'anonymous' => true,
|
||||||
'form' => [
|
'form' => [
|
||||||
'login_path' => '_login',
|
'login_path' => '_login',
|
||||||
'check_path' => '_login_check',
|
'check_path' => '/login_check',
|
||||||
'always_use_default_target_path' => true,
|
'always_use_default_target_path' => true,
|
||||||
'default_target_path' => $app['url_generator']->generate('my'),
|
'default_target_path' => '/',
|
||||||
],
|
],
|
||||||
'logout' => [
|
'logout' => [
|
||||||
'path' => '/logout',
|
'path' => '/logout',
|
||||||
|
'target' => '/',
|
||||||
],
|
],
|
||||||
'users' => $app->share(function () use ($app) {
|
'users' => $app->share(function () use ($app) {
|
||||||
return $app['user.provider'];
|
return $app['user.provider'];
|
||||||
|
|
|
@ -30,11 +30,15 @@ register:
|
||||||
path: /register
|
path: /register
|
||||||
defaults: {_controller: Gist\Controller\LoginController::registerAction, _locale: en}
|
defaults: {_controller: Gist\Controller\LoginController::registerAction, _locale: en}
|
||||||
|
|
||||||
|
login:
|
||||||
|
path: /login
|
||||||
|
defaults: {_controller: Gist\Controller\LoginController::loginAction, _locale: en}
|
||||||
|
|
||||||
_login:
|
_login:
|
||||||
path: /login
|
path: /login
|
||||||
defaults: {_controller: Gist\Controller\LoginController::loginAction, _locale: en}
|
defaults: {_controller: Gist\Controller\LoginController::loginAction, _locale: en}
|
||||||
|
|
||||||
_login_check:
|
login_check:
|
||||||
path: /login_check
|
path: /login_check
|
||||||
|
|
||||||
logout:
|
logout:
|
||||||
|
|
|
@ -79,7 +79,7 @@ class LoginController extends Controller
|
||||||
|
|
||||||
$form = $form->build()->getForm();
|
$form = $form->build()->getForm();
|
||||||
|
|
||||||
if ($request->query->get('error')) {
|
if ($app['security.last_error']($request)) {
|
||||||
$error = $app['translator']->trans('login.login.invalid');
|
$error = $app['translator']->trans('login.login.invalid');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -91,12 +91,4 @@ class LoginController extends Controller
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function loginCheckAction()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
|
|
||||||
public function logoutAction()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
</div>
|
</div>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
<form action="{{ path('_login_check') }}" method="post" id="main-form">
|
<form action="{{ path('login_check') }}" method="post" id="main-form">
|
||||||
<div class="col-md-12">
|
<div class="col-md-12">
|
||||||
<div class="panel panel-default">
|
<div class="panel panel-default">
|
||||||
<div class="panel-heading">
|
<div class="panel-heading">
|
||||||
|
|
|
@ -50,7 +50,7 @@
|
||||||
</li>
|
</li>
|
||||||
{% elseif app.enable_login %}
|
{% elseif app.enable_login %}
|
||||||
<li>
|
<li>
|
||||||
<a href="{{ path('_login') }}">
|
<a href="{{ path('login') }}">
|
||||||
{{ 'app.menu.my.login.title'|trans }}
|
{{ 'app.menu.my.login.title'|trans }}
|
||||||
</a>
|
</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
14
web/app_dev.php
Normal file
14
web/app_dev.php
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])
|
||||||
|
|| !in_array(@$_SERVER['REMOTE_ADDR'], array('127.0.0.1', 'fe80::1', '::1'))
|
||||||
|
) {
|
||||||
|
header('HTTP/1.0 403 Forbidden');
|
||||||
|
exit('You are not allowed to access this file. Check '.basename(__FILE__).' for more information.');
|
||||||
|
}
|
||||||
|
|
||||||
|
$app = require __DIR__.'/../app/bootstrap.php';
|
||||||
|
|
||||||
|
$app['env'] = 'dev';
|
||||||
|
|
||||||
|
$app->run();
|
Loading…
Reference in a new issue