hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-17 23:13:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1817 from bburnichon/bug/oauth_token-PHRAS-1086

Browse Source 
OAuth authentication is not properly prioritized
This commit is contained in:
Thibaud Fabre
2016-04-21 13:24:16 +02:00
parent a83fb6b836 ceb8cb55eb
commit 06f12cabce
2 changed files with 6 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
lib/Alchemy/Phrasea/Core/Event/Subscriber/CookiesDisablerSubscriber.php
View File

@@ -1,5 +1,4 @@
<?php
/*
* This file is part of Phraseanet
*
@@ -12,16 +11,16 @@
namespace Alchemy\Phrasea\Core\Event\Subscriber;
use Alchemy\Phrasea\Application;
use Symfony\Component\HttpFoundation\Cookie;
use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
use Symfony\Component\HttpKernel\HttpKernelInterface;
use Symfony\Component\HttpFoundation\ResponseHeaderBag;
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
class CookiesDisablerSubscriber implements EventSubscriberInterface
{
private static $NOSESSION_ROUTES = '/^((\/api\/v1)|(\/api\/?$)|(\/permalink))/';
private static $NOSESSION_ROUTES = '/^((\/api\/v\d+)|(\/api\/?$)|(\/permalink))/';
private $app;
private $sessionCookieEnabled = true;
@@ -58,12 +57,9 @@ class CookiesDisablerSubscriber implements EventSubscriberInterface
$response = $event->getResponse();
foreach ($response->headers->getCookies(ResponseHeaderBag::COOKIES_ARRAY) as $cookie_domains) {
foreach ($cookie_domains as $cookie_paths) {
foreach ($cookie_paths as $cookie) {
$response->headers->removeCookie($cookie->getName(), $cookie->getPath(), $cookie->getDomain());
}
}
/** @var Cookie $cookie */
foreach ($response->headers->getCookies() as $cookie) {
$response->headers->removeCookie($cookie->getName(), $cookie->getPath(), $cookie->getDomain());
}
}
}

1
lib/Alchemy/Phrasea/Core/Event/Subscriber/SessionManagerSubscriber.php
View File

@@ -71,6 +71,7 @@ class SessionManagerSubscriber implements EventSubscriberInterface
$request = $event->getRequest();
if ($request->request->has('oauth_token')
|| $request->query->has('oauth_token')
|| $request->query->has('LOG')
|| null === $moduleId = $this->getModuleId($request->getPathInfo())
) {