hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-18 15:33:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1817 from bburnichon/bug/oauth_token-PHRAS-1086

Browse Source 
OAuth authentication is not properly prioritized
This commit is contained in:
Thibaud Fabre
2016-04-21 13:24:16 +02:00
parent a83fb6b836 ceb8cb55eb
commit 06f12cabce
2 changed files with 6 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/Alchemy/Phrasea/Core/Event/Subscriber/CookiesDisablerSubscriber.php
View File

@@ -1,5 +1,4 @@
<?php <?php
/* /*
* This file is part of Phraseanet * This file is part of Phraseanet
* *
@@ -12,16 +11,16 @@
namespace Alchemy\Phrasea\Core\Event\Subscriber; namespace Alchemy\Phrasea\Core\Event\Subscriber;
use Alchemy\Phrasea\Application; use Alchemy\Phrasea\Application;
use Symfony\Component\HttpFoundation\Cookie;
use Symfony\Component\HttpKernel\KernelEvents; use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Component\EventDispatcher\EventSubscriberInterface; use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\Event\GetResponseEvent; use Symfony\Component\HttpKernel\Event\GetResponseEvent;
use Symfony\Component\HttpKernel\HttpKernelInterface; use Symfony\Component\HttpKernel\HttpKernelInterface;
use Symfony\Component\HttpFoundation\ResponseHeaderBag;
use Symfony\Component\HttpKernel\Event\FilterResponseEvent; use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
class CookiesDisablerSubscriber implements EventSubscriberInterface class CookiesDisablerSubscriber implements EventSubscriberInterface
{ {
private static $NOSESSION_ROUTES = '/^((\/api\/v1)|(\/api\/?$)|(\/permalink))/'; private static $NOSESSION_ROUTES = '/^((\/api\/v\d+)|(\/api\/?$)|(\/permalink))/';
private $app; private $app;
private $sessionCookieEnabled = true; private $sessionCookieEnabled = true;
@@ -58,12 +57,9 @@ class CookiesDisablerSubscriber implements EventSubscriberInterface
$response = $event->getResponse(); $response = $event->getResponse();
foreach ($response->headers->getCookies(ResponseHeaderBag::COOKIES_ARRAY) as $cookie_domains) { /** @var Cookie $cookie */
foreach ($cookie_domains as $cookie_paths) { foreach ($response->headers->getCookies() as $cookie) {
foreach ($cookie_paths as $cookie) {
$response->headers->removeCookie($cookie->getName(), $cookie->getPath(), $cookie->getDomain()); $response->headers->removeCookie($cookie->getName(), $cookie->getPath(), $cookie->getDomain());
} }
} }
} }
}
}

1
lib/Alchemy/Phrasea/Core/Event/Subscriber/SessionManagerSubscriber.php
View File

@@ -71,6 +71,7 @@ class SessionManagerSubscriber implements EventSubscriberInterface
$request = $event->getRequest(); $request = $event->getRequest();
if ($request->request->has('oauth_token') if ($request->request->has('oauth_token')
|| $request->query->has('oauth_token')
|| $request->query->has('LOG') || $request->query->has('LOG')
|| null === $moduleId = $this->getModuleId($request->getPathInfo()) || null === $moduleId = $this->getModuleId($request->getPathInfo())
) { ) {