diff --git a/lib/Alchemy/Phrasea/Controller/Root/Login.php b/lib/Alchemy/Phrasea/Controller/Root/Login.php index aee69adcbc..ddf6afb362 100644 --- a/lib/Alchemy/Phrasea/Controller/Root/Login.php +++ b/lib/Alchemy/Phrasea/Controller/Root/Login.php @@ -101,7 +101,9 @@ class Login implements ControllerProviderInterface // Displays the homepage $controllers->get('/', 'login.controller:login') ->before(function (Request $request) use ($app) { - $app['firewall']->requireNotAuthenticated(); + if (null !== $response = $app['firewall']->requireNotAuthenticated()) { + return $response; + } if (null !== $request->query->get('postlog')) { @@ -126,14 +128,18 @@ class Login implements ControllerProviderInterface // Authentication end point $controllers->post('/authenticate/', 'login.controller:authenticate') ->before(function (Request $request) use ($app) { - $app['firewall']->requireNotAuthenticated(); + if (null !== $response = $app['firewall']->requireNotAuthenticated()) { + return $response; + } }) ->bind('login_authenticate'); // Guest access end point $controllers->match('/authenticate/guest/', 'login.controller:authenticateAsGuest') ->before(function (Request $request) use ($app) { - $app['firewall']->requireNotAuthenticated(); + if (null !== $response = $app['firewall']->requireNotAuthenticated()) { + return $response; + } }) ->bind('login_authenticate_as_guest') ->method('GET|POST'); @@ -141,14 +147,18 @@ class Login implements ControllerProviderInterface // Authenticate with an AuthProvider $controllers->get('/provider/{providerId}/authenticate/', 'login.controller:authenticateWithProvider') ->before(function (Request $request) use ($app) { - $app['firewall']->requireNotAuthenticated(); + if (null !== $response = $app['firewall']->requireNotAuthenticated()) { + return $response; + } }) ->bind('login_authentication_provider_authenticate'); // AuthProviders callbacks $controllers->get('/provider/{providerId}/callback/', 'login.controller:authenticationCallback') ->before(function (Request $request) use ($app) { - $app['firewall']->requireNotAuthenticated(); + if (null !== $response = $app['firewall']->requireNotAuthenticated()) { + return $response; + } })->bind('login_authentication_provider_callback'); // Logout end point @@ -160,13 +170,17 @@ class Login implements ControllerProviderInterface // Registration end point ; redirects to classic registration or AuthProvider registration $controllers->get('/register/', 'login.controller:displayRegisterForm') ->before(function (Request $request) use ($app) { - $app['firewall']->requireNotAuthenticated(); + if (null !== $response = $app['firewall']->requireNotAuthenticated()) { + return $response; + } })->bind('login_register'); // Classic registration end point $controllers->match('/register-classic/', 'login.controller:doRegistration') ->before(function (Request $request) use ($app) { - $app['firewall']->requireNotAuthenticated(); + if (null !== $response = $app['firewall']->requireNotAuthenticated()) { + return $response; + } }) ->bind('login_register_classic'); @@ -178,25 +192,33 @@ class Login implements ControllerProviderInterface // Unlocks an email address that is currently locked $controllers->get('/register-confirm/', 'login.controller:registerConfirm') ->before(function (Request $request) use ($app) { - $app['firewall']->requireNotAuthenticated(); + if (null !== $response = $app['firewall']->requireNotAuthenticated()) { + return $response; + } })->bind('login_register_confirm'); // Displays a form to send an account unlock email again $controllers->get('/send-mail-confirm/', 'login.controller:sendConfirmMail') ->before(function (Request $request) use ($app) { - $app['firewall']->requireNotAuthenticated(); + if (null !== $response = $app['firewall']->requireNotAuthenticated()) { + return $response; + } })->bind('login_send_mail'); // Forgot password end point $controllers->match('/forgot-password/', 'login.controller:forgotPassword') ->before(function (Request $request) use ($app) { - $app['firewall']->requireNotAuthenticated(); + if (null !== $response = $app['firewall']->requireNotAuthenticated()) { + return $response; + } })->bind('login_forgot_password'); // Renew password end point $controllers->match('/renew-password/', 'login.controller:renewPassword') ->before(function (Request $request) use ($app) { - $app['firewall']->requireNotAuthenticated(); + if (null !== $response = $app['firewall']->requireNotAuthenticated()) { + return $response; + } })->bind('login_renew_password'); // Displays Terms of use diff --git a/lib/Alchemy/Phrasea/Security/Firewall.php b/lib/Alchemy/Phrasea/Security/Firewall.php index ab9307d968..793e8fa555 100644 --- a/lib/Alchemy/Phrasea/Security/Firewall.php +++ b/lib/Alchemy/Phrasea/Security/Firewall.php @@ -3,6 +3,7 @@ namespace Alchemy\Phrasea\Security; use Silex\Application; +use Symfony\Component\HttpFoundation\RedirectResponse; class Firewall { @@ -126,12 +127,8 @@ class Firewall public function requireNotAuthenticated() { if ($this->app['authentication']->isAuthenticated()) { - $this->app->abort(302, 'You are authenticated', array( - 'X-Phraseanet-Redirect' => $this->app->path('prod') - )); + return new RedirectResponse($this->app->path('prod')); } - - return $this; } public function requireOrdersAdmin()