Skip to content

[Security] Fix authentication.failure event not dispatched on AccountStatusException #23256

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 12, 2017
Merged

[Security] Fix authentication.failure event not dispatched on AccountStatusException #23256

merged 1 commit into from
Jul 12, 2017

Conversation

chalasr
Copy link
Member

@chalasr chalasr commented Jun 21, 2017

Q A
Branch? 2.7
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets #18807
License MIT
Doc PR n/a

Authentication fails if the user exists but its account is disabled/expired/locked, the failure event should be dispatched in this case, so that you can hook into as for any authentication exception.

@chalasr chalasr force-pushed the dispatch-on-accountstatusfail branch from 51a2195 to 0d98cac Compare June 21, 2017 22:15
@chalasr chalasr mentioned this pull request Jun 21, 2017
Closed
@chalasr chalasr force-pushed the dispatch-on-accountstatusfail branch from 0d98cac to 00867fd Compare June 21, 2017 22:30
@nicolas-grekas nicolas-grekas added this to the 2.7 milestone Jul 3, 2017
@xabbuh
Copy link
Member

xabbuh commented Jul 4, 2017

This changes the behaviour of when you have more than one authentication provider and one of them throws an AccountStatusException. Before, the other authentication providers wouldn't have been caught and access would have been denied. Now, other providers could grant access.

@chalasr chalasr force-pushed the dispatch-on-accountstatusfail branch from 00867fd to 64c2efd Compare July 5, 2017 12:02
@chalasr
Copy link
Member Author

chalasr commented Jul 5, 2017

@xabbuh indeed, fixed

@nicolas-grekas
Copy link
Member

Thank you @chalasr.

@nicolas-grekas nicolas-grekas merged commit 64c2efd into symfony:2.7 Jul 12, 2017
nicolas-grekas added a commit that referenced this pull request Jul 12, 2017
@nicolas-grekas
bug #23256 [Security] Fix authentication.failure event not dispatched…
c2a6a6e 
… on AccountStatusException (chalasr)

This PR was merged into the 2.7 branch.

Discussion
----------

[Security] Fix authentication.failure event not dispatched on AccountStatusException

| Q             | A
| ------------- | ---
| Branch?       | 2.7
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #18807
| License       | MIT
| Doc PR        | n/a

Authentication fails if the user exists but its account is disabled/expired/locked, the failure event should be dispatched in this case, so that you can hook into as for any authentication exception.

Commits
-------

64c2efd [Security] Fix authentication.failure event not dispatched on AccountStatusException
@chalasr chalasr deleted the dispatch-on-accountstatusfail branch July 12, 2017 06:50
This was referenced Jul 17, 2017
Merged
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xabbuh xabbuh xabbuh approved these changes

Assignees
No one assigned
Labels
Bug Security Status: Needs Review
Projects
None yet
Milestone
2.7
Development

Successfully merging this pull request may close these issues.
4 participants
@chalasr @xabbuh @nicolas-grekas @carsonbot