Reworded the article about form login redirects #8192
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Please, could you take account this comment symfony/symfony#17529 (comment) in this PR? thanks. |
|
See @dmaicher's comment which also explains the only use case of this option:
|
|
@yceruto thanks for letting me know this. I've updated the article. Cheers! |
xabbuh
reviewed
Jul 21, 2017
security/form_login.rst
Outdated
| Using a :doc:`form login </security/form_login_setup>` for authentication is a | ||
| common, and flexible, method for handling authentication in Symfony. This | ||
| article explains how to customize the URL which the user is redirected to after | ||
| a successful or failure login. Check out the full |
xabbuh
reviewed
Jul 21, 2017
security/form_login.rst
Outdated
| article explains how to customize the URL which the user is redirected to after | ||
| a successful or failure login. Check out the full | ||
| :doc:`form login configuration reference </reference/configuration/security>` to | ||
| learn about the rest of possible customizations. |
There was a problem hiding this comment.
[...] of the possile customization options.
xabbuh
reviewed
Jul 21, 2017
security/form_login.rst
Outdated
| in several ways. | ||
| By default, the form will redirect to the URL the user requested (i.e. the URL | ||
| which triggered the login form being shown). For example, if the user requested | ||
| ``http://www.example.com/admin/post/18/edit``, then after they successfully log |
There was a problem hiding this comment.
[...] they have successfully logged in, [...]
xabbuh
reviewed
Jul 21, 2017
security/form_login.rst
Outdated
| ``default_security_target`` route use the following config: | ||
| Define the ``default_security_target`` option to change the page where the user | ||
| is redirected to if no previous page was stored in the session. The value can be | ||
| relative/absolute URL or a Symfony route name: |
There was a problem hiding this comment.
[...] can be a relative/absolute [...]
There was a problem hiding this comment.
the leading whitespace must be removed by the way (see the build failure)
xabbuh
reviewed
Jul 21, 2017
security/form_login.rst
Outdated
|
|
||
| .. code-block:: html+twig | ||
|
|
||
| {# src/AppBundle/Resources/views/Security/login.html.twig #} |
There was a problem hiding this comment.
{# app/Resources/views/security/login.html.twig #}
xabbuh
reviewed
Jul 21, 2017
security/form_login.rst
Outdated
|
|
||
| .. code-block:: html+php | ||
|
|
||
| <!-- src/AppBundle/Resources/views/Security/login.html.php --> |
There was a problem hiding this comment.
<!-- app/Resources/views/security/login.html.php -->
xabbuh
reviewed
Jul 21, 2017
security/form_login.rst
Outdated
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
| .. note:: | ||
|
|
||
| The referrer URL is only used when is different from the URL generated by |
xabbuh
reviewed
Jul 21, 2017
security/form_login.rst
Outdated
| .. note:: | ||
|
|
||
| The referrer URL is only used when is different from the URL generated by | ||
| the ``login_path`` route, to avoid a redirection loop. |
xabbuh
reviewed
Jul 21, 2017
security/form_login.rst
Outdated
| and ``_failure_path`` for login errors: | ||
| .. code-block:: text | ||
|
|
||
| http://example.com/some/path?_failure_path=/forgot-password | ||
|
|
||
| .. configuration-block:: | ||
|
|
||
| .. code-block:: html+twig | ||
|
|
||
| {# src/AppBundle/Resources/views/Security/login.html.twig #} |
There was a problem hiding this comment.
{# app/Resources/views/security/login.html.twig #}
xabbuh
reviewed
Jul 21, 2017
security/form_login.rst
Outdated
|
|
||
| <input type="hidden" name="_failure_path" value="{{ path('forgot-password') }}" /> |
xabbuh
reviewed
Jul 21, 2017
security/form_login.rst
Outdated
|
|
||
| <input type="hidden" name="_failure_path" value="<?php echo $view['router']->generate('forgot-password') ?>" /> |
xabbuh
reviewed
Jul 21, 2017
security/form_login.rst
Outdated
|
|
||
| <input type="hidden" name="_target_path" value="account" /> | ||
| <input type="hidden" name="_failure_path" value="login" /> | ||
| // ... |
xabbuh
reviewed
Jul 21, 2017
security/form_login.rst
Outdated
|
|
||
| <input type="hidden" name="_failure_path" value="{{ path('forgot-password') }}" /> | ||
| <input type="submit" name="login" /> | ||
| </form> | ||
|
|
||
| .. code-block:: html+php | ||
|
|
||
| <!-- src/AppBundle/Resources/views/Security/login.html.php --> |
There was a problem hiding this comment.
<!-- app/Resources/views/security/login.html.php -->
xabbuh
reviewed
Jul 21, 2017
security/form_login.rst
Outdated
|
|
||
| .. code-block:: html+twig | ||
|
|
||
| {# src/AppBundle/Resources/views/Security/login.html.twig #} |
There was a problem hiding this comment.
{# app/Resources/views/security/login.html.twig #}
xabbuh
reviewed
Jul 21, 2017
security/form_login.rst
Outdated
|
|
||
| <!-- src/AppBundle/Resources/views/Security/login.html.php --> | ||
| <form action="<?php echo $view['router']->generate('login') ?>" method="post"> | ||
| // ... |
xabbuh
reviewed
Jul 21, 2017
security/form_login.rst
Outdated
|
|
||
| .. code-block:: html+php | ||
|
|
||
| <!-- src/AppBundle/Resources/views/Security/login.html.php --> |
There was a problem hiding this comment.
<!-- app/Resources/views/security/login.html.php -->
xabbuh
reviewed
Jul 21, 2017
security/form_login.rst
Outdated
| {# ... #} | ||
|
|
||
| <input type="hidden" name="go_to" value="{{ path('dashboard') }}" /> | ||
| <input type="hidden" name="back_to" value="{{ path('forgot-password') }}" /> |
xabbuh
reviewed
Jul 21, 2017
security/form_login.rst
Outdated
| // ... | ||
|
|
||
| <input type="hidden" name="go_to" value="<?php echo $view['router']->generate('dashboard') ?>" /> | ||
| <input type="hidden" name="back_to" value="<?php echo $view['router']->generate('forgot-password') ?>" /> |
|
@xabbuh thank you for the time you dedicated to review this. As usual, a great review! Thanks. |
|
Thank you Javier. |
xabbuh
added a commit
that referenced
this pull request
Jul 21, 2017
…uiluz) This PR was squashed before being merged into the 2.7 branch (closes #8192). Discussion ---------- Reworded the article about form login redirects Now that form login redirects have been fully fixed (see symfony/symfony#23580) I thought about updating this article, specially its structure. All changes are simple rewordings, except this one: previously, the article said that you can use a Symfony route name as the value of the `_target_path` parameter in the query string or the hidden form field. But if you check the code of this feature, it looks like you can't because we use the value of that parameter "as is" to redirect, so it must be a relative/absolute URL, right? ```php protected function determineTargetUrl(Request $request) { if ($this->options['always_use_default_target_path']) { return $this->options['default_target_path']; } // We redirect directly to the value of the parameter, so it can't be a route name, right ???? if ($targetUrl = $request->get($this->options['target_path_parameter'], null, true)) { return $targetUrl; } // ... } ``` Commits ------- 5015723 Reworded the article about form login redirects
xabbuh
added a commit
that referenced
this pull request
Jul 21, 2017
xabbuh
added a commit
that referenced
this pull request
Jul 21, 2017
* 2.8: (37 commits) [#8192] use path() in PHP templates Reworded the article about form login redirects Explained the edge-case where the use_referer option doesn't work [#7572] fix wording [#7585] remove trailing whitespaces [#7585] minor rewording Fixed a typo Fixed a typo Update parent_services for tip consistency [#7685] use the method role Minor change Updating doc to specify priority of default normalizer [#7767] remove trailing space [#7767] replace "options" with "entry_options" [#7767] minor rewording [#8047] add inline code comment Fixed the issue in a different way Jquery datePicker syntax update [#8104] minor rewording Add more precision about automatic provider assignation ...
xabbuh
added a commit
that referenced
this pull request
Jul 21, 2017
* 3.2: (38 commits) [#8192] use path() in PHP templates Reworded the article about form login redirects Explained the edge-case where the use_referer option doesn't work [#7572] fix wording [#7585] remove trailing whitespaces [#7585] minor rewording Fixed a typo Fixed a typo Update parent_services for tip consistency [#7685] use the method role Minor change Updating doc to specify priority of default normalizer [#7767] remove trailing space [#7767] replace "options" with "entry_options" [#7767] minor rewording [#8047] add inline code comment Fixed the issue in a different way Jquery datePicker syntax update Fix framework instantiation in event-dispatcher [#8104] minor rewording ...
xabbuh
added a commit
that referenced
this pull request
Jul 21, 2017
* 3.3: (46 commits) [#8192] use path() in PHP templates Reworded the article about form login redirects Update Flex documentation with latest structure Explained the edge-case where the use_referer option doesn't work [#7572] fix wording [#7585] remove trailing whitespaces [#7585] minor rewording Fixed a typo Fixed a typo Update parent_services for tip consistency [#7685] use the method role Minor change Updating doc to specify priority of default normalizer [#7767] remove trailing space [#7767] replace "options" with "entry_options" [#7767] minor rewording [#8047] add inline code comment Fixed the issue in a different way Jquery datePicker syntax update Fix framework instantiation in event-dispatcher ...
xabbuh
added a commit
that referenced
this pull request
Jul 21, 2017
* 3.4: (48 commits) [#8192] use path() in PHP templates Reworded the article about form login redirects Update Flex documentation with latest structure Explained the edge-case where the use_referer option doesn't work [#7572] fix wording [#7585] remove trailing whitespaces [#7585] minor rewording Fixed a typo Fixed a typo Update parent_services for tip consistency [#7685] use the method role Minor change Updating doc to specify priority of default normalizer [#7767] remove trailing space [#7767] replace "options" with "entry_options" [#7767] minor rewording [#8047] add inline code comment Fixed the issue in a different way Jquery datePicker syntax update Fix framework instantiation in event-dispatcher ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Now that form login redirects have been fully fixed (see symfony/symfony#23580) I thought about updating this article, specially its structure.
All changes are simple rewordings, except this one: previously, the article said that you can use a Symfony route name as the value of the
_target_pathparameter in the query string or the hidden form field. But if you check the code of this feature, it looks like you can't because we use the value of that parameter "as is" to redirect, so it must be a relative/absolute URL, right?