[Security] Return 401 when using use_forward for form authentication

gunnarlium · gunnarlium · commit b5597e8209a4 · 2013-03-23T15:10:50.000+01:00
diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md
@@ -4,6 +4,7 @@ CHANGELOG
 2.3.0
 -----
 
+ * [BC BREAK] return 401 instead of 500 when using use_forward during for form authentication
  * added a `require_previous_session` option to `AbstractAuthenticationListener`
 
 2.2.0
diff --git a/src/Symfony/Component/Security/Http/EntryPoint/FormAuthenticationEntryPoint.php b/src/Symfony/Component/Security/Http/EntryPoint/FormAuthenticationEntryPoint.php
@@ -53,7 +53,12 @@ public function start(Request $request, AuthenticationException $authException =
         if ($this->useForward) {
             $subRequest = $this->httpUtils->createRequest($request, $this->loginPath);
 
-            return $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
+            $response = $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
+            if (200 === $response->getStatusCode()) {
+                $response->headers->set('X-Status-Code', 401);
+            }
+
+            return $response;
         }
 
         return $this->httpUtils->createRedirectResponse($request, $this->loginPath);
diff --git a/src/Symfony/Component/Security/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php b/src/Symfony/Component/Security/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php
@@ -50,7 +50,7 @@ public function testStartWithUseForward()
     {
         $request = $this->getMock('Symfony\Component\HttpFoundation\Request', array(), array(), '', false, false);
         $subRequest = $this->getMock('Symfony\Component\HttpFoundation\Request', array(), array(), '', false, false);
-        $response = $this->getMock('Symfony\Component\HttpFoundation\Response');
+        $response = new \Symfony\Component\HttpFoundation\Response('', 200);
 
         $httpUtils = $this->getMock('Symfony\Component\Security\Http\HttpUtils');
         $httpUtils
@@ -70,6 +70,9 @@ public function testStartWithUseForward()
 
         $entryPoint = new FormAuthenticationEntryPoint($httpKernel, $httpUtils, '/the/login/path', true);
 
-        $this->assertEquals($response, $entryPoint->start($request));
+        $entryPointResponse = $entryPoint->start($request);
+
+        $this->assertEquals($response, $entryPointResponse);
+        $this->assertEquals(401, $entryPointResponse->headers->get('X-Status-Code'));
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ public function testStartWithUseForward()`
`50`	`50`	`{`
`51`	`51`	`$request = $this->getMock('Symfony\Component\HttpFoundation\Request', array(), array(), '', false, false);`
`52`	`52`	`$subRequest = $this->getMock('Symfony\Component\HttpFoundation\Request', array(), array(), '', false, false);`
`53`		`- $response = $this->getMock('Symfony\Component\HttpFoundation\Response');`
	`53`	`+ $response = new \Symfony\Component\HttpFoundation\Response('', 200);`
`54`	`54`
`55`	`55`	`$httpUtils = $this->getMock('Symfony\Component\Security\Http\HttpUtils');`
`56`	`56`	`$httpUtils`
`@@ -70,6 +70,9 @@ public function testStartWithUseForward()`
`70`	`70`
`71`	`71`	`$entryPoint = new FormAuthenticationEntryPoint($httpKernel, $httpUtils, '/the/login/path', true);`
`72`	`72`
`73`		`- $this->assertEquals($response, $entryPoint->start($request));`
	`73`	`+ $entryPointResponse = $entryPoint->start($request);`
	`74`	`+`
	`75`	`+ $this->assertEquals($response, $entryPointResponse);`
	`76`	`+ $this->assertEquals(401, $entryPointResponse->headers->get('X-Status-Code'));`
`74`	`77`	`}`
`75`	`78`	`}`