Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AbstractLoginFormAuthenticator::supports() always returns false if application lives under a directory #44318

Closed
php4fan opened this issue Nov 28, 2021 · 3 comments

Comments

@php4fan
Copy link

php4fan commented Nov 28, 2021

Symfony version(s) affected

5.4.0

Description

Say you have an application deployed to https://somedomain.com/my/path, as opposed to just https://somedomain.com/.
I think you usually call that an application that "lives under a subdirectory" (or directory, or folder).

I expect EVERYTHING in the framework to work out of the box with ZERO configuration in that scenario. Generally, Symfony does know how to handle that.

Out-of-the-box login authentication however seems to be one of those things that do not work as expected in the under-a-directory scenario.

I think that's due to the AbstractLoginFormAuthenticator::supports() method whose current implementation is:

    return $request->isMethod('POST') && $this->getLoginUrl($request) === $request->getPathInfo();

In this scenario, $this->getLoginUrl($request) returns /my/path/login, while $request->getPathInfo() returns just /login when the url being requested is /my/path/info.

How to reproduce

Deploy a Symfony application under a directory.
Make a LoginFormAuthenticator with make:auth
Try to log in.

Possible Solution

No response

Additional Context

No response

@berkut1
Copy link

berkut1 commented Nov 29, 2021

What about this?
return 'app_login' === $request->attributes->get('_route') && $request->isMethod('POST');
We comparing not path, but the name of action.

@php4fan
Copy link
Author

php4fan commented Nov 29, 2021

That seems conceptually the correct approach. But then you would be hard-coding 'app_login'.

Currently the LoginFormAuthenticator generated by make has this:

public const LOGIN_ROUTE = 'app_login';

Perhaps one solution would be, instead of that, to have a protected method in AbstractLoginFormAuthenticator:

protected function getLoginRoute(): string {
    return 'app_login';
}

that one can override in LoginFormAuthenticator. And get rid of the constant LoginFormAuthenticator::LOGIN_ROUTE.

So then:

// in AbstractLoginFormAuthenticator
public function supports(Request $request): bool
    {
        return $request->isMethod('POST') && $this->getLoginRoute() === $request->attributes->get('_route');
    }

@wouterj
Copy link
Member

wouterj commented Nov 29, 2021

Fyi, I'll move this one to GitHub discussions.

This does not seem to be an issue with the authenticator interface - but rather a question about the implementation of the method. If, in the end, you come up with a better solution, you can maybe fix the auto generated code in the Symfony MakerBundle. Good luck! :)

@symfony symfony locked and limited conversation to collaborators Nov 29, 2021
@wouterj wouterj closed this as completed Nov 29, 2021

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Projects
None yet
Development

No branches or pull requests

4 participants