search

silexphp / Silex

[DEPRECATED -- Use Symfony instead] The PHP micro-framework based on the Symfony Components
https://silex.symfony.com
MIT License
3.58k stars 718 forks source link

X.509 authentication provider - shouldn't be included? #773

Closed tiraeth closed 10 years ago

tiraeth commented 11 years ago

The documentation says that Silex comes with x509 authentication provider but that's not true. One has to create a factory for such provider, listener and also entry point.

I have created a provider here (https://packagist.org/packages/mach/silex-x509) and wonder if this couldn't be included in Silex out of the box.

The code from the provider could be included in SecurityServiceProvider class. The additional class is X509AuthenticationEntryPoint which should be either available right from symfony/security component or should be included in Silex.

The reason is that without such EntryPoint, the default one is Form (which redirects to /login) and there is no relevant entry point in Security component that would let us to just throw HTTP/1.0 403 Forbidden.

What do you think? I am OK with creating a PR for Silex (with X.509 factory) and for Security component with Http403ForbiddenEntryPoint (lets name it by its Spring equivalent). I am also OK with leaving x.509 as an external provider if you decide so.

GromNaN commented 11 years ago

The entry point is not required. In the documentation, the factory returns NULL as entry point id for the example of WSSE authentication provider. http://silex.sensiolabs.org/doc/providers/security.html#defining-a-custom-authentication-provider

tiraeth commented 11 years ago

When there is NULL provided, the response you get is HTTP/1.1 302 Found with redirect to /login. This is not the result you would expect using X.509 authentication.

How to achieve such? Clone my repository, replace line 48 in X509AuthenticationProvider.php and set null instead of reference to the new entry point. When you run a test, you will get 302 instead of 403.

GromNaN commented 11 years ago

I've tried implementing the response 403 without the entry point, without success. When the entry point id is NULL, it is created with the form proto: https://github.com/fabpot/Silex/blob/master/src/Silex/Provider/SecurityServiceProvider.php#L233-L236

fabpot commented 10 years ago

Closing as https://github.com/tiraeth/silex-x509 seems to fix this issue.