isophonics-drupal-site: core/lib/Drupal/Core/EventSubscriber/AuthenticationSubscriber.php comparison

Update, including to Drupal core 8.6.10

comparison

equal deleted inserted replaced

-:c2387f117808
+:129ea1e6d783
 }
 }
 }
 /**
+* Detect disallowed authentication methods on access denied exceptions.
+*
+* @param \Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent $event
+*/
+public function _onExceptionAccessDenied(GetResponseForExceptionEvent $event) {
+if (isset($this->filter) && $event->isMasterRequest()) {
+$request = $event->getRequest();
+$exception = $event->getException();
+if ($exception instanceof AccessDeniedHttpException && $this->authenticationProvider->applies($request) && !$this->filter->appliesToRoutedRequest($request, TRUE)) {
+$event->setException(new AccessDeniedHttpException('The used authentication method is not allowed on this route.', $exception));
+}
+}
+}
+/**
 * {@inheritdoc}
 */
 public static function getSubscribedEvents() {
 // The priority for authentication must be higher than the highest event
 // subscriber accessing the current user. Especially it must be higher than
 $events[KernelEvents::REQUEST][] = ['onKernelRequestAuthenticate', 300];
 // Access check must be performed after routing.
 $events[KernelEvents::REQUEST][] = ['onKernelRequestFilterProvider', 31];
 $events[KernelEvents::EXCEPTION][] = ['onExceptionSendChallenge', 75];
+$events[KernelEvents::EXCEPTION][] = ['_onExceptionAccessDenied', 80];
 return $events;
 }
 }

Mercurial > hg > isophonics-drupal-site