security

app/bootstrap.php.d/20-twig.php

@@ -7,7 +7,8 @@ $app->register(new TwigServiceProvider(), array(
 ));
 
 $app->extend('twig', function ($twig, $app) {
-    $twig->addGlobal('web_path', $app['request']->getBaseUrl().'/');
+    $base = str_replace($app['request']->server->get('SCRIPT_NAME'), '', $app['request']->getBaseUrl());
+    $twig->addGlobal('web_path', $base.'/');
     
     return $twig;
 });

app/bootstrap.php.d/30-trans.php

@@ -44,7 +44,6 @@ $app->get('/', function (Request $request) use ($app) {
     $accept = AcceptHeader::fromString($request->headers->get('Accept-Language'));
     $cookie = $request->cookies->get('locale');
 
-    
     if (!empty($cookie) && in_array($cookie, $app['locales'])) {
         $foundLocale = $cookie;
     } else {

app/bootstrap.php.d/70-security.php

@@ -55,12 +55,13 @@ $app->register(
                 'anonymous' => true,
                 'form' => [
                     'login_path' => '_login',
-                    'check_path' => '_login_check',
+                    'check_path' => '/login_check',
                     'always_use_default_target_path' => true,
-                    'default_target_path' => $app['url_generator']->generate('my'),
+                    'default_target_path' => '/',
                 ],
                 'logout' => [
                     'path' => '/logout',
+                    'target' => '/',
                 ],
                 'users' => $app->share(function () use ($app) {
                     return $app['user.provider'];

app/config/routing.yml

@@ -30,11 +30,15 @@ register:
     path: /register
     defaults: {_controller: Gist\Controller\LoginController::registerAction, _locale: en}
 
+login:
+    path: /login
+    defaults: {_controller: Gist\Controller\LoginController::loginAction, _locale: en}
+
 _login:
     path: /login
     defaults: {_controller: Gist\Controller\LoginController::loginAction, _locale: en}
 
-_login_check:
+login_check:
     path: /login_check
 
 logout:

src/Gist/Controller/LoginController.php

@@ -79,7 +79,7 @@ class LoginController extends Controller
 
         $form = $form->build()->getForm();
 
-        if ($request->query->get('error')) {
+        if ($app['security.last_error']($request)) {
             $error = $app['translator']->trans('login.login.invalid');
         }
 
@@ -91,12 +91,4 @@ class LoginController extends Controller
             ]
         );
     }
-
-    public function loginCheckAction()
-    {
-    }
-
-    public function logoutAction()
-    {
-    }
 }

src/Gist/Resources/views/Login/login.html.twig

@@ -14,7 +14,7 @@
 			</div>
 		{% endif %}
 
-		<form action="{{ path('_login_check') }}" method="post" id="main-form">
+		<form action="{{ path('login_check') }}" method="post" id="main-form">
 			<div class="col-md-12">
 				<div class="panel panel-default">
 					<div class="panel-heading">

src/Gist/Resources/views/base.html.twig

@@ -50,7 +50,7 @@
 								</li>
 							{% elseif app.enable_login %}
 								<li>
-									<a href="{{ path('_login') }}">
+									<a href="{{ path('login') }}">
 										{{ 'app.menu.my.login.title'|trans }}
 									</a>
 								</li>

web/app_dev.php

@@ -0,0 +1,14 @@
+<?php
+
+if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])
+    || !in_array(@$_SERVER['REMOTE_ADDR'], array('127.0.0.1', 'fe80::1', '::1'))
+) {
+    header('HTTP/1.0 403 Forbidden');
+    exit('You are not allowed to access this file. Check '.basename(__FILE__).' for more information.');
+}
+
+$app = require __DIR__.'/../app/bootstrap.php';
+
+$app['env'] = 'dev';
+
+$app->run();