LaminasAuthenticationFactory does not detect empty redirect URL as missing #18
Labels
Bug
Something isn't working
Comments
|
@InvisibleSmiley
Can you create a pull request to fix the problem? (Use the branch of the current stable release: 1.3.x) Webmozart Assert is often used for check like this. Compare with other components like mezzio-authentication. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug Report
Summary
The LaminasAuthenticationFactory only throws an exception if the "redirect" config key is missing, but the ConfigProvider initialized it with an empty string.
Current behavior
No exception if the "redirect" key is not associated with an actual URL (or at least a non-empty string).
Hence, a redirect loop happens in case LaminasAuthentication::unauthorizedResponse is triggered.
How to reproduce
Expected behavior
If a Mezzio project does not set/override the "redirect" config key, I expect an exception instead of a redirect loop as a result of missing/incomplete config.
Technically, either the ConfigProvider should not specify the key, or the LaminasAuthenticationFactory should check that the config value is non-empty.
The text was updated successfully, but these errors were encountered: