Remove mail and hash possible leak from failure_path context

[userbundle] / Resources / config / routes / rapsys_user.yaml

diff --git a/Resources/config/routes/rapsys_user.yaml b/Resources/config/routes/rapsys_user.yaml
index b1f914213dc43a988d6ba24c437d5b34541e886a..304077065595e1b3f333232c2011987c9b170d03 100644 (file)
--- a/Resources/config/routes/rapsys_user.yaml
+++ b/Resources/config/routes/rapsys_user.yaml
@@ -1,21 +1,28 @@
 rapsys_user_confirm:
 rapsys_user_confirm:

-    path: /confirm/{mail}/{extra}/{hash}
-    controller: Rapsys\UserBundle\Controller\DefaultController::registerMail
+    path: /confirm/{hash}/{mail}
+    controller: Rapsys\UserBundle\Controller\UserController::registerMail

     requirements:
     requirements:

+        hash: '[a-zA-Z0-9=_-]+'

         mail: '[a-zA-Z0-9=_-]+'
         mail: '[a-zA-Z0-9=_-]+'

-        extra: '[a-zA-Z0-9=_-]+'
+    methods: GET|POST
+
+rapsys_user_edit:
+    path: /user/{hash}/{mail}
+    controller: Rapsys\UserBundle\Controller\UserController::edit
+    requirements:

         hash: '[a-zA-Z0-9=_-]+'
         hash: '[a-zA-Z0-9=_-]+'

+        mail: '[a-zA-Z0-9=_-]+'

     methods: GET|POST
 
 rapsys_user_login:
     methods: GET|POST
 
 rapsys_user_login:

-    path: /login/{mail}/{hash}
-    controller: Rapsys\UserBundle\Controller\DefaultController::login
+    path: /login/{hash}/{mail}
+    controller: Rapsys\UserBundle\Controller\UserController::login

     defaults:
     defaults:

-        mail: ~

         hash: ~
         hash: ~

+        mail: ~

     requirements:
     requirements:

-        mail: '[a-zA-Z0-9=_-]+'

         hash: '[a-zA-Z0-9=_-]+'
         hash: '[a-zA-Z0-9=_-]+'

+        mail: '[a-zA-Z0-9=_-]+'

     methods: GET|POST
 
 rapsys_user_logout:
     methods: GET|POST
 
 rapsys_user_logout:


@@ -23,36 +30,24 @@ rapsys_user_logout:
     methods: GET
 
 rapsys_user_recover:
     methods: GET
 
 rapsys_user_recover:

-    path: /recover/{mail}/{pass}/{hash}
-    controller: Rapsys\UserBundle\Controller\DefaultController::recover
+    path: /recover/{hash}/{pass}/{mail}
+    controller: Rapsys\UserBundle\Controller\UserController::recover

     defaults:
     defaults:

-        mail: ~
-        pass: ~

         hash: ~
         hash: ~

+        pass: ~
+        mail: ~

     requirements:
     requirements:

-        mail: '[a-zA-Z0-9=_-]+'
-        pass: '[a-zA-Z0-9=_-]+'

         hash: '[a-zA-Z0-9=_-]+'
         hash: '[a-zA-Z0-9=_-]+'

+        pass: '[a-zA-Z0-9=_-]+'
+        mail: '[a-zA-Z0-9=_-]+'

     methods: GET|POST
 
 rapsys_user_register:
     methods: GET|POST
 
 rapsys_user_register:

-    path: /register/{field}/{hash}
-    controller: Rapsys\UserBundle\Controller\DefaultController::register
-    defaults:
-        field: ~
-        hash: ~
-    requirements:
-        field: '[a-zA-Z0-9=_-]+'
-        hash: '[a-zA-Z0-9=_-]+'
-    methods: GET|POST
-
-rapsys_user_edit:
-    path: /user/{mail}
-    controller: Rapsys\UserBundle\Controller\DefaultController::edit
-    requirements:
-        mail: '[a-zA-Z0-9=_-]+'
+    path: /register
+    controller: Rapsys\UserBundle\Controller\UserController::register

     methods: GET|POST
 
     methods: GET|POST
 

-rapsys_user_index:
+rapsys_user:

     path: /
     path: /

+    controller: Rapsys\UserBundle\Controller\UserController::index

     methods: GET
     methods: GET