From 045a36b30324ba36d02db376247ec8828087c010 Mon Sep 17 00:00:00 2001 From: Lukas Kahwe Smith Date: Wed, 19 Apr 2017 22:16:55 +0200 Subject: [PATCH] add Request type json check in json_login --- .../Tests/Functional/JsonLoginTest.php | 8 ++-- ...namePasswordJsonAuthenticationListener.php | 5 +++ ...PasswordJsonAuthenticationListenerTest.php | 42 ++++++++++++++----- 3 files changed, 41 insertions(+), 14 deletions(-) diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/JsonLoginTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/JsonLoginTest.php index fbee1d98aa..85635ed45d 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/JsonLoginTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/JsonLoginTest.php @@ -21,7 +21,7 @@ class JsonLoginTest extends WebTestCase public function testDefaultJsonLoginSuccess() { $client = $this->createClient(array('test_case' => 'JsonLogin', 'root_config' => 'config.yml')); - $client->request('POST', '/chk', array(), array(), array(), '{"user": {"login": "dunglas", "password": "foo"}}'); + $client->request('POST', '/chk', array(), array(), array('CONTENT_TYPE' => 'application/json'), '{"user": {"login": "dunglas", "password": "foo"}}'); $response = $client->getResponse(); $this->assertInstanceOf(JsonResponse::class, $response); @@ -32,7 +32,7 @@ class JsonLoginTest extends WebTestCase public function testDefaultJsonLoginFailure() { $client = $this->createClient(array('test_case' => 'JsonLogin', 'root_config' => 'config.yml')); - $client->request('POST', '/chk', array(), array(), array(), '{"user": {"login": "dunglas", "password": "bad"}}'); + $client->request('POST', '/chk', array(), array(), array('CONTENT_TYPE' => 'application/json'), '{"user": {"login": "dunglas", "password": "bad"}}'); $response = $client->getResponse(); $this->assertInstanceOf(JsonResponse::class, $response); @@ -43,7 +43,7 @@ class JsonLoginTest extends WebTestCase public function testCustomJsonLoginSuccess() { $client = $this->createClient(array('test_case' => 'JsonLogin', 'root_config' => 'custom_handlers.yml')); - $client->request('POST', '/chk', array(), array(), array(), '{"user": {"login": "dunglas", "password": "foo"}}'); + $client->request('POST', '/chk', array(), array(), array('CONTENT_TYPE' => 'application/json'), '{"user": {"login": "dunglas", "password": "foo"}}'); $response = $client->getResponse(); $this->assertInstanceOf(JsonResponse::class, $response); @@ -54,7 +54,7 @@ class JsonLoginTest extends WebTestCase public function testCustomJsonLoginFailure() { $client = $this->createClient(array('test_case' => 'JsonLogin', 'root_config' => 'custom_handlers.yml')); - $client->request('POST', '/chk', array(), array(), array(), '{"user": {"login": "dunglas", "password": "bad"}}'); + $client->request('POST', '/chk', array(), array(), array('CONTENT_TYPE' => 'application/json'), '{"user": {"login": "dunglas", "password": "bad"}}'); $response = $client->getResponse(); $this->assertInstanceOf(JsonResponse::class, $response); diff --git a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php index c7a61d3a02..fe3759caca 100644 --- a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php @@ -74,6 +74,11 @@ class UsernamePasswordJsonAuthenticationListener implements ListenerInterface public function handle(GetResponseEvent $event) { $request = $event->getRequest(); + if (false === strpos($request->getRequestFormat(), 'json') + && false === strpos($request->getContentType(), 'json') + ) { + return; + } if (isset($this->options['check_path']) && !$this->httpUtils->checkRequestPath($request, $this->options['check_path'])) { return; diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordJsonAuthenticationListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordJsonAuthenticationListenerTest.php index 634d281a7a..0564b3ba6f 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordJsonAuthenticationListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordJsonAuthenticationListenerTest.php @@ -63,10 +63,21 @@ class UsernamePasswordJsonAuthenticationListenerTest extends TestCase $this->listener = new UsernamePasswordJsonAuthenticationListener($tokenStorage, $authenticationManager, $httpUtils, 'providerKey', $authenticationSuccessHandler, $authenticationFailureHandler, $options); } - public function testHandleSuccess() + public function testHandleSuccessIfRequestContentTypeIsJson() + { + $this->createListener(); + $request = new Request(array(), array(), array(), array(), array(), array('HTTP_CONTENT_TYPE' => 'application/json'), '{"username": "dunglas", "password": "foo"}'); + $event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST); + + $this->listener->handle($event); + $this->assertEquals('ok', $event->getResponse()->getContent()); + } + + public function testSuccessIfRequestFormatIsJsonLD() { $this->createListener(); $request = new Request(array(), array(), array(), array(), array(), array(), '{"username": "dunglas", "password": "foo"}'); + $request->setRequestFormat('json-ld'); $event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST); $this->listener->handle($event); @@ -76,7 +87,7 @@ class UsernamePasswordJsonAuthenticationListenerTest extends TestCase public function testHandleFailure() { $this->createListener(array(), false); - $request = new Request(array(), array(), array(), array(), array(), array(), '{"username": "dunglas", "password": "foo"}'); + $request = new Request(array(), array(), array(), array(), array(), array('HTTP_CONTENT_TYPE' => 'application/json'), '{"username": "dunglas", "password": "foo"}'); $event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST); $this->listener->handle($event); @@ -86,7 +97,7 @@ class UsernamePasswordJsonAuthenticationListenerTest extends TestCase public function testUsePath() { $this->createListener(array('username_path' => 'user.login', 'password_path' => 'user.pwd')); - $request = new Request(array(), array(), array(), array(), array(), array(), '{"user": {"login": "dunglas", "pwd": "foo"}}'); + $request = new Request(array(), array(), array(), array(), array(), array('HTTP_CONTENT_TYPE' => 'application/json'), '{"user": {"login": "dunglas", "pwd": "foo"}}'); $event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST); $this->listener->handle($event); @@ -96,7 +107,7 @@ class UsernamePasswordJsonAuthenticationListenerTest extends TestCase public function testAttemptAuthenticationNoUsername() { $this->createListener(); - $request = new Request(array(), array(), array(), array(), array(), array(), '{"usr": "dunglas", "password": "foo"}'); + $request = new Request(array(), array(), array(), array(), array(), array('HTTP_CONTENT_TYPE' => 'application/json'), '{"usr": "dunglas", "password": "foo"}'); $event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST); $this->listener->handle($event); @@ -106,7 +117,7 @@ class UsernamePasswordJsonAuthenticationListenerTest extends TestCase public function testAttemptAuthenticationNoPassword() { $this->createListener(); - $request = new Request(array(), array(), array(), array(), array(), array(), '{"username": "dunglas", "pass": "foo"}'); + $request = new Request(array(), array(), array(), array(), array(), array('HTTP_CONTENT_TYPE' => 'application/json'), '{"username": "dunglas", "pass": "foo"}'); $event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST); $this->listener->handle($event); @@ -116,7 +127,7 @@ class UsernamePasswordJsonAuthenticationListenerTest extends TestCase public function testAttemptAuthenticationUsernameNotAString() { $this->createListener(); - $request = new Request(array(), array(), array(), array(), array(), array(), '{"username": 1, "password": "foo"}'); + $request = new Request(array(), array(), array(), array(), array(), array('HTTP_CONTENT_TYPE' => 'application/json'), '{"username": 1, "password": "foo"}'); $event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST); $this->listener->handle($event); @@ -126,7 +137,7 @@ class UsernamePasswordJsonAuthenticationListenerTest extends TestCase public function testAttemptAuthenticationPasswordNotAString() { $this->createListener(); - $request = new Request(array(), array(), array(), array(), array(), array(), '{"username": "dunglas", "password": 1}'); + $request = new Request(array(), array(), array(), array(), array(), array('HTTP_CONTENT_TYPE' => 'application/json'), '{"username": "dunglas", "password": 1}'); $event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST); $this->listener->handle($event); @@ -137,7 +148,7 @@ class UsernamePasswordJsonAuthenticationListenerTest extends TestCase { $this->createListener(); $username = str_repeat('x', Security::MAX_USERNAME_LENGTH + 1); - $request = new Request(array(), array(), array(), array(), array(), array(), sprintf('{"username": "%s", "password": 1}', $username)); + $request = new Request(array(), array(), array(), array(), array(), array('HTTP_CONTENT_TYPE' => 'application/json'), sprintf('{"username": "%s", "password": 1}', $username)); $event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST); $this->listener->handle($event); @@ -147,7 +158,18 @@ class UsernamePasswordJsonAuthenticationListenerTest extends TestCase public function testDoesNotAttemptAuthenticationIfRequestPathDoesNotMatchCheckPath() { $this->createListener(array('check_path' => '/'), true, false); - $request = new Request(); + $request = new Request(array(), array(), array(), array(), array(), array('HTTP_CONTENT_TYPE' => 'application/json')); + $event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST); + $event->setResponse(new Response('original')); + + $this->listener->handle($event); + $this->assertSame('original', $event->getResponse()->getContent()); + } + + public function testDoesNotAttemptAuthenticationIfRequestContentTypeIsNotJson() + { + $this->createListener(); + $request = new Request(array(), array(), array(), array(), array(), array(), '{"username": "dunglas", "password": "foo"}'); $event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST); $event->setResponse(new Response('original')); @@ -158,7 +180,7 @@ class UsernamePasswordJsonAuthenticationListenerTest extends TestCase public function testAttemptAuthenticationIfRequestPathMatchesCheckPath() { $this->createListener(array('check_path' => '/')); - $request = new Request(array(), array(), array(), array(), array(), array(), '{"username": "dunglas", "password": "foo"}'); + $request = new Request(array(), array(), array(), array(), array(), array('HTTP_CONTENT_TYPE' => 'application/json'), '{"username": "dunglas", "password": "foo"}'); $event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST); $this->listener->handle($event);