diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feature #36925 [Security] Verifying if the password field is null (Mbechezi Nawo)

Browse Source 
This PR was submitted for the 3.4 branch but it was merged into the 5.2-dev branch instead.

Discussion
----------

[Security] Verifying if the password field is null

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | Fix #36926
| License       | MIT

Commits
-------

e4a14ac89d Verifying if the password field is null
This commit is contained in:
Fabien Potencier 2020-08-18 08:32:26 +02:00
commit 09ff501ff4
2 changed files with 30 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
View File

@ -95,6 +95,10 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL
throw new BadCredentialsException('Invalid username.');
}
if (null === $password) {
throw new \LogicException(sprintf('The key "%s" cannot be null; check that the password field name of the form matches.', $this->options['password_parameter']));
}
$request->getSession()->set(Security::LAST_USERNAME, $username);
return $this->authenticationManager->authenticate(new UsernamePasswordToken($username, $password, $this->providerKey));

28
src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php
View File

@ -32,7 +32,7 @@ class UsernamePasswordFormAuthenticationListenerTest extends TestCase
*/
public function testHandleWhenUsernameLength($username, $ok)
{
$request = Request::create('/login_check', 'POST', ['_username' => $username]);
$request = Request::create('/login_check', 'POST', ['_username' => $username, '_password' => 'symfony']);
$request->setSession($this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock());
$httpUtils = $this->getMockBuilder('Symfony\Component\Security\Http\HttpUtils')->getMock();
@ -161,7 +161,31 @@ class UsernamePasswordFormAuthenticationListenerTest extends TestCase
->method('__toString')
->willReturn('someUsername');
$request = Request::create('/login_check', 'POST', ['_username' => $usernameClass]);
$request = Request::create('/login_check', 'POST', ['_username' => $usernameClass, '_password' => 'symfony']);
$request->setSession($this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock());
$listener = new UsernamePasswordFormAuthenticationListener(
new TokenStorage(),
$this->getMockBuilder('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface')->getMock(),
new SessionAuthenticationStrategy(SessionAuthenticationStrategy::NONE),
$httpUtils = new HttpUtils(),
'foo',
new DefaultAuthenticationSuccessHandler($httpUtils),
new DefaultAuthenticationFailureHandler($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $httpUtils),
['require_previous_session' => false, 'post_only' => $postOnly]
);
$event = new GetResponseEvent($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $request, HttpKernelInterface::MASTER_REQUEST);
$listener->handle($event);
}
/**
* @dataProvider postOnlyDataProvider
*/
public function testHandleWhenPasswordAreNull($postOnly)
{
$this->expectException('LogicException');
$this->expectExceptionMessage('The key "_password" cannot be null; check that the password field name of the form matches.');
$request = Request::create('/login_check', 'POST', ['_username' => 'symfony', 'password' => 'symfony']);
$request->setSession($this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock());
$listener = new UsernamePasswordFormAuthenticationListener(
new TokenStorage(),