diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Security] Don't send remember cookie for sub request

Browse Source
This commit is contained in:
blanchonvincent 2014-11-16 14:48:58 +01:00 committed by Fabien Potencier
parent d2e951b74b
commit 119b0917dc
2 changed files with 24 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Symfony/Component/Security/Http/RememberMe/ResponseListener.php
View File

@ -27,6 +27,10 @@ class ResponseListener implements EventSubscriberInterface
*/
public function onKernelResponse(FilterResponseEvent $event)
{
if (!$event->isMasterRequest()) {
return;
}
$request = $event->getRequest();
$response = $event->getResponse();

22
src/Symfony/Component/Security/Tests/Http/RememberMe/ResponseListenerTest.php
View File

@ -11,6 +11,7 @@
namespace Symfony\Component\Security\Tests\Http\RememberMe;
use Symfony\Component\HttpKernel\HttpKernelInterface;
use Symfony\Component\Security\Http\RememberMe\ResponseListener;
use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
use Symfony\Component\HttpFoundation\Request;
@ -41,7 +42,22 @@ class ResponseListenerTest extends \PHPUnit_Framework_TestCase
$listener->onKernelResponse($this->getEvent($request, $response));
}
public function testRemmeberMeCookieIsNotSendWithResponse()
public function testRememberMeCookieIsNotSendWithResponseForSubRequests()
{
$cookie = new Cookie('rememberme');
$request = $this->getRequest(array(
RememberMeServicesInterface::COOKIE_ATTR_NAME => $cookie,
));
$response = $this->getResponse();
$response->headers->expects($this->never())->method('setCookie');
$listener = new ResponseListener();
$listener->onKernelResponse($this->getEvent($request, $response, HttpKernelInterface::SUB_REQUEST));
}
public function testRememberMeCookieIsNotSendWithResponse()
{
$request = $this->getRequest();
@ -78,13 +94,15 @@ class ResponseListenerTest extends \PHPUnit_Framework_TestCase
return $response;
}
private function getEvent($request, $response)
private function getEvent($request, $response, $type = HttpKernelInterface::MASTER_REQUEST)
{
$event = $this->getMockBuilder('Symfony\Component\HttpKernel\Event\FilterResponseEvent')
->disableOriginalConstructor()
->getMock();
$event->expects($this->any())->method('getRequest')->will($this->returnValue($request));
$event->expects($this->any())->method('getRequestType')->will($this->returnValue($type));
$event->expects($this->any())->method('isMasterRequest')->will($this->returnValue($type === HttpKernelInterface::MASTER_REQUEST));
$event->expects($this->any())->method('getResponse')->will($this->returnValue($response));
return $event;