minor #30044 [Security] Fix serialization workaround in CustomUserMessageAuthenticationException (renanbr)

This PR was merged into the 3.4 branch. Discussion ---------- [Security] Fix serialization workaround in CustomUserMessageAuthenticationException | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | m/a Commits ------- 542e9e29b9 fix serialization workaround in CustomUserMessageAuthenticationException
2019-01-30 17:17:49 +01:00 · 2019-01-30 17:17:49 +01:00 · 11dc73d367
parent 46edcee92a 542e9e29b9
commit 11dc73d367
2 changed files with 30 additions and 1 deletions
--- a/src/Symfony/Component/Security/Core/Exception/CustomUserMessageAuthenticationException.php
+++ b/src/Symfony/Component/Security/Core/Exception/CustomUserMessageAuthenticationException.php
@ -60,7 +60,7 @@ class CustomUserMessageAuthenticationException extends AuthenticationException
     */
    public function serialize()
    {
-        return serialize([parent::serialize(true), $this->messageKey, $this->messageData]);
+        $serialized = [parent::serialize(true), $this->messageKey, $this->messageData];

        return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
    }
--- a/src/Symfony/Component/Security/Core/Tests/Exception/CustomUserMessageAuthenticationExceptionTest.php
+++ b/src/Symfony/Component/Security/Core/Tests/Exception/CustomUserMessageAuthenticationExceptionTest.php
@ -15,6 +15,21 @@ use PHPUnit\Framework\TestCase;
 use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
 use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;

+class ChildCustomUserMessageAuthenticationException extends CustomUserMessageAuthenticationException
+{
+    public function serialize()
+    {
+        return serialize([$this->childMember, parent::serialize()]);
+    }
+
+    public function unserialize($str)
+    {
+        list($this->childMember, $parentData) = unserialize($str);
+
+        parent::unserialize($parentData);
+    }
+}
+
 class CustomUserMessageAuthenticationExceptionTest extends TestCase
 {
    public function testConstructWithSAfeMessage()
@ -39,4 +54,18 @@ class CustomUserMessageAuthenticationExceptionTest extends TestCase
        $this->assertEquals($token, $processed->getMessageData()['token']);
        $this->assertSame($processed->getToken(), $processed->getMessageData()['token']);
    }
+
+    public function testSharedSerializedDataFromChild()
+    {
+        $token = new AnonymousToken('foo', 'bar');
+
+        $exception = new ChildCustomUserMessageAuthenticationException();
+        $exception->childMember = $token;
+        $exception->setToken($token);
+
+        $processed = unserialize(serialize($exception));
+        $this->assertEquals($token, $processed->childMember);
+        $this->assertEquals($token, $processed->getToken());
+        $this->assertSame($processed->getToken(), $processed->childMember);
+    }
 }