minor #30044 [Security] Fix serialization workaround in CustomUserMessageAuthenticationException (renanbr)
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Fix serialization workaround in CustomUserMessageAuthenticationException
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | m/a
Commits
-------
542e9e29b9
fix serialization workaround in CustomUserMessageAuthenticationException
This commit is contained in:
commit
11dc73d367
@ -60,7 +60,7 @@ class CustomUserMessageAuthenticationException extends AuthenticationException
|
|||||||
*/
|
*/
|
||||||
public function serialize()
|
public function serialize()
|
||||||
{
|
{
|
||||||
return serialize([parent::serialize(true), $this->messageKey, $this->messageData]);
|
$serialized = [parent::serialize(true), $this->messageKey, $this->messageData];
|
||||||
|
|
||||||
return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
|
return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
|
||||||
}
|
}
|
||||||
|
@ -15,6 +15,21 @@ use PHPUnit\Framework\TestCase;
|
|||||||
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
|
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
|
||||||
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
|
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
|
||||||
|
|
||||||
|
class ChildCustomUserMessageAuthenticationException extends CustomUserMessageAuthenticationException
|
||||||
|
{
|
||||||
|
public function serialize()
|
||||||
|
{
|
||||||
|
return serialize([$this->childMember, parent::serialize()]);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function unserialize($str)
|
||||||
|
{
|
||||||
|
list($this->childMember, $parentData) = unserialize($str);
|
||||||
|
|
||||||
|
parent::unserialize($parentData);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
class CustomUserMessageAuthenticationExceptionTest extends TestCase
|
class CustomUserMessageAuthenticationExceptionTest extends TestCase
|
||||||
{
|
{
|
||||||
public function testConstructWithSAfeMessage()
|
public function testConstructWithSAfeMessage()
|
||||||
@ -39,4 +54,18 @@ class CustomUserMessageAuthenticationExceptionTest extends TestCase
|
|||||||
$this->assertEquals($token, $processed->getMessageData()['token']);
|
$this->assertEquals($token, $processed->getMessageData()['token']);
|
||||||
$this->assertSame($processed->getToken(), $processed->getMessageData()['token']);
|
$this->assertSame($processed->getToken(), $processed->getMessageData()['token']);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testSharedSerializedDataFromChild()
|
||||||
|
{
|
||||||
|
$token = new AnonymousToken('foo', 'bar');
|
||||||
|
|
||||||
|
$exception = new ChildCustomUserMessageAuthenticationException();
|
||||||
|
$exception->childMember = $token;
|
||||||
|
$exception->setToken($token);
|
||||||
|
|
||||||
|
$processed = unserialize(serialize($exception));
|
||||||
|
$this->assertEquals($token, $processed->childMember);
|
||||||
|
$this->assertEquals($token, $processed->getToken());
|
||||||
|
$this->assertSame($processed->getToken(), $processed->childMember);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user