minor #30044 [Security] Fix serialization workaround in CustomUserMessageAuthenticationException (renanbr)
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Fix serialization workaround in CustomUserMessageAuthenticationException
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | m/a
Commits
-------
542e9e29b9
fix serialization workaround in CustomUserMessageAuthenticationException
This commit is contained in:
commit
11dc73d367
@ -60,7 +60,7 @@ class CustomUserMessageAuthenticationException extends AuthenticationException
|
||||
*/
|
||||
public function serialize()
|
||||
{
|
||||
return serialize([parent::serialize(true), $this->messageKey, $this->messageData]);
|
||||
$serialized = [parent::serialize(true), $this->messageKey, $this->messageData];
|
||||
|
||||
return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
|
||||
}
|
||||
|
@ -15,6 +15,21 @@ use PHPUnit\Framework\TestCase;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
|
||||
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
|
||||
|
||||
class ChildCustomUserMessageAuthenticationException extends CustomUserMessageAuthenticationException
|
||||
{
|
||||
public function serialize()
|
||||
{
|
||||
return serialize([$this->childMember, parent::serialize()]);
|
||||
}
|
||||
|
||||
public function unserialize($str)
|
||||
{
|
||||
list($this->childMember, $parentData) = unserialize($str);
|
||||
|
||||
parent::unserialize($parentData);
|
||||
}
|
||||
}
|
||||
|
||||
class CustomUserMessageAuthenticationExceptionTest extends TestCase
|
||||
{
|
||||
public function testConstructWithSAfeMessage()
|
||||
@ -39,4 +54,18 @@ class CustomUserMessageAuthenticationExceptionTest extends TestCase
|
||||
$this->assertEquals($token, $processed->getMessageData()['token']);
|
||||
$this->assertSame($processed->getToken(), $processed->getMessageData()['token']);
|
||||
}
|
||||
|
||||
public function testSharedSerializedDataFromChild()
|
||||
{
|
||||
$token = new AnonymousToken('foo', 'bar');
|
||||
|
||||
$exception = new ChildCustomUserMessageAuthenticationException();
|
||||
$exception->childMember = $token;
|
||||
$exception->setToken($token);
|
||||
|
||||
$processed = unserialize(serialize($exception));
|
||||
$this->assertEquals($token, $processed->childMember);
|
||||
$this->assertEquals($token, $processed->getToken());
|
||||
$this->assertSame($processed->getToken(), $processed->childMember);
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user