bug #27297 Triggering RememberMe's loginFail() when token cannot be created (weaverryan)
This PR was submitted for the 2.7 branch but it was merged into the 2.8 branch instead (closes #27297).
Discussion
----------
Triggering RememberMe's loginFail() when token cannot be created
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no (but minor behavior change)
| Deprecations? | no->
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | not needed
This is an edge-case bug fix. If, for example, someone tampers with the remember me cookie, and so it is invalid, this causes the `->autoLogin()` call to throw an `AuthenticationException`. But, this did not call the `loginFail()` method.
Honestly, I'm not sure if the old or new behavior is correct. But, we should discuss and merge or close.
Commits
-------
e3412e6a67
Triggering RememberMe's loginFail() when token cannot be created
This commit is contained in:
commit
148e7eff50
@ -68,9 +68,27 @@ class RememberMeListener implements ListenerInterface
|
||||
}
|
||||
|
||||
$request = $event->getRequest();
|
||||
try {
|
||||
if (null === $token = $this->rememberMeServices->autoLogin($request)) {
|
||||
return;
|
||||
}
|
||||
} catch (AuthenticationException $e) {
|
||||
if (null !== $this->logger) {
|
||||
$this->logger->warning(
|
||||
'The token storage was not populated with remember-me token as the'
|
||||
.' RememberMeServices was not able to create a token from the remember'
|
||||
.' me information.', array('exception' => $e)
|
||||
);
|
||||
}
|
||||
|
||||
$this->rememberMeServices->loginFail($request);
|
||||
|
||||
if (!$this->catchExceptions) {
|
||||
throw $e;
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
$token = $this->authenticationManager->authenticate($token);
|
||||
|
@ -143,6 +143,43 @@ class RememberMeListenerTest extends TestCase
|
||||
$listener->handle($event);
|
||||
}
|
||||
|
||||
public function testOnCoreSecurityAuthenticationExceptionDuringAutoLoginTriggersLoginFail()
|
||||
{
|
||||
list($listener, $tokenStorage, $service, $manager) = $this->getListener();
|
||||
|
||||
$tokenStorage
|
||||
->expects($this->once())
|
||||
->method('getToken')
|
||||
->will($this->returnValue(null))
|
||||
;
|
||||
|
||||
$exception = new AuthenticationException('Authentication failed.');
|
||||
$service
|
||||
->expects($this->once())
|
||||
->method('autoLogin')
|
||||
->will($this->throwException($exception))
|
||||
;
|
||||
|
||||
$service
|
||||
->expects($this->once())
|
||||
->method('loginFail')
|
||||
;
|
||||
|
||||
$manager
|
||||
->expects($this->never())
|
||||
->method('authenticate')
|
||||
;
|
||||
|
||||
$event = $this->getGetResponseEvent();
|
||||
$event
|
||||
->expects($this->once())
|
||||
->method('getRequest')
|
||||
->will($this->returnValue(new Request()))
|
||||
;
|
||||
|
||||
$listener->handle($event);
|
||||
}
|
||||
|
||||
public function testOnCoreSecurity()
|
||||
{
|
||||
list($listener, $tokenStorage, $service, $manager) = $this->getListener();
|
||||
|
Reference in New Issue
Block a user