[Security] Handle properly 'auto' option for remember me cookie security
This commit is contained in:
parent
a2d534ccf8
commit
2bcf69c071
@ -69,7 +69,12 @@ class RememberMeFactory implements SecurityFactoryInterface
|
|||||||
}
|
}
|
||||||
|
|
||||||
// remember-me options
|
// remember-me options
|
||||||
$rememberMeServices->replaceArgument(3, array_intersect_key($config, $this->options));
|
$mergedOptions = array_intersect_key($config, $this->options);
|
||||||
|
if ('auto' === $mergedOptions['secure']) {
|
||||||
|
$mergedOptions['secure'] = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
$rememberMeServices->replaceArgument(3, $mergedOptions);
|
||||||
|
|
||||||
// attach to remember-me aware listeners
|
// attach to remember-me aware listeners
|
||||||
$userProviders = [];
|
$userProviders = [];
|
||||||
|
@ -0,0 +1,33 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Symfony\Bundle\SecurityBundle\Tests\Functional;
|
||||||
|
|
||||||
|
use Symfony\Component\HttpFoundation\ResponseHeaderBag;
|
||||||
|
|
||||||
|
class RememberMeCookieTest extends AbstractWebTestCase
|
||||||
|
{
|
||||||
|
/** @dataProvider getSessionRememberMeSecureCookieFlagAutoHttpsMap */
|
||||||
|
public function testSessionRememberMeSecureCookieFlagAuto($https, $expectedSecureFlag)
|
||||||
|
{
|
||||||
|
$client = $this->createClient(['test_case' => 'RememberMeCookie', 'root_config' => 'config.yml']);
|
||||||
|
|
||||||
|
$client->request('POST', '/login', [
|
||||||
|
'_username' => 'test',
|
||||||
|
'_password' => 'test',
|
||||||
|
], [], [
|
||||||
|
'HTTPS' => (int) $https,
|
||||||
|
]);
|
||||||
|
|
||||||
|
$cookies = $client->getResponse()->headers->getCookies(ResponseHeaderBag::COOKIES_ARRAY);
|
||||||
|
|
||||||
|
$this->assertEquals($expectedSecureFlag, $cookies['']['/']['REMEMBERME']->isSecure());
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getSessionRememberMeSecureCookieFlagAutoHttpsMap()
|
||||||
|
{
|
||||||
|
return [
|
||||||
|
[true, true],
|
||||||
|
[false, false],
|
||||||
|
];
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,9 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
use Symfony\Bundle\FrameworkBundle\FrameworkBundle;
|
||||||
|
use Symfony\Bundle\SecurityBundle\SecurityBundle;
|
||||||
|
|
||||||
|
return [
|
||||||
|
new FrameworkBundle(),
|
||||||
|
new SecurityBundle(),
|
||||||
|
];
|
@ -0,0 +1,25 @@
|
|||||||
|
imports:
|
||||||
|
- { resource: ./../config/framework.yml }
|
||||||
|
|
||||||
|
security:
|
||||||
|
encoders:
|
||||||
|
Symfony\Component\Security\Core\User\User: plaintext
|
||||||
|
|
||||||
|
providers:
|
||||||
|
in_memory:
|
||||||
|
memory:
|
||||||
|
users:
|
||||||
|
test: { password: test, roles: [ROLE_USER] }
|
||||||
|
|
||||||
|
firewalls:
|
||||||
|
default:
|
||||||
|
form_login:
|
||||||
|
check_path: login
|
||||||
|
remember_me: true
|
||||||
|
require_previous_session: false
|
||||||
|
remember_me:
|
||||||
|
always_remember_me: true
|
||||||
|
secret: key
|
||||||
|
secure: auto
|
||||||
|
logout: ~
|
||||||
|
anonymous: ~
|
@ -0,0 +1,2 @@
|
|||||||
|
login:
|
||||||
|
path: /login
|
Reference in New Issue
Block a user