diogo
/
symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bug #12491 [Security] Don't send remember cookie for sub request (blanchonvincent) 

This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes #12491).

Discussion
----------

[Security] Don't send remember cookie for sub request

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | -
| License       | MIT
| Doc PR        | -

Remember cookie shouldn't be sent for sub request

Commits
-------

ec38936 adapted previous commit for 2.3
119b091 [Security] Don't send remember cookie for sub request
This commit is contained in:
Fabien Potencier 2015-01-03 11:25:40 +01:00
parent d2e951b74b ec38936fbf
commit 2ecf45c0f2
2 changed files with 24 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Symfony/Component/Security/Http/RememberMe/ResponseListener.php
View File

@ -13,6 +13,7 @@ namespace Symfony\Component\Security\Http\RememberMe;
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Component\HttpKernel\HttpKernelInterface;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
/**
@ -27,6 +28,10 @@ class ResponseListener implements EventSubscriberInterface
*/
public function onKernelResponse(FilterResponseEvent $event)
{
if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) {
return;
}
$request = $event->getRequest();
$response = $event->getResponse();

21
src/Symfony/Component/Security/Tests/Http/RememberMe/ResponseListenerTest.php
View File

@ -11,6 +11,7 @@
namespace Symfony\Component\Security\Tests\Http\RememberMe;
use Symfony\Component\HttpKernel\HttpKernelInterface;
use Symfony\Component\Security\Http\RememberMe\ResponseListener;
use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
use Symfony\Component\HttpFoundation\Request;
@ -41,7 +42,22 @@ class ResponseListenerTest extends \PHPUnit_Framework_TestCase
$listener->onKernelResponse($this->getEvent($request, $response));
}
public function testRemmeberMeCookieIsNotSendWithResponse()
public function testRememberMeCookieIsNotSendWithResponseForSubRequests()
{
$cookie = new Cookie('rememberme');
$request = $this->getRequest(array(
RememberMeServicesInterface::COOKIE_ATTR_NAME => $cookie,
));
$response = $this->getResponse();
$response->headers->expects($this->never())->method('setCookie');
$listener = new ResponseListener();
$listener->onKernelResponse($this->getEvent($request, $response, HttpKernelInterface::SUB_REQUEST));
}
public function testRememberMeCookieIsNotSendWithResponse()
{
$request = $this->getRequest();
@ -78,13 +94,14 @@ class ResponseListenerTest extends \PHPUnit_Framework_TestCase
return $response;
}
private function getEvent($request, $response)
private function getEvent($request, $response, $type = HttpKernelInterface::MASTER_REQUEST)
{
$event = $this->getMockBuilder('Symfony\Component\HttpKernel\Event\FilterResponseEvent')
->disableOriginalConstructor()
->getMock();
$event->expects($this->any())->method('getRequest')->will($this->returnValue($request));
$event->expects($this->any())->method('getRequestType')->will($this->returnValue($type));
$event->expects($this->any())->method('getResponse')->will($this->returnValue($response));
return $event;