From 119b0917dc49a63b2f4efe726d2c5330cf043424 Mon Sep 17 00:00:00 2001 From: blanchonvincent Date: Sun, 16 Nov 2014 14:48:58 +0100 Subject: [PATCH 1/2] [Security] Don't send remember cookie for sub request --- .../Http/RememberMe/ResponseListener.php | 4 ++++ .../Http/RememberMe/ResponseListenerTest.php | 22 +++++++++++++++++-- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/Security/Http/RememberMe/ResponseListener.php b/src/Symfony/Component/Security/Http/RememberMe/ResponseListener.php index 2253c5d163..4149fb6d85 100644 --- a/src/Symfony/Component/Security/Http/RememberMe/ResponseListener.php +++ b/src/Symfony/Component/Security/Http/RememberMe/ResponseListener.php @@ -27,6 +27,10 @@ class ResponseListener implements EventSubscriberInterface */ public function onKernelResponse(FilterResponseEvent $event) { + if (!$event->isMasterRequest()) { + return; + } + $request = $event->getRequest(); $response = $event->getResponse(); diff --git a/src/Symfony/Component/Security/Tests/Http/RememberMe/ResponseListenerTest.php b/src/Symfony/Component/Security/Tests/Http/RememberMe/ResponseListenerTest.php index 59e5fe267f..074172c2ed 100644 --- a/src/Symfony/Component/Security/Tests/Http/RememberMe/ResponseListenerTest.php +++ b/src/Symfony/Component/Security/Tests/Http/RememberMe/ResponseListenerTest.php @@ -11,6 +11,7 @@ namespace Symfony\Component\Security\Tests\Http\RememberMe; +use Symfony\Component\HttpKernel\HttpKernelInterface; use Symfony\Component\Security\Http\RememberMe\ResponseListener; use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; use Symfony\Component\HttpFoundation\Request; @@ -41,7 +42,22 @@ class ResponseListenerTest extends \PHPUnit_Framework_TestCase $listener->onKernelResponse($this->getEvent($request, $response)); } - public function testRemmeberMeCookieIsNotSendWithResponse() + public function testRememberMeCookieIsNotSendWithResponseForSubRequests() + { + $cookie = new Cookie('rememberme'); + + $request = $this->getRequest(array( + RememberMeServicesInterface::COOKIE_ATTR_NAME => $cookie, + )); + + $response = $this->getResponse(); + $response->headers->expects($this->never())->method('setCookie'); + + $listener = new ResponseListener(); + $listener->onKernelResponse($this->getEvent($request, $response, HttpKernelInterface::SUB_REQUEST)); + } + + public function testRememberMeCookieIsNotSendWithResponse() { $request = $this->getRequest(); @@ -78,13 +94,15 @@ class ResponseListenerTest extends \PHPUnit_Framework_TestCase return $response; } - private function getEvent($request, $response) + private function getEvent($request, $response, $type = HttpKernelInterface::MASTER_REQUEST) { $event = $this->getMockBuilder('Symfony\Component\HttpKernel\Event\FilterResponseEvent') ->disableOriginalConstructor() ->getMock(); $event->expects($this->any())->method('getRequest')->will($this->returnValue($request)); + $event->expects($this->any())->method('getRequestType')->will($this->returnValue($type)); + $event->expects($this->any())->method('isMasterRequest')->will($this->returnValue($type === HttpKernelInterface::MASTER_REQUEST)); $event->expects($this->any())->method('getResponse')->will($this->returnValue($response)); return $event; From ec38936fbfb418c3c230316538b9bc3329476eff Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Sat, 3 Jan 2015 11:25:34 +0100 Subject: [PATCH 2/2] adapted previous commit for 2.3 --- .../Component/Security/Http/RememberMe/ResponseListener.php | 3 ++- .../Security/Tests/Http/RememberMe/ResponseListenerTest.php | 1 - 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/Security/Http/RememberMe/ResponseListener.php b/src/Symfony/Component/Security/Http/RememberMe/ResponseListener.php index 4149fb6d85..ec5f00616f 100644 --- a/src/Symfony/Component/Security/Http/RememberMe/ResponseListener.php +++ b/src/Symfony/Component/Security/Http/RememberMe/ResponseListener.php @@ -13,6 +13,7 @@ namespace Symfony\Component\Security\Http\RememberMe; use Symfony\Component\HttpKernel\Event\FilterResponseEvent; use Symfony\Component\HttpKernel\KernelEvents; +use Symfony\Component\HttpKernel\HttpKernelInterface; use Symfony\Component\EventDispatcher\EventSubscriberInterface; /** @@ -27,7 +28,7 @@ class ResponseListener implements EventSubscriberInterface */ public function onKernelResponse(FilterResponseEvent $event) { - if (!$event->isMasterRequest()) { + if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) { return; } diff --git a/src/Symfony/Component/Security/Tests/Http/RememberMe/ResponseListenerTest.php b/src/Symfony/Component/Security/Tests/Http/RememberMe/ResponseListenerTest.php index 074172c2ed..011f38a346 100644 --- a/src/Symfony/Component/Security/Tests/Http/RememberMe/ResponseListenerTest.php +++ b/src/Symfony/Component/Security/Tests/Http/RememberMe/ResponseListenerTest.php @@ -102,7 +102,6 @@ class ResponseListenerTest extends \PHPUnit_Framework_TestCase $event->expects($this->any())->method('getRequest')->will($this->returnValue($request)); $event->expects($this->any())->method('getRequestType')->will($this->returnValue($type)); - $event->expects($this->any())->method('isMasterRequest')->will($this->returnValue($type === HttpKernelInterface::MASTER_REQUEST)); $event->expects($this->any())->method('getResponse')->will($this->returnValue($response)); return $event;