merged branch fabpot/avoid-session-creation (PR #6964)

This PR was merged into the 2.1 branch. Commits ------- 8ca00c5 [Security] fixed session creation when none is needed (closes #6917) Discussion ---------- [Security] fixed session creation when none is needed (closes #6917) | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #6917 | License | MIT | Doc PR | n/a --------------------------------------------------------------------------- by drak at 2013-02-04T16:24:49Z That looks good. Maybe we need a test for this logic to prevent any regression in the future? --------------------------------------------------------------------------- by bendavies at 2013-02-04T16:30:38Z Yep, this was exactly what i tried locally, but really wasn't familiar enough with it to be confident enough to submit it as a fix. Works for me! --------------------------------------------------------------------------- by bendavies at 2013-02-04T17:19:32Z A few test failures which were added by the breaking PR #2414 in the first place. --------------------------------------------------------------------------- by fabpot at 2013-02-04T18:00:31Z I've fixed the tests which now really test that the session is not started.
2013-02-04 19:15:54 +01:00 · 2013-02-04 19:15:54 +01:00 · 3e2ff71b7c
commit 3e2ff71b7c
parent 09bbb68e9f 8ca00c598c
2 changed files with 35 additions and 31 deletions
--- a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
@ -70,7 +70,6 @@ class ContextListener implements ListenerInterface
        }

        $request = $event->getRequest();
-
        $session = $request->hasPreviousSession() ? $request->getSession() : null;

        if (null === $session || null === $token = $session->get('_security_'.$this->contextKey)) {
@ -117,7 +116,10 @@ class ContextListener implements ListenerInterface
            $this->logger->debug('Write SecurityContext in the session');
        }

-        if (null === $session = $event->getRequest()->getSession()) {
+        $request = $event->getRequest();
+        $session = $request->hasPreviousSession() ? $request->getSession() : null;
+
+        if (null === $session) {
            return;
        }

--- a/src/Symfony/Component/Security/Tests/Http/Firewall/ContextListenerTest.php
+++ b/src/Symfony/Component/Security/Tests/Http/Firewall/ContextListenerTest.php
@ -82,17 +82,11 @@ class ContextListenerTest extends \PHPUnit_Framework_TestCase
        $this->assertFalse($session->has('_security_session'));
    }

-    protected function runSessionOnKernelResponse($newToken, $original = null)
+    public function testOnKernelResponseWithoutSession()
    {
-        $session = new Session(new MockArraySessionStorage());
-
-        if ($original !== null) {
-            $session->set('_security_session', $original);
-        }
-
-        $this->securityContext->setToken($newToken);
-
+        $this->securityContext->setToken(new UsernamePasswordToken('test1', 'pass1', 'phpunit'));
        $request = new Request();
+        $session = new Session(new MockArraySessionStorage());
        $request->setSession($session);

        $event = new FilterResponseEvent(
@ -105,25 +99,7 @@ class ContextListenerTest extends \PHPUnit_Framework_TestCase
        $listener = new ContextListener($this->securityContext, array(), 'session');
        $listener->onKernelResponse($event);

-        return $session;
-    }
-
-    public function testOnKernelResponseWithoutSession()
-    {
-        $this->securityContext->setToken(new UsernamePasswordToken('test1', 'pass1', 'phpunit'));
-        $request = new Request();
-
-        $event = new FilterResponseEvent(
-            $this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface'),
-            $request,
-            HttpKernelInterface::MASTER_REQUEST,
-            new Response()
-        );
-
-        $listener = new ContextListener($this->securityContext, array(), 'session');
-        $listener->onKernelResponse($event);
-
-        $this->assertFalse($request->hasSession());
+        $this->assertFalse($session->isStarted());
    }

    /**
@ -168,4 +144,30 @@ class ContextListenerTest extends \PHPUnit_Framework_TestCase
            array(null),
        );
    }
-}
+
+    protected function runSessionOnKernelResponse($newToken, $original = null)
+    {
+        $session = new Session(new MockArraySessionStorage());
+
+        if ($original !== null) {
+            $session->set('_security_session', $original);
+        }
+
+        $this->securityContext->setToken($newToken);
+
+        $request = new Request();
+        $request->setSession($session);
+        $request->cookies->set('MOCKSESSID', true);
+
+        $event = new FilterResponseEvent(
+            $this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface'),
+            $request,
+            HttpKernelInterface::MASTER_REQUEST,
+            new Response()
+        );
+
+        $listener = new ContextListener($this->securityContext, array(), 'session');
+        $listener->onKernelResponse($event);
+
+        return $session;
+    }}