[Security\Http] Fix handling secure: auto using the new RememberMeAuthenticator

2021-05-17 17:36:04 +02:00 · 2021-05-17 17:36:04 +02:00 · 3fdc15474c
commit 3fdc15474c
parent bbb0a694fb
4 changed files with 46 additions and 2 deletions
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php
@ -104,6 +104,10 @@ class RememberMeFactory implements SecurityFactoryInterface, AuthenticatorFactor
            $loader->load('security_authenticator_remember_me.php');
        }

+        if ('auto' === $config['secure']) {
+            $config['secure'] = null;
+        }
+
        // create remember me handler (which manage the remember-me cookies)
        $rememberMeHandlerId = 'security.authenticator.remember_me_handler.'.$firewallName;
        if (isset($config['service']) && isset($config['token_provider'])) {
--- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/RememberMeCookieTest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/RememberMeCookieTest.php
@ -19,8 +19,23 @@ class RememberMeCookieTest extends AbstractWebTestCase
        ]);

        $cookies = $client->getResponse()->headers->getCookies(ResponseHeaderBag::COOKIES_ARRAY);
+        $this->assertSame($expectedSecureFlag, $cookies['']['/']['REMEMBERME']->isSecure());
+    }

-        $this->assertEquals($expectedSecureFlag, $cookies['']['/']['REMEMBERME']->isSecure());
+    /** @dataProvider getSessionRememberMeSecureCookieFlagAutoHttpsMap */
+    public function testOldSessionRememberMeSecureCookieFlagAuto($https, $expectedSecureFlag)
+    {
+        $client = $this->createClient(['test_case' => 'RememberMeCookie', 'root_config' => 'legacy_config.yml']);
+
+        $client->request('POST', '/login', [
+            '_username' => 'test',
+            '_password' => 'test',
+        ], [], [
+            'HTTPS' => (int) $https,
+        ]);
+
+        $cookies = $client->getResponse()->headers->getCookies(ResponseHeaderBag::COOKIES_ARRAY);
+        $this->assertSame($expectedSecureFlag, $cookies['']['/']['REMEMBERME']->isSecure());
    }

    public function getSessionRememberMeSecureCookieFlagAutoHttpsMap()
--- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeCookie/config.yml
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeCookie/config.yml
@ -2,6 +2,7 @@ imports:
    - { resource: ./../config/framework.yml }

 security:
+    enable_authenticator_manager: true
    password_hashers:
        Symfony\Component\Security\Core\User\InMemoryUser: plaintext

@ -22,4 +23,3 @@ security:
                secret: key
                secure: auto
            logout: ~
-            anonymous: ~
--- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeCookie/legacy_config.yml
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeCookie/legacy_config.yml
@ -0,0 +1,25 @@
+imports:
+    - { resource: ./../config/framework.yml }
+
+security:
+    password_hashers:
+        Symfony\Component\Security\Core\User\InMemoryUser: plaintext
+
+    providers:
+        in_memory:
+            memory:
+                users:
+                    test: { password: test, roles: [ROLE_USER] }
+
+    firewalls:
+        default:
+            form_login:
+                check_path: login
+                remember_me: true
+                require_previous_session: false
+            remember_me:
+                always_remember_me: true
+                secret: key
+                secure: auto
+            logout: ~
+            anonymous: ~