diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php index 809f189350..82090db8c6 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php @@ -104,6 +104,10 @@ class RememberMeFactory implements SecurityFactoryInterface, AuthenticatorFactor $loader->load('security_authenticator_remember_me.php'); } + if ('auto' === $config['secure']) { + $config['secure'] = null; + } + // create remember me handler (which manage the remember-me cookies) $rememberMeHandlerId = 'security.authenticator.remember_me_handler.'.$firewallName; if (isset($config['service']) && isset($config['token_provider'])) { diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/RememberMeCookieTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/RememberMeCookieTest.php index 6bfa1ed438..304befd326 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/RememberMeCookieTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/RememberMeCookieTest.php @@ -19,8 +19,23 @@ class RememberMeCookieTest extends AbstractWebTestCase ]); $cookies = $client->getResponse()->headers->getCookies(ResponseHeaderBag::COOKIES_ARRAY); + $this->assertSame($expectedSecureFlag, $cookies['']['/']['REMEMBERME']->isSecure()); + } - $this->assertEquals($expectedSecureFlag, $cookies['']['/']['REMEMBERME']->isSecure()); + /** @dataProvider getSessionRememberMeSecureCookieFlagAutoHttpsMap */ + public function testOldSessionRememberMeSecureCookieFlagAuto($https, $expectedSecureFlag) + { + $client = $this->createClient(['test_case' => 'RememberMeCookie', 'root_config' => 'legacy_config.yml']); + + $client->request('POST', '/login', [ + '_username' => 'test', + '_password' => 'test', + ], [], [ + 'HTTPS' => (int) $https, + ]); + + $cookies = $client->getResponse()->headers->getCookies(ResponseHeaderBag::COOKIES_ARRAY); + $this->assertSame($expectedSecureFlag, $cookies['']['/']['REMEMBERME']->isSecure()); } public function getSessionRememberMeSecureCookieFlagAutoHttpsMap() diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeCookie/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeCookie/config.yml index 1ace79668c..4df09bad41 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeCookie/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeCookie/config.yml @@ -2,6 +2,7 @@ imports: - { resource: ./../config/framework.yml } security: + enable_authenticator_manager: true password_hashers: Symfony\Component\Security\Core\User\InMemoryUser: plaintext @@ -22,4 +23,3 @@ security: secret: key secure: auto logout: ~ - anonymous: ~ diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeCookie/legacy_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeCookie/legacy_config.yml new file mode 100644 index 0000000000..1ace79668c --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeCookie/legacy_config.yml @@ -0,0 +1,25 @@ +imports: + - { resource: ./../config/framework.yml } + +security: + password_hashers: + Symfony\Component\Security\Core\User\InMemoryUser: plaintext + + providers: + in_memory: + memory: + users: + test: { password: test, roles: [ROLE_USER] } + + firewalls: + default: + form_login: + check_path: login + remember_me: true + require_previous_session: false + remember_me: + always_remember_me: true + secret: key + secure: auto + logout: ~ + anonymous: ~