bug #36175 [Security/Http] Remember me: allow to set the samesite cookie flag (dunglas)
This PR was merged into the 3.4 branch.
Discussion
----------
[Security/Http] Remember me: allow to set the samesite cookie flag
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Similar to #35605, since Chrome 80 is going to require the `samesite` attribute.
This is a cherry-pick of #27976
Commits
-------
f0ceb73397
[Security] Remember me: allow to set the samesite cookie flag
This commit is contained in:
commit
438d9e5f28
@ -25,6 +25,7 @@ class RememberMeFactory implements SecurityFactoryInterface
|
|||||||
'domain' => null,
|
'domain' => null,
|
||||||
'secure' => false,
|
'secure' => false,
|
||||||
'httponly' => true,
|
'httponly' => true,
|
||||||
|
'samesite' => null,
|
||||||
'always_remember_me' => false,
|
'always_remember_me' => false,
|
||||||
'remember_me_parameter' => '_remember_me',
|
'remember_me_parameter' => '_remember_me',
|
||||||
];
|
];
|
||||||
|
@ -38,6 +38,7 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface
|
|||||||
protected $options = [
|
protected $options = [
|
||||||
'secure' => false,
|
'secure' => false,
|
||||||
'httponly' => true,
|
'httponly' => true,
|
||||||
|
'samesite' => null,
|
||||||
];
|
];
|
||||||
private $providerKey;
|
private $providerKey;
|
||||||
private $secret;
|
private $secret;
|
||||||
@ -281,7 +282,7 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface
|
|||||||
$this->logger->debug('Clearing remember-me cookie.', ['name' => $this->options['name']]);
|
$this->logger->debug('Clearing remember-me cookie.', ['name' => $this->options['name']]);
|
||||||
}
|
}
|
||||||
|
|
||||||
$request->attributes->set(self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], null, 1, $this->options['path'], $this->options['domain'], $this->options['secure'], $this->options['httponly']));
|
$request->attributes->set(self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], null, 1, $this->options['path'], $this->options['domain'], $this->options['secure'], $this->options['httponly'], false, $this->options['samesite']));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -84,7 +84,9 @@ class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices
|
|||||||
$this->options['path'],
|
$this->options['path'],
|
||||||
$this->options['domain'],
|
$this->options['domain'],
|
||||||
$this->options['secure'],
|
$this->options['secure'],
|
||||||
$this->options['httponly']
|
$this->options['httponly'],
|
||||||
|
false,
|
||||||
|
$this->options['samesite']
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
@ -117,7 +119,9 @@ class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices
|
|||||||
$this->options['path'],
|
$this->options['path'],
|
||||||
$this->options['domain'],
|
$this->options['domain'],
|
||||||
$this->options['secure'],
|
$this->options['secure'],
|
||||||
$this->options['httponly']
|
$this->options['httponly'],
|
||||||
|
false,
|
||||||
|
$this->options['samesite']
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
@ -81,7 +81,9 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices
|
|||||||
$this->options['path'],
|
$this->options['path'],
|
||||||
$this->options['domain'],
|
$this->options['domain'],
|
||||||
$this->options['secure'],
|
$this->options['secure'],
|
||||||
$this->options['httponly']
|
$this->options['httponly'],
|
||||||
|
false,
|
||||||
|
$this->options['samesite']
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
@ -12,6 +12,7 @@
|
|||||||
namespace Symfony\Component\Security\Http\Tests\RememberMe;
|
namespace Symfony\Component\Security\Http\Tests\RememberMe;
|
||||||
|
|
||||||
use PHPUnit\Framework\TestCase;
|
use PHPUnit\Framework\TestCase;
|
||||||
|
use Symfony\Component\HttpFoundation\Cookie;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
use Symfony\Component\HttpFoundation\Response;
|
||||||
use Symfony\Component\HttpFoundation\ResponseHeaderBag;
|
use Symfony\Component\HttpFoundation\ResponseHeaderBag;
|
||||||
@ -268,7 +269,7 @@ class PersistentTokenBasedRememberMeServicesTest extends TestCase
|
|||||||
|
|
||||||
public function testLoginSuccessSetsCookieWhenLoggedInWithNonRememberMeTokenInterfaceImplementation()
|
public function testLoginSuccessSetsCookieWhenLoggedInWithNonRememberMeTokenInterfaceImplementation()
|
||||||
{
|
{
|
||||||
$service = $this->getService(null, ['name' => 'foo', 'domain' => 'myfoodomain.foo', 'path' => '/foo/path', 'secure' => true, 'httponly' => true, 'lifetime' => 3600, 'always_remember_me' => true]);
|
$service = $this->getService(null, ['name' => 'foo', 'domain' => 'myfoodomain.foo', 'path' => '/foo/path', 'secure' => true, 'httponly' => true, 'samesite' => Cookie::SAMESITE_STRICT, 'lifetime' => 3600, 'always_remember_me' => true]);
|
||||||
$request = new Request();
|
$request = new Request();
|
||||||
$response = new Response();
|
$response = new Response();
|
||||||
|
|
||||||
@ -305,6 +306,7 @@ class PersistentTokenBasedRememberMeServicesTest extends TestCase
|
|||||||
$this->assertTrue($cookie->getExpiresTime() > time() + 3590 && $cookie->getExpiresTime() < time() + 3610);
|
$this->assertTrue($cookie->getExpiresTime() > time() + 3590 && $cookie->getExpiresTime() < time() + 3610);
|
||||||
$this->assertEquals('myfoodomain.foo', $cookie->getDomain());
|
$this->assertEquals('myfoodomain.foo', $cookie->getDomain());
|
||||||
$this->assertEquals('/foo/path', $cookie->getPath());
|
$this->assertEquals('/foo/path', $cookie->getPath());
|
||||||
|
$this->assertSame(Cookie::SAMESITE_STRICT, $cookie->getSameSite());
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function encodeCookie(array $parts)
|
protected function encodeCookie(array $parts)
|
||||||
|
@ -12,6 +12,7 @@
|
|||||||
namespace Symfony\Component\Security\Http\Tests\RememberMe;
|
namespace Symfony\Component\Security\Http\Tests\RememberMe;
|
||||||
|
|
||||||
use PHPUnit\Framework\TestCase;
|
use PHPUnit\Framework\TestCase;
|
||||||
|
use Symfony\Component\HttpFoundation\Cookie;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
use Symfony\Component\HttpFoundation\Response;
|
||||||
use Symfony\Component\HttpFoundation\ResponseHeaderBag;
|
use Symfony\Component\HttpFoundation\ResponseHeaderBag;
|
||||||
@ -205,7 +206,7 @@ class TokenBasedRememberMeServicesTest extends TestCase
|
|||||||
|
|
||||||
public function testLoginSuccess()
|
public function testLoginSuccess()
|
||||||
{
|
{
|
||||||
$service = $this->getService(null, ['name' => 'foo', 'domain' => 'myfoodomain.foo', 'path' => '/foo/path', 'secure' => true, 'httponly' => true, 'lifetime' => 3600, 'always_remember_me' => true]);
|
$service = $this->getService(null, ['name' => 'foo', 'domain' => 'myfoodomain.foo', 'path' => '/foo/path', 'secure' => true, 'httponly' => true, 'samesite' => Cookie::SAMESITE_STRICT, 'lifetime' => 3600, 'always_remember_me' => true]);
|
||||||
$request = new Request();
|
$request = new Request();
|
||||||
$response = new Response();
|
$response = new Response();
|
||||||
|
|
||||||
@ -240,6 +241,7 @@ class TokenBasedRememberMeServicesTest extends TestCase
|
|||||||
$this->assertTrue($cookie->getExpiresTime() > time() + 3590 && $cookie->getExpiresTime() < time() + 3610);
|
$this->assertTrue($cookie->getExpiresTime() > time() + 3590 && $cookie->getExpiresTime() < time() + 3610);
|
||||||
$this->assertEquals('myfoodomain.foo', $cookie->getDomain());
|
$this->assertEquals('myfoodomain.foo', $cookie->getDomain());
|
||||||
$this->assertEquals('/foo/path', $cookie->getPath());
|
$this->assertEquals('/foo/path', $cookie->getPath());
|
||||||
|
$this->assertSame(Cookie::SAMESITE_STRICT, $cookie->getSameSite());
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function getCookie($class, $username, $expires, $password)
|
protected function getCookie($class, $username, $expires, $password)
|
||||||
|
Reference in New Issue
Block a user