Simplify UriSigner when working with HttpFoundation's Request
This commit is contained in:
parent
5c37ab016c
commit
4887b4bee1
@ -83,8 +83,7 @@ class FragmentListener implements EventSubscriberInterface
|
||||
}
|
||||
|
||||
// is the Request signed?
|
||||
// we cannot use $request->getUri() here as we want to work with the original URI (no query string reordering)
|
||||
if ($this->signer->check($request->getSchemeAndHttpHost().$request->getBaseUrl().$request->getPathInfo().(null !== ($qs = $request->server->get('QUERY_STRING')) ? '?'.$qs : ''))) {
|
||||
if ($this->signer->checkRequest($request)) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -12,6 +12,7 @@
|
||||
namespace Symfony\Component\HttpKernel\Tests;
|
||||
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpKernel\UriSigner;
|
||||
|
||||
class UriSignerTest extends TestCase
|
||||
@ -52,6 +53,15 @@ class UriSignerTest extends TestCase
|
||||
$this->assertTrue($signer->check($signer->sign('http://example.com/foo?foo=bar&baz=bay')));
|
||||
}
|
||||
|
||||
public function testCheckWithRequest()
|
||||
{
|
||||
$signer = new UriSigner('foobar');
|
||||
|
||||
$this->assertTrue($signer->checkRequest(Request::create($signer->sign('http://example.com/foo'))));
|
||||
$this->assertTrue($signer->checkRequest(Request::create($signer->sign('http://example.com/foo?foo=bar'))));
|
||||
$this->assertTrue($signer->checkRequest(Request::create($signer->sign('http://example.com/foo?foo=bar&0=integer'))));
|
||||
}
|
||||
|
||||
public function testCheckWithDifferentParameter()
|
||||
{
|
||||
$signer = new UriSigner('foobar', 'qux');
|
||||
|
@ -11,6 +11,8 @@
|
||||
|
||||
namespace Symfony\Component\HttpKernel;
|
||||
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
/**
|
||||
* Signs URIs.
|
||||
*
|
||||
@ -78,6 +80,14 @@ class UriSigner
|
||||
return hash_equals($this->computeHash($this->buildUrl($url, $params)), $hash);
|
||||
}
|
||||
|
||||
public function checkRequest(Request $request): bool
|
||||
{
|
||||
$qs = ($qs = $request->server->get('QUERY_STRING')) ? '?'.$qs : '';
|
||||
|
||||
// we cannot use $request->getUri() here as we want to work with the original URI (no query string reordering)
|
||||
return $this->check($request->getSchemeAndHttpHost().$request->getBaseUrl().$request->getPathInfo().$qs);
|
||||
}
|
||||
|
||||
private function computeHash(string $uri): string
|
||||
{
|
||||
return base64_encode(hash_hmac('sha256', $uri, $this->secret, true));
|
||||
|
Reference in New Issue
Block a user