diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '2.8' into 3.2

Browse Source 
* 2.8:
  [Security] added more tests
  [Security] fixed default target path when referer contains a query string
  [Security] simplified tests
  [Security] refactored tests
  [VarDumper] Move locale sniffing to dump() time
This commit is contained in:
Fabien Potencier 2017-07-19 11:36:17 +02:00
commit 4b4f831769
3 changed files with 90 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php
View File

@ -122,8 +122,14 @@ class DefaultAuthenticationSuccessHandler implements AuthenticationSuccessHandle
return $targetUrl; return $targetUrl;
} }
if ($this->options['use_referer'] && ($targetUrl = $request->headers->get('Referer')) && $targetUrl !== $this->httpUtils->generateUri($request, $this->options['login_path'])) { if ($this->options['use_referer']) {
return $targetUrl; $targetUrl = $request->headers->get('Referer');
if (false !== $pos = strpos($targetUrl, '?')) {
$targetUrl = substr($targetUrl, 0, $pos);
}
if ($targetUrl !== $this->httpUtils->generateUri($request, $this->options['login_path'])) {
return $targetUrl;
}
} }
return $this->options['default_target_path']; return $this->options['default_target_path'];

235
src/Symfony/Component/Security/Http/Tests/Authentication/DefaultAuthenticationSuccessHandlerTest.php
View File

@ -12,173 +12,92 @@
namespace Symfony\Component\Security\Http\Tests\Authentication; namespace Symfony\Component\Security\Http\Tests\Authentication;
use PHPUnit\Framework\TestCase; use PHPUnit\Framework\TestCase;
use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler; use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler;
use Symfony\Component\Security\Http\HttpUtils;
class DefaultAuthenticationSuccessHandlerTest extends TestCase class DefaultAuthenticationSuccessHandlerTest extends TestCase
{ {
private $httpUtils = null; /**
* @dataProvider getRequestRedirections
private $request = null; */
public function testRequestRedirections(Request $request, $options, $redirectedUrl)
private $token = null;
protected function setUp()
{ {
$this->httpUtils = $this->getMockBuilder('Symfony\Component\Security\Http\HttpUtils')->getMock(); $urlGenerator = $this->getMockBuilder('Symfony\Component\Routing\Generator\UrlGeneratorInterface')->getMock();
$this->request = $this->getMockBuilder('Symfony\Component\HttpFoundation\Request')->getMock(); $urlGenerator->expects($this->any())->method('generate')->will($this->returnValue('http://localhost/login'));
$this->request->headers = $this->getMockBuilder('Symfony\Component\HttpFoundation\HeaderBag')->getMock(); $httpUtils = new HttpUtils($urlGenerator);
$this->token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock(); $token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock();
$handler = new DefaultAuthenticationSuccessHandler($httpUtils, $options);
if ($request->hasSession()) {
$handler->setProviderKey('admin');
}
$this->assertSame('http://localhost'.$redirectedUrl, $handler->onAuthenticationSuccess($request, $token)->getTargetUrl());
} }
public function testRequestIsRedirected() public function getRequestRedirections()
{
$response = $this->expectRedirectResponse('/');
$handler = new DefaultAuthenticationSuccessHandler($this->httpUtils, array());
$result = $handler->onAuthenticationSuccess($this->request, $this->token);
$this->assertSame($response, $result);
}
public function testDefaultTargetPathCanBeForced()
{
$options = array(
'always_use_default_target_path' => true,
'default_target_path' => '/dashboard',
);
$response = $this->expectRedirectResponse('/dashboard');
$handler = new DefaultAuthenticationSuccessHandler($this->httpUtils, $options);
$result = $handler->onAuthenticationSuccess($this->request, $this->token);
$this->assertSame($response, $result);
}
public function testTargetPathIsPassedWithRequest()
{
$this->request->expects($this->once())
->method('get')->with('_target_path')
->will($this->returnValue('/dashboard'));
$response = $this->expectRedirectResponse('/dashboard');
$handler = new DefaultAuthenticationSuccessHandler($this->httpUtils, array());
$result = $handler->onAuthenticationSuccess($this->request, $this->token);
$this->assertSame($response, $result);
}
public function testTargetPathIsPassedAsNestedParameterWithRequest()
{
$this->request->expects($this->once())
->method('get')->with('_target_path')
->will($this->returnValue(array('value' => '/dashboard')));
$response = $this->expectRedirectResponse('/dashboard');
$handler = new DefaultAuthenticationSuccessHandler($this->httpUtils, array('target_path_parameter' => '_target_path[value]'));
$result = $handler->onAuthenticationSuccess($this->request, $this->token);
$this->assertSame($response, $result);
}
public function testTargetPathParameterIsCustomised()
{
$options = array('target_path_parameter' => '_my_target_path');
$this->request->expects($this->once())
->method('get')->with('_my_target_path')
->will($this->returnValue('/dashboard'));
$response = $this->expectRedirectResponse('/dashboard');
$handler = new DefaultAuthenticationSuccessHandler($this->httpUtils, $options);
$result = $handler->onAuthenticationSuccess($this->request, $this->token);
$this->assertSame($response, $result);
}
public function testTargetPathIsTakenFromTheSession()
{ {
$session = $this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock(); $session = $this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock();
$session->expects($this->once()) $session->expects($this->once())->method('get')->with('_security.admin.target_path')->will($this->returnValue('/admin/dashboard'));
->method('get')->with('_security.admin.target_path') $session->expects($this->once())->method('remove')->with('_security.admin.target_path');
->will($this->returnValue('/admin/dashboard')); $requestWithSession = Request::create('/');
$session->expects($this->once()) $requestWithSession->setSession($session);
->method('remove')->with('_security.admin.target_path');
$this->request->expects($this->any()) return array(
->method('getSession') 'default' => array(
->will($this->returnValue($session)); Request::create('/'),
array(),
$response = $this->expectRedirectResponse('/admin/dashboard'); '/',
),
$handler = new DefaultAuthenticationSuccessHandler($this->httpUtils, array()); 'forced target path' => array(
$handler->setProviderKey('admin'); Request::create('/'),
array('always_use_default_target_path' => true, 'default_target_path' => '/dashboard'),
$result = $handler->onAuthenticationSuccess($this->request, $this->token); '/dashboard',
),
$this->assertSame($response, $result); 'target path as query string' => array(
} Request::create('/?_target_path=/dashboard'),
array(),
public function testTargetPathIsPassedAsReferer() '/dashboard',
{ ),
$options = array('use_referer' => true); 'target path name as query string is customized' => array(
Request::create('/?_my_target_path=/dashboard'),
$this->request->headers->expects($this->once()) array('target_path_parameter' => '_my_target_path'),
->method('get')->with('Referer') '/dashboard',
->will($this->returnValue('/dashboard')); ),
'target path name as query string is customized and nested' => array(
$response = $this->expectRedirectResponse('/dashboard'); Request::create('/?_target_path[value]=/dashboard'),
array('target_path_parameter' => '_target_path[value]'),
$handler = new DefaultAuthenticationSuccessHandler($this->httpUtils, $options); '/dashboard',
$result = $handler->onAuthenticationSuccess($this->request, $this->token); ),
'target path in session' => array(
$this->assertSame($response, $result); $requestWithSession,
} array(),
'/admin/dashboard',
public function testRefererHasToBeDifferentThatLoginUrl() ),
{ 'target path as referer' => array(
$options = array('use_referer' => true); Request::create('/', 'GET', array(), array(), array(), array('HTTP_REFERER' => 'http://localhost/dashboard')),
array('use_referer' => true),
$this->request->headers->expects($this->any()) '/dashboard',
->method('get')->with('Referer') ),
->will($this->returnValue('/login')); 'target path as referer is ignored if not configured' => array(
Request::create('/', 'GET', array(), array(), array(), array('HTTP_REFERER' => 'http://localhost/dashboard')),
$this->httpUtils->expects($this->once()) array(),
->method('generateUri')->with($this->request, '/login') '/',
->will($this->returnValue('/login')); ),
'target path should be different than login URL' => array(
$response = $this->expectRedirectResponse('/'); Request::create('/', 'GET', array(), array(), array(), array('HTTP_REFERER' => 'http://localhost/login')),
array('use_referer' => true, 'login_path' => '/login'),
$handler = new DefaultAuthenticationSuccessHandler($this->httpUtils, $options); '/',
$result = $handler->onAuthenticationSuccess($this->request, $this->token); ),
'target path should be different than login URL (query string does not matter)' => array(
$this->assertSame($response, $result); Request::create('/', 'GET', array(), array(), array(), array('HTTP_REFERER' => 'http://localhost/login?t=1&p=2')),
} array('use_referer' => true, 'login_path' => '/login'),
'/',
public function testRefererTargetPathIsIgnoredByDefault() ),
{ 'target path should be different than login URL (login_path as a route)' => array(
$this->request->headers->expects($this->never())->method('get'); Request::create('/', 'GET', array(), array(), array(), array('HTTP_REFERER' => 'http://localhost/login?t=1&p=2')),
array('use_referer' => true, 'login_path' => 'login_route'),
$response = $this->expectRedirectResponse('/'); '/',
),
$handler = new DefaultAuthenticationSuccessHandler($this->httpUtils, array()); );
$result = $handler->onAuthenticationSuccess($this->request, $this->token);
$this->assertSame($response, $result);
}
private function expectRedirectResponse($path)
{
$response = new Response();
$this->httpUtils->expects($this->once())
->method('createRedirectResponse')
->with($this->request, $path)
->will($this->returnValue($response));
return $response;
} }
} }

7
src/Symfony/Component/VarDumper/Dumper/AbstractDumper.php
View File

@ -44,8 +44,8 @@ abstract class AbstractDumper implements DataDumperInterface, DumperInterface
{ {
$this->flags = (int) $flags; $this->flags = (int) $flags;
$this->setCharset($charset ?: ini_get('php.output_encoding') ?: ini_get('default_charset') ?: 'UTF-8'); $this->setCharset($charset ?: ini_get('php.output_encoding') ?: ini_get('default_charset') ?: 'UTF-8');
$this->decimalPoint = (string) 0.5; $this->decimalPoint = localeconv();
$this->decimalPoint = $this->decimalPoint[1]; $this->decimalPoint = $this->decimalPoint['decimal_point'];
$this->setOutput($output ?: static::$defaultOutput); $this->setOutput($output ?: static::$defaultOutput);
if (!$output && is_string(static::$defaultOutput)) { if (!$output && is_string(static::$defaultOutput)) {
static::$defaultOutput = $this->outputStream; static::$defaultOutput = $this->outputStream;
@ -121,6 +121,9 @@ abstract class AbstractDumper implements DataDumperInterface, DumperInterface
*/ */
public function dump(Data $data, $output = null) public function dump(Data $data, $output = null)
{ {
$this->decimalPoint = localeconv();
$this->decimalPoint = $this->decimalPoint['decimal_point'];
if ($returnDump = true === $output) { if ($returnDump = true === $output) {
$output = fopen('php://memory', 'r+b'); $output = fopen('php://memory', 'r+b');
} }