[Security] fix merge of 2.7 into 2.8 + add test case
This commit is contained in:
parent
c337bf6810
commit
51d9008d68
@ -96,9 +96,13 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$requestBag = $this->options['post_only'] ? $request->request : $request;
|
if ($this->options['post_only']) {
|
||||||
$username = ParameterBagUtils::getParameterBagValue($requestBag, $this->options['username_parameter']);
|
$username = ParameterBagUtils::getParameterBagValue($request->request, $this->options['username_parameter']);
|
||||||
$password = ParameterBagUtils::getParameterBagValue($requestBag, $this->options['password_parameter']);
|
$password = ParameterBagUtils::getParameterBagValue($request->request, $this->options['password_parameter']);
|
||||||
|
} else {
|
||||||
|
$username = ParameterBagUtils::getRequestParameterValue($request, $this->options['username_parameter']);
|
||||||
|
$password = ParameterBagUtils::getRequestParameterValue($request, $this->options['password_parameter']);
|
||||||
|
}
|
||||||
|
|
||||||
if (!\is_string($username) || (\is_object($username) && !\method_exists($username, '__toString'))) {
|
if (!\is_string($username) || (\is_object($username) && !\method_exists($username, '__toString'))) {
|
||||||
throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.', $this->options['username_parameter'], \gettype($username)));
|
throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.', $this->options['username_parameter'], \gettype($username)));
|
||||||
|
@ -77,10 +77,11 @@ class UsernamePasswordFormAuthenticationListenerTest extends TestCase
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* @dataProvider postOnlyDataProvider
|
||||||
* @expectedException \Symfony\Component\HttpKernel\Exception\BadRequestHttpException
|
* @expectedException \Symfony\Component\HttpKernel\Exception\BadRequestHttpException
|
||||||
* @expectedExceptionMessage The key "_username" must be a string, "array" given.
|
* @expectedExceptionMessage The key "_username" must be a string, "array" given.
|
||||||
*/
|
*/
|
||||||
public function testHandleNonStringUsername()
|
public function testHandleNonStringUsername($postOnly)
|
||||||
{
|
{
|
||||||
$request = Request::create('/login_check', 'POST', array('_username' => array()));
|
$request = Request::create('/login_check', 'POST', array('_username' => array()));
|
||||||
$request->setSession($this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock());
|
$request->setSession($this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock());
|
||||||
@ -93,7 +94,7 @@ class UsernamePasswordFormAuthenticationListenerTest extends TestCase
|
|||||||
'foo',
|
'foo',
|
||||||
new DefaultAuthenticationSuccessHandler($httpUtils),
|
new DefaultAuthenticationSuccessHandler($httpUtils),
|
||||||
new DefaultAuthenticationFailureHandler($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $httpUtils),
|
new DefaultAuthenticationFailureHandler($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $httpUtils),
|
||||||
array('require_previous_session' => false)
|
array('require_previous_session' => false, 'post_only' => $postOnly)
|
||||||
);
|
);
|
||||||
|
|
||||||
$event = new GetResponseEvent($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $request, HttpKernelInterface::MASTER_REQUEST);
|
$event = new GetResponseEvent($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $request, HttpKernelInterface::MASTER_REQUEST);
|
||||||
@ -101,6 +102,14 @@ class UsernamePasswordFormAuthenticationListenerTest extends TestCase
|
|||||||
$listener->handle($event);
|
$listener->handle($event);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function postOnlyDataProvider()
|
||||||
|
{
|
||||||
|
return array(
|
||||||
|
array(true),
|
||||||
|
array(false),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
public function getUsernameForLength()
|
public function getUsernameForLength()
|
||||||
{
|
{
|
||||||
return array(
|
return array(
|
||||||
|
Reference in New Issue
Block a user