[Security] fix merge of 2.7 into 2.8 + add test case

2018-02-09 13:42:37 +01:00 · 2018-02-09 13:42:37 +01:00 · 51d9008d68
commit 51d9008d68
parent c337bf6810
2 changed files with 18 additions and 5 deletions
--- a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
@ -96,9 +96,13 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL
            }
        }
-        $requestBag = $this->options['post_only'] ? $request->request : $request;
+        if ($this->options['post_only']) {
-        $username = ParameterBagUtils::getParameterBagValue($requestBag, $this->options['username_parameter']);
+            $username = ParameterBagUtils::getParameterBagValue($request->request, $this->options['username_parameter']);
-        $password = ParameterBagUtils::getParameterBagValue($requestBag, $this->options['password_parameter']);
+            $password = ParameterBagUtils::getParameterBagValue($request->request, $this->options['password_parameter']);
        } else {
            $username = ParameterBagUtils::getRequestParameterValue($request, $this->options['username_parameter']);
            $password = ParameterBagUtils::getRequestParameterValue($request, $this->options['password_parameter']);
        }
        if (!\is_string($username) || (\is_object($username) && !\method_exists($username, '__toString'))) {
            throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.', $this->options['username_parameter'], \gettype($username)));
--- a/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php
+++ b/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php
@ -77,10 +77,11 @@ class UsernamePasswordFormAuthenticationListenerTest extends TestCase
    }
    /**
     * @dataProvider postOnlyDataProvider
     * @expectedException \Symfony\Component\HttpKernel\Exception\BadRequestHttpException
     * @expectedExceptionMessage The key "_username" must be a string, "array" given.
     */
-    public function testHandleNonStringUsername()
+    public function testHandleNonStringUsername($postOnly)
    {
        $request = Request::create('/login_check', 'POST', array('_username' => array()));
        $request->setSession($this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock());
@ -93,7 +94,7 @@ class UsernamePasswordFormAuthenticationListenerTest extends TestCase
            'foo',
            new DefaultAuthenticationSuccessHandler($httpUtils),
            new DefaultAuthenticationFailureHandler($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $httpUtils),
-            array('require_previous_session' => false)
+            array('require_previous_session' => false, 'post_only' => $postOnly)
        );
        $event = new GetResponseEvent($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $request, HttpKernelInterface::MASTER_REQUEST);
@ -101,6 +102,14 @@ class UsernamePasswordFormAuthenticationListenerTest extends TestCase
        $listener->handle($event);
    }
    public function postOnlyDataProvider()
    {
        return array(
            array(true),
            array(false),
        );
    }
    public function getUsernameForLength()
    {
        return array(