bug #27659 [HttpKernel] Make AbstractTestSessionListener compatible with CookieClearingLogoutHandler (thewilkybarkid)

This PR was squashed before being merged into the 3.4 branch (closes #27659). Discussion ---------- [HttpKernel] Make AbstractTestSessionListener compatible with CookieClearingLogoutHandler | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | | License | MIT | Doc PR | #26157 started to send a new cookie in `AbstractTestSessionListener`, but is incompatible with `CookieClearingLogoutHandler` as it overrides its `Set-Cookie` by setting a new cookie (breaking my test that checked to see that the cookie was removed after a log out). Commits ------- f54d96926a [HttpKernel] Make AbstractTestSessionListener compatible with CookieClearingLogoutHandler
2018-07-01 08:51:37 +02:00 · 2018-07-01 08:51:37 +02:00 · 52b91bb206
commit 52b91bb206
parent 0da18e0cb9 f54d96926a
2 changed files with 39 additions and 2 deletions
--- a/src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php
+++ b/src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php
@ -71,6 +71,13 @@ abstract class AbstractTestSessionListener implements EventSubscriberInterface

        if ($session instanceof Session ? !$session->isEmpty() || (null !== $this->sessionId && $session->getId() !== $this->sessionId) : $wasStarted) {
            $params = session_get_cookie_params();
+
+            foreach ($event->getResponse()->headers->getCookies() as $cookie) {
+                if ($session->getName() === $cookie->getName() && $params['path'] === $cookie->getPath() && $params['domain'] == $cookie->getDomain()) {
+                    return;
+                }
+            }
+
            $event->getResponse()->headers->setCookie(new Cookie($session->getName(), $session->getId(), 0 === $params['lifetime'] ? 0 : time() + $params['lifetime'], $params['path'], $params['domain'], $params['secure'], $params['httponly']));
            $this->sessionId = $session->getId();
        }
--- a/src/Symfony/Component/HttpKernel/Tests/EventListener/TestSessionListenerTest.php
+++ b/src/Symfony/Component/HttpKernel/Tests/EventListener/TestSessionListenerTest.php
@ -106,6 +106,36 @@ class TestSessionListenerTest extends TestCase
        $this->assertNotEmpty($response->headers->getCookies());
    }

+    /**
+     * @dataProvider anotherCookieProvider
+     */
+    public function testSessionWithNewSessionIdAndNewCookieDoesNotSendAnotherCookie($existing, array $expected)
+    {
+        $this->sessionHasBeenStarted();
+        $this->sessionIsEmpty();
+        $this->fixSessionId('456');
+
+        $kernel = $this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock();
+        $request = Request::create('/', 'GET', array(), array('MOCKSESSID' => '123'));
+        $event = new GetResponseEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST);
+        $this->listener->onKernelRequest($event);
+
+        $response = new Response('', 200, array('Set-Cookie' => $existing));
+
+        $response = $this->filterResponse(new Request(), HttpKernelInterface::MASTER_REQUEST, $response);
+
+        $this->assertSame($expected, $response->headers->get('Set-Cookie', null, false));
+    }
+
+    public function anotherCookieProvider()
+    {
+        return array(
+            'same' => array('MOCKSESSID=789; path=/', array('MOCKSESSID=789; path=/')),
+            'different domain' => array('MOCKSESSID=789; path=/; domain=example.com', array('MOCKSESSID=789; path=/; domain=example.com', 'MOCKSESSID=456; path=/')),
+            'different path' => array('MOCKSESSID=789; path=/foo', array('MOCKSESSID=789; path=/foo', 'MOCKSESSID=456; path=/')),
+        );
+    }
+
    public function testUnstartedSessionIsNotSave()
    {
        $this->sessionHasNotBeenStarted();
@ -123,10 +153,10 @@ class TestSessionListenerTest extends TestCase
        $this->assertFalse(is_subclass_of(TestSessionListener::class, ServiceSubscriberInterface::class, 'Implementing ServiceSubscriberInterface would create a dep on the DI component, which eg Silex cannot afford'));
    }

-    private function filterResponse(Request $request, $type = HttpKernelInterface::MASTER_REQUEST)
+    private function filterResponse(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, Response $response = null)
    {
        $request->setSession($this->session);
-        $response = new Response();
+        $response = $response ?: new Response();
        $kernel = $this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock();
        $event = new FilterResponseEvent($kernel, $request, $type, $response);