[Security] TokenBasedRememberMeServices test to show why encoding username is required
This commit is contained in:
parent
4d40852596
commit
63a9736350
@ -125,6 +125,8 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices
|
|||||||
*/
|
*/
|
||||||
protected function generateCookieValue($class, $username, $expires, $password)
|
protected function generateCookieValue($class, $username, $expires, $password)
|
||||||
{
|
{
|
||||||
|
// $username is encoded because it might contain COOKIE_DELIMITER,
|
||||||
|
// we assume other values don't
|
||||||
return $this->encodeCookie(array(
|
return $this->encodeCookie(array(
|
||||||
$class,
|
$class,
|
||||||
base64_encode($username),
|
base64_encode($username),
|
||||||
|
@ -105,7 +105,12 @@ class TokenBasedRememberMeServicesTest extends \PHPUnit_Framework_TestCase
|
|||||||
$this->assertTrue($request->attributes->get(RememberMeServicesInterface::COOKIE_ATTR_NAME)->isCleared());
|
$this->assertTrue($request->attributes->get(RememberMeServicesInterface::COOKIE_ATTR_NAME)->isCleared());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testAutoLogin()
|
/**
|
||||||
|
* @dataProvider provideUsernamesForAutoLogin
|
||||||
|
*
|
||||||
|
* @param string $username
|
||||||
|
*/
|
||||||
|
public function testAutoLogin($username)
|
||||||
{
|
{
|
||||||
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
|
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
|
||||||
$user
|
$user
|
||||||
@ -123,13 +128,13 @@ class TokenBasedRememberMeServicesTest extends \PHPUnit_Framework_TestCase
|
|||||||
$userProvider
|
$userProvider
|
||||||
->expects($this->once())
|
->expects($this->once())
|
||||||
->method('loadUserByUsername')
|
->method('loadUserByUsername')
|
||||||
->with($this->equalTo('foouser'))
|
->with($this->equalTo($username))
|
||||||
->will($this->returnValue($user))
|
->will($this->returnValue($user))
|
||||||
;
|
;
|
||||||
|
|
||||||
$service = $this->getService($userProvider, array('name' => 'foo', 'always_remember_me' => true, 'lifetime' => 3600));
|
$service = $this->getService($userProvider, array('name' => 'foo', 'always_remember_me' => true, 'lifetime' => 3600));
|
||||||
$request = new Request();
|
$request = new Request();
|
||||||
$request->cookies->set('foo', $this->getCookie('fooclass', 'foouser', time() + 3600, 'foopass'));
|
$request->cookies->set('foo', $this->getCookie('fooclass', $username, time() + 3600, 'foopass'));
|
||||||
|
|
||||||
$returnedToken = $service->autoLogin($request);
|
$returnedToken = $service->autoLogin($request);
|
||||||
|
|
||||||
@ -138,6 +143,14 @@ class TokenBasedRememberMeServicesTest extends \PHPUnit_Framework_TestCase
|
|||||||
$this->assertEquals('fookey', $returnedToken->getKey());
|
$this->assertEquals('fookey', $returnedToken->getKey());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function provideUsernamesForAutoLogin()
|
||||||
|
{
|
||||||
|
return array(
|
||||||
|
array('foouser', 'Simple username'),
|
||||||
|
array('foo'.TokenBasedRememberMeServices::COOKIE_DELIMITER.'user', 'Username might contain the delimiter'),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
public function testLogout()
|
public function testLogout()
|
||||||
{
|
{
|
||||||
$service = $this->getService(null, array('name' => 'foo', 'path' => null, 'domain' => null));
|
$service = $this->getService(null, array('name' => 'foo', 'path' => null, 'domain' => null));
|
||||||
|
Reference in New Issue
Block a user