From a53f256b4b60fcb5e0378f5a6e7207f22e41ed1c Mon Sep 17 00:00:00 2001 From: flack Date: Wed, 28 Apr 2021 15:58:10 +0200 Subject: [PATCH 1/3] Small phpdoc imporvement --- src/Symfony/Component/HttpFoundation/Request.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php index 6690b9b221..6910fb1d32 100644 --- a/src/Symfony/Component/HttpFoundation/Request.php +++ b/src/Symfony/Component/HttpFoundation/Request.php @@ -687,7 +687,7 @@ class Request * flexibility in controllers, it is better to explicitly get request parameters from the appropriate * public property instead (attributes, query, request). * - * Order of precedence: PATH (routing placeholders or custom attributes), GET, BODY + * Order of precedence: PATH (routing placeholders or custom attributes), GET, POST * * @param string $key The key * @param mixed $default The default value if the parameter key does not exist From a2a944e668e3f46436394d2fcbe35eb18175e186 Mon Sep 17 00:00:00 2001 From: Thijs-jan Veldhuizen Date: Fri, 30 Apr 2021 19:24:44 +0200 Subject: [PATCH 2/3] [Security] Do not try to rehash null-passwords --- .../Http/EventListener/PasswordMigratingListener.php | 4 ++++ .../EventListener/PasswordMigratingListenerTest.php | 10 ++++++++++ 2 files changed, 14 insertions(+) diff --git a/src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php b/src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php index 81d4c04838..6b23a2367a 100644 --- a/src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php +++ b/src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php @@ -50,6 +50,10 @@ class PasswordMigratingListener implements EventSubscriberInterface } $user = $passport->getUser(); + if (null === $user->getPassword()) { + return; + } + $passwordEncoder = $this->encoderFactory->getEncoder($user); if (!$passwordEncoder->needsRehash($user->getPassword())) { return; diff --git a/src/Symfony/Component/Security/Http/Tests/EventListener/PasswordMigratingListenerTest.php b/src/Symfony/Component/Security/Http/Tests/EventListener/PasswordMigratingListenerTest.php index 285472f037..2d925fa220 100644 --- a/src/Symfony/Component/Security/Http/Tests/EventListener/PasswordMigratingListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/EventListener/PasswordMigratingListenerTest.php @@ -108,6 +108,16 @@ class PasswordMigratingListenerTest extends TestCase $this->listener->onLoginSuccess($event); } + public function testUserWithoutPassword() + { + $this->user = new User('test', null); + + $this->encoderFactory->expects($this->never())->method('getEncoder'); + + $event = $this->createEvent(new SelfValidatingPassport(new UserBadge('test', function () { return $this->user; }), [new PasswordUpgradeBadge('pa$$word')])); + $this->listener->onLoginSuccess($event); + } + private function createPasswordUpgrader() { return $this->createMock(MigratingUserProvider::class); From 9159fd317d681f4901567d0ae4283e9ffcfcf3c5 Mon Sep 17 00:00:00 2001 From: Christian Flothmann Date: Sat, 1 May 2021 15:13:29 +0200 Subject: [PATCH 3/3] run tests against doctrine/persistence 2.2 again --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index e7fba79e72..bcb5e9ff8f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -281,7 +281,6 @@ install: elif [[ $deps = low ]]; then echo "$COMPONENTS" | parallel --gnu "tfold {} 'cd {} && $COMPOSER_UP --prefer-lowest --prefer-stable && $PHPUNIT_X'" else - composer require --no-update doctrine/persistence:2.1.* if [[ $PHP = 8.0* ]]; then # add return types before running the test suite sed -i 's/"\*\*\/Tests\/"//' composer.json