From 880a392d37823915cb68ca275d26c9874d217d99 Mon Sep 17 00:00:00 2001
From: Maxime STEINHAUSSER <maxime.steinhausser@elao.com>
Date: Thu, 7 Jul 2016 09:10:40 +0200
Subject: [PATCH] [Security] Fix deprecated usage of
 DigestAuthenticationEntryPoint::getKey() in DigestAuthenticationListener

---
 .../Firewall/DigestAuthenticationListener.php |  2 +-
 .../DigestAuthenticationListenerTest.php      | 79 +++++++++++++++++++
 2 files changed, 80 insertions(+), 1 deletion(-)
 create mode 100644 src/Symfony/Component/Security/Http/Tests/Firewall/DigestAuthenticationListenerTest.php

diff --git a/src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php
index d8d71fbdd1..71bdf6ca38 100644
--- a/src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php
@@ -78,7 +78,7 @@ class DigestAuthenticationListener implements ListenerInterface
         }
 
         try {
-            $digestAuth->validateAndDecode($this->authenticationEntryPoint->getKey(), $this->authenticationEntryPoint->getRealmName());
+            $digestAuth->validateAndDecode($this->authenticationEntryPoint->getSecret(), $this->authenticationEntryPoint->getRealmName());
         } catch (BadCredentialsException $e) {
             $this->fail($event, $request, $e);
 
diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/DigestAuthenticationListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/DigestAuthenticationListenerTest.php
new file mode 100644
index 0000000000..80b2dc4134
--- /dev/null
+++ b/src/Symfony/Component/Security/Http/Tests/Firewall/DigestAuthenticationListenerTest.php
@@ -0,0 +1,79 @@
+<?php
+
+namespace Symfony\Component\Security\Http\Tests\Firewall;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Symfony\Component\Security\Http\EntryPoint\DigestAuthenticationEntryPoint;
+use Symfony\Component\Security\Http\Firewall\DigestAuthenticationListener;
+
+class DigestAuthenticationListenerTest extends \PHPUnit_Framework_TestCase
+{
+    public function testHandleWithValidDigest()
+    {
+        $time = microtime(true) + 1000;
+        $secret = 'ThisIsASecret';
+        $nonce = base64_encode($time.':'.md5($time.':'.$secret));
+        $username = 'user';
+        $password = 'password';
+        $realm = 'Welcome, robot!';
+        $cnonce = 'MDIwODkz';
+        $nc = '00000001';
+        $qop = 'auth';
+        $uri = '/path/info?p1=5&p2=5';
+
+        $serverDigest = $this->calculateServerDigest($username, $realm, $password, $nc, $nonce, $cnonce, $qop, 'GET', $uri);
+
+        $digestData =
+            'username="'.$username.'", realm="'.$realm.'", nonce="'.$nonce.'", '.
+            'uri="'.$uri.'", cnonce="'.$cnonce.'", nc='.$nc.', qop="'.$qop.'", '.
+            'response="'.$serverDigest.'"'
+        ;
+
+        $request = new Request(array(), array(), array(), array(), array(), array('PHP_AUTH_DIGEST' => $digestData));
+
+        $entryPoint = new DigestAuthenticationEntryPoint($realm, $secret);
+
+        $user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
+        $user->method('getPassword')->willReturn($password);
+
+        $providerKey = 'TheProviderKey';
+
+        $tokenStorage = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface');
+        $tokenStorage
+            ->expects($this->once())
+            ->method('getToken')
+            ->will($this->returnValue(null))
+        ;
+        $tokenStorage
+            ->expects($this->once())
+            ->method('setToken')
+            ->with($this->equalTo(new UsernamePasswordToken($user, $password, $providerKey)))
+        ;
+
+        $userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface');
+        $userProvider->method('loadUserByUsername')->willReturn($user);
+
+        $listener = new DigestAuthenticationListener($tokenStorage, $userProvider, $providerKey, $entryPoint);
+
+        $event = $this->getMock('Symfony\Component\HttpKernel\Event\GetResponseEvent', array(), array(), '', false);
+        $event
+            ->expects($this->any())
+            ->method('getRequest')
+            ->will($this->returnValue($request))
+        ;
+
+        $listener->handle($event);
+    }
+
+    private function calculateServerDigest($username, $realm, $password, $nc, $nonce, $cnonce, $qop, $method, $uri)
+    {
+        $response = md5(
+            md5($username.':'.$realm.':'.$password).':'.$nonce.':'.$nc.':'.$cnonce.':'.$qop.':'.md5($method.':'.$uri)
+        );
+
+        return sprintf('username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=%s, qop="%s", response="%s"',
+            $username, $realm, $nonce, $uri, $cnonce, $nc, $qop, $response
+        );
+    }
+}