diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix RememberMe with null password

Browse Source
This commit is contained in:
Jérémy Derussé 2020-01-14 13:04:40 +01:00
parent b4a63f925f
commit a7d0d82768
No known key found for this signature in database
GPG Key ID: 2083FA5758C473D2
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
View File

@ -91,12 +91,12 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices
/**
* Generates the cookie value.
*
* @param int $expires The Unix timestamp when the cookie expires
* @param string $password The encoded password
* @param int $expires The Unix timestamp when the cookie expires
* @param string|null $password The encoded password
*
* @return string
*/
protected function generateCookieValue(string $class, string $username, int $expires, string $password)
protected function generateCookieValue(string $class, string $username, int $expires, ?string $password)
{
// $username is encoded because it might contain COOKIE_DELIMITER,
// we assume other values don't
@ -111,12 +111,12 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices
/**
* Generates a hash for the cookie to ensure it is not being tampered with.
*
* @param int $expires The Unix timestamp when the cookie expires
* @param string $password The encoded password
* @param int $expires The Unix timestamp when the cookie expires
* @param string|null $password The encoded password
*
* @return string
*/
protected function generateCookieHash(string $class, string $username, int $expires, string $password)
protected function generateCookieHash(string $class, string $username, int $expires, ?string $password)
{
return hash_hmac('sha256', $class.self::COOKIE_DELIMITER.$username.self::COOKIE_DELIMITER.$expires.self::COOKIE_DELIMITER.$password, $this->getSecret());
}