diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix RememberMe with null password

Browse Source
This commit is contained in:
Jérémy Derussé 2020-01-14 13:04:40 +01:00
parent b4a63f925f
commit a7d0d82768
No known key found for this signature in database
GPG Key ID: 2083FA5758C473D2
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
View File

@ -91,12 +91,12 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices
/** /**
* Generates the cookie value. * Generates the cookie value.
* *
* @param int $expires The Unix timestamp when the cookie expires * @param int $expires The Unix timestamp when the cookie expires
* @param string $password The encoded password * @param string|null $password The encoded password
* *
* @return string * @return string
*/ */
protected function generateCookieValue(string $class, string $username, int $expires, string $password) protected function generateCookieValue(string $class, string $username, int $expires, ?string $password)
{ {
// $username is encoded because it might contain COOKIE_DELIMITER, // $username is encoded because it might contain COOKIE_DELIMITER,
// we assume other values don't // we assume other values don't
@ -111,12 +111,12 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices
/** /**
* Generates a hash for the cookie to ensure it is not being tampered with. * Generates a hash for the cookie to ensure it is not being tampered with.
* *
* @param int $expires The Unix timestamp when the cookie expires * @param int $expires The Unix timestamp when the cookie expires
* @param string $password The encoded password * @param string|null $password The encoded password
* *
* @return string * @return string
*/ */
protected function generateCookieHash(string $class, string $username, int $expires, string $password) protected function generateCookieHash(string $class, string $username, int $expires, ?string $password)
{ {
return hash_hmac('sha256', $class.self::COOKIE_DELIMITER.$username.self::COOKIE_DELIMITER.$expires.self::COOKIE_DELIMITER.$password, $this->getSecret()); return hash_hmac('sha256', $class.self::COOKIE_DELIMITER.$username.self::COOKIE_DELIMITER.$expires.self::COOKIE_DELIMITER.$password, $this->getSecret());
} }