diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bug #35792 [Security] Prevent TypeError in case RememberMetoken has no attached user (nikophil)

Browse Source 
This PR was merged into the 3.4 branch.

Discussion
----------

[Security] Prevent TypeError in case RememberMetoken has no attached user

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | Fix #33472
| License       | MIT

Commits
-------

3515793cb3 fix remember me
This commit is contained in:
Robin Chalas 2020-02-20 13:14:22 +01:00
commit aa3637db6f
2 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/Symfony/Component/Security/Core/Authentication/Provider/RememberMeAuthenticationProvider.php
View File

@ -15,7 +15,9 @@ use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
use Symfony\Component\Security\Core\Exception\LogicException;
use Symfony\Component\Security\Core\User\UserCheckerInterface;
use Symfony\Component\Security\Core\User\UserInterface;
class RememberMeAuthenticationProvider implements AuthenticationProviderInterface
{
@ -49,6 +51,11 @@ class RememberMeAuthenticationProvider implements AuthenticationProviderInterfac
}
$user = $token->getUser();
if (!$token->getUser() instanceof UserInterface) {
throw new LogicException(sprintf('Method "%s::getUser()" must return a "%s" instance, "%s" returned.', \get_class($token), UserInterface::class, \is_object($user) ? \get_class($user) : \gettype($user)));
}
$this->userChecker->checkPreAuth($user);
$this->userChecker->checkPostAuth($user);

14
src/Symfony/Component/Security/Core/Tests/Authentication/Provider/RememberMeAuthenticationProviderTest.php
View File

@ -13,8 +13,10 @@ namespace Symfony\Component\Security\Core\Tests\Authentication\Provider;
use PHPUnit\Framework\TestCase;
use Symfony\Component\Security\Core\Authentication\Provider\RememberMeAuthenticationProvider;
use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
use Symfony\Component\Security\Core\Exception\DisabledException;
use Symfony\Component\Security\Core\Role\Role;
use Symfony\Component\Security\Core\User\User;
class RememberMeAuthenticationProviderTest extends TestCase
{
@ -24,6 +26,7 @@ class RememberMeAuthenticationProviderTest extends TestCase
$this->assertTrue($provider->supports($this->getSupportedToken()));
$this->assertFalse($provider->supports($this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock()));
$this->assertFalse($provider->supports($this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\RememberMeToken')->disableOriginalConstructor()->getMock()));
}
public function testAuthenticateWhenTokenIsNotSupported()
@ -45,6 +48,17 @@ class RememberMeAuthenticationProviderTest extends TestCase
$provider->authenticate($token);
}
public function testAuthenticateThrowsOnNonUserInterfaceInstance()
{
$this->expectException('Symfony\Component\Security\Core\Exception\LogicException');
$this->expectExceptionMessage('Method "Symfony\Component\Security\Core\Authentication\Token\RememberMeToken::getUser()" must return a "Symfony\Component\Security\Core\User\UserInterface" instance, "string" returned.');
$provider = $this->getProvider();
$token = new RememberMeToken(new User('dummyuser', null), 'foo', 'test');
$token->setUser('stringish-user');
$provider->authenticate($token);
}
public function testAuthenticateWhenPreChecksFails()
{
$this->expectException('Symfony\Component\Security\Core\Exception\DisabledException');