[Security] Check for request's session before attempting writes.

2011-10-25 14:19:34 -04:00 · 2011-10-25 14:19:34 -04:00 · ab9caa0a61
commit ab9caa0a61
parent dabff0e4d5
2 changed files with 36 additions and 8 deletions
--- a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
@ -97,7 +97,9 @@ class ContextListener implements ListenerInterface
            $this->logger->debug('Write SecurityContext in the session');
        }

-        $session = $event->getRequest()->getSession();
+        if (null === $session = $event->getRequest()->getSession()) {
+            return;
+        }

        if ((null === $token = $this->context->getToken()) || ($token instanceof AnonymousToken)) {
            $session->remove('_security_'.$this->contextKey);
--- a/tests/Symfony/Tests/Component/Security/Http/Firewall/ContextListenerTest.php
+++ b/tests/Symfony/Tests/Component/Security/Http/Firewall/ContextListenerTest.php
@ -14,6 +14,19 @@ use Symfony\Component\Security\Http\Firewall\ContextListener;

 class ContextListenerTest extends \PHPUnit_Framework_TestCase
 {
+    protected function setUp()
+    {
+        $this->securityContext = new SecurityContext(
+            $this->getMock('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface'),
+            $this->getMock('Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface')
+        );
+    }
+
+    protected function tearDown()
+    {
+        unset($this->securityContext);
+    }
+
    public function testOnKernelResponseWillAddSession()
    {
        $session = $this->runSessionOnKernelResponse(
@ -56,12 +69,7 @@ class ContextListenerTest extends \PHPUnit_Framework_TestCase
            $session->set('_security_session', $original);
        }

-
-        $securityContext = new SecurityContext(
-            $this->getMock('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface'),
-            $this->getMock('Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface')
-        );
-        $securityContext->setToken($newToken);
+        $this->securityContext->setToken($newToken);

        $request = new Request();
        $request->setSession($session);
@ -73,9 +81,27 @@ class ContextListenerTest extends \PHPUnit_Framework_TestCase
            new Response()
        );

-        $listener = new ContextListener($securityContext, array(), 'session');
+        $listener = new ContextListener($this->securityContext, array(), 'session');
        $listener->onKernelResponse($event);

        return $session;
    }
+
+    public function testOnKernelResponseWithoutSession()
+    {
+        $this->securityContext->setToken(new UsernamePasswordToken('test1', 'pass1', 'phpunit'));
+        $request = new Request();
+
+        $event = new FilterResponseEvent(
+            $this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface'),
+            $request,
+            HttpKernelInterface::MASTER_REQUEST,
+            new Response()
+        );
+
+        $listener = new ContextListener($this->securityContext, array(), 'session');
+        $listener->onKernelResponse($event);
+
+        $this->assertFalse($request->hasSession());
+    }
 }