[Security] Check for request's session before attempting writes.
This commit is contained in:
Danny Berger
parent
dabff0e4d5
commit
ab9caa0a61
@ -97,7 +97,9 @@ class ContextListener implements ListenerInterface
|
|||||||
$this->logger->debug('Write SecurityContext in the session');
|
$this->logger->debug('Write SecurityContext in the session');
|
||||||
}
|
}
|
||||||
|
|
||||||
$session = $event->getRequest()->getSession();
|
if (null === $session = $event->getRequest()->getSession()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if ((null === $token = $this->context->getToken()) || ($token instanceof AnonymousToken)) {
|
if ((null === $token = $this->context->getToken()) || ($token instanceof AnonymousToken)) {
|
||||||
$session->remove('_security_'.$this->contextKey);
|
$session->remove('_security_'.$this->contextKey);
|
||||||
|
|||||||
@ -14,6 +14,19 @@ use Symfony\Component\Security\Http\Firewall\ContextListener;
|
|||||||
|
|
||||||
class ContextListenerTest extends \PHPUnit_Framework_TestCase
|
class ContextListenerTest extends \PHPUnit_Framework_TestCase
|
||||||
{
|
{
|
||||||
|
protected function setUp()
|
||||||
|
{
|
||||||
|
$this->securityContext = new SecurityContext(
|
||||||
|
$this->getMock('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface'),
|
||||||
|
$this->getMock('Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface')
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function tearDown()
|
||||||
|
{
|
||||||
|
unset($this->securityContext);
|
||||||
|
}
|
||||||
|
|
||||||
public function testOnKernelResponseWillAddSession()
|
public function testOnKernelResponseWillAddSession()
|
||||||
{
|
{
|
||||||
$session = $this->runSessionOnKernelResponse(
|
$session = $this->runSessionOnKernelResponse(
|
||||||
@ -56,12 +69,7 @@ class ContextListenerTest extends \PHPUnit_Framework_TestCase
|
|||||||
$session->set('_security_session', $original);
|
$session->set('_security_session', $original);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$this->securityContext->setToken($newToken);
|
||||||
$securityContext = new SecurityContext(
|
|
||||||
$this->getMock('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface'),
|
|
||||||
$this->getMock('Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface')
|
|
||||||
);
|
|
||||||
$securityContext->setToken($newToken);
|
|
||||||
|
|
||||||
$request = new Request();
|
$request = new Request();
|
||||||
$request->setSession($session);
|
$request->setSession($session);
|
||||||
@ -73,9 +81,27 @@ class ContextListenerTest extends \PHPUnit_Framework_TestCase
|
|||||||
new Response()
|
new Response()
|
||||||
);
|
);
|
||||||
|
|
||||||
$listener = new ContextListener($securityContext, array(), 'session');
|
$listener = new ContextListener($this->securityContext, array(), 'session');
|
||||||
$listener->onKernelResponse($event);
|
$listener->onKernelResponse($event);
|
||||||
|
|
||||||
return $session;
|
return $session;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testOnKernelResponseWithoutSession()
|
||||||
|
{
|
||||||
|
$this->securityContext->setToken(new UsernamePasswordToken('test1', 'pass1', 'phpunit'));
|
||||||
|
$request = new Request();
|
||||||
|
|
||||||
|
$event = new FilterResponseEvent(
|
||||||
|
$this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface'),
|
||||||
|
$request,
|
||||||
|
HttpKernelInterface::MASTER_REQUEST,
|
||||||
|
new Response()
|
||||||
|
);
|
||||||
|
|
||||||
|
$listener = new ContextListener($this->securityContext, array(), 'session');
|
||||||
|
$listener->onKernelResponse($event);
|
||||||
|
|
||||||
|
$this->assertFalse($request->hasSession());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user