[SecurityBundle] Fix remember-me cookie framework inheritance when session is disabled
This commit is contained in:
parent
100f2056b7
commit
af81008cb6
@ -65,7 +65,7 @@ class SecurityExtension extends Extension implements PrependExtensionInterface
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
foreach ($container->getExtensionConfig('framework') as $config) {
|
foreach ($container->getExtensionConfig('framework') as $config) {
|
||||||
if (isset($config['session'])) {
|
if (isset($config['session']) && \is_array($config['session'])) {
|
||||||
$rememberMeSecureDefault = $config['session']['cookie_secure'] ?? $rememberMeSecureDefault;
|
$rememberMeSecureDefault = $config['session']['cookie_secure'] ?? $rememberMeSecureDefault;
|
||||||
$rememberMeSameSiteDefault = array_key_exists('cookie_samesite', $config['session']) ? $config['session']['cookie_samesite'] : $rememberMeSameSiteDefault;
|
$rememberMeSameSiteDefault = array_key_exists('cookie_samesite', $config['session']) ? $config['session']['cookie_samesite'] : $rememberMeSameSiteDefault;
|
||||||
}
|
}
|
||||||
|
@ -12,6 +12,7 @@
|
|||||||
namespace Symfony\Bundle\SecurityBundle\Tests\DependencyInjection;
|
namespace Symfony\Bundle\SecurityBundle\Tests\DependencyInjection;
|
||||||
|
|
||||||
use PHPUnit\Framework\TestCase;
|
use PHPUnit\Framework\TestCase;
|
||||||
|
use Symfony\Bundle\FrameworkBundle\DependencyInjection\FrameworkExtension;
|
||||||
use Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension;
|
use Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension;
|
||||||
use Symfony\Bundle\SecurityBundle\SecurityBundle;
|
use Symfony\Bundle\SecurityBundle\SecurityBundle;
|
||||||
use Symfony\Bundle\SecurityBundle\Tests\DependencyInjection\Fixtures\UserProvider\DummyProvider;
|
use Symfony\Bundle\SecurityBundle\Tests\DependencyInjection\Fixtures\UserProvider\DummyProvider;
|
||||||
@ -343,6 +344,59 @@ class SecurityExtensionTest extends TestCase
|
|||||||
$this->assertFalse($container->has(UserProviderInterface::class));
|
$this->assertFalse($container->has(UserProviderInterface::class));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @dataProvider sessionConfigurationProvider
|
||||||
|
*/
|
||||||
|
public function testRememberMeCookieInheritFrameworkSessionCookie($config, $samesite, $secure)
|
||||||
|
{
|
||||||
|
$container = $this->getRawContainer();
|
||||||
|
|
||||||
|
$container->registerExtension(new FrameworkExtension());
|
||||||
|
$container->setParameter('kernel.bundles_metadata', array());
|
||||||
|
$container->setParameter('kernel.project_dir', __DIR__);
|
||||||
|
$container->setParameter('kernel.root_dir', __DIR__);
|
||||||
|
$container->setParameter('kernel.cache_dir', __DIR__);
|
||||||
|
|
||||||
|
$container->loadFromExtension('security', array(
|
||||||
|
'firewalls' => array(
|
||||||
|
'default' => array(
|
||||||
|
'form_login' => null,
|
||||||
|
'remember_me' => array('secret' => 'baz'),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
));
|
||||||
|
$container->loadFromExtension('framework', array(
|
||||||
|
'session' => $config,
|
||||||
|
));
|
||||||
|
|
||||||
|
$container->compile();
|
||||||
|
|
||||||
|
$definition = $container->getDefinition('security.authentication.rememberme.services.simplehash.default');
|
||||||
|
|
||||||
|
$this->assertEquals($samesite, $definition->getArgument(3)['samesite']);
|
||||||
|
$this->assertEquals($secure, $definition->getArgument(3)['secure']);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function sessionConfigurationProvider()
|
||||||
|
{
|
||||||
|
return array(
|
||||||
|
array(
|
||||||
|
false,
|
||||||
|
null,
|
||||||
|
false,
|
||||||
|
),
|
||||||
|
array(
|
||||||
|
array(
|
||||||
|
'cookie_secure' => true,
|
||||||
|
'cookie_samesite' => 'lax',
|
||||||
|
'save_path' => null,
|
||||||
|
),
|
||||||
|
'lax',
|
||||||
|
true,
|
||||||
|
),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
protected function getRawContainer()
|
protected function getRawContainer()
|
||||||
{
|
{
|
||||||
$container = new ContainerBuilder();
|
$container = new ContainerBuilder();
|
||||||
|
Reference in New Issue
Block a user