[SecurityBundle] Fix remember-me cookie framework inheritance when session is disabled
This commit is contained in:
parent
100f2056b7
commit
af81008cb6
@ -65,7 +65,7 @@ class SecurityExtension extends Extension implements PrependExtensionInterface
|
||||
return;
|
||||
}
|
||||
foreach ($container->getExtensionConfig('framework') as $config) {
|
||||
if (isset($config['session'])) {
|
||||
if (isset($config['session']) && \is_array($config['session'])) {
|
||||
$rememberMeSecureDefault = $config['session']['cookie_secure'] ?? $rememberMeSecureDefault;
|
||||
$rememberMeSameSiteDefault = array_key_exists('cookie_samesite', $config['session']) ? $config['session']['cookie_samesite'] : $rememberMeSameSiteDefault;
|
||||
}
|
||||
|
@ -12,6 +12,7 @@
|
||||
namespace Symfony\Bundle\SecurityBundle\Tests\DependencyInjection;
|
||||
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Symfony\Bundle\FrameworkBundle\DependencyInjection\FrameworkExtension;
|
||||
use Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension;
|
||||
use Symfony\Bundle\SecurityBundle\SecurityBundle;
|
||||
use Symfony\Bundle\SecurityBundle\Tests\DependencyInjection\Fixtures\UserProvider\DummyProvider;
|
||||
@ -343,6 +344,59 @@ class SecurityExtensionTest extends TestCase
|
||||
$this->assertFalse($container->has(UserProviderInterface::class));
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider sessionConfigurationProvider
|
||||
*/
|
||||
public function testRememberMeCookieInheritFrameworkSessionCookie($config, $samesite, $secure)
|
||||
{
|
||||
$container = $this->getRawContainer();
|
||||
|
||||
$container->registerExtension(new FrameworkExtension());
|
||||
$container->setParameter('kernel.bundles_metadata', array());
|
||||
$container->setParameter('kernel.project_dir', __DIR__);
|
||||
$container->setParameter('kernel.root_dir', __DIR__);
|
||||
$container->setParameter('kernel.cache_dir', __DIR__);
|
||||
|
||||
$container->loadFromExtension('security', array(
|
||||
'firewalls' => array(
|
||||
'default' => array(
|
||||
'form_login' => null,
|
||||
'remember_me' => array('secret' => 'baz'),
|
||||
),
|
||||
),
|
||||
));
|
||||
$container->loadFromExtension('framework', array(
|
||||
'session' => $config,
|
||||
));
|
||||
|
||||
$container->compile();
|
||||
|
||||
$definition = $container->getDefinition('security.authentication.rememberme.services.simplehash.default');
|
||||
|
||||
$this->assertEquals($samesite, $definition->getArgument(3)['samesite']);
|
||||
$this->assertEquals($secure, $definition->getArgument(3)['secure']);
|
||||
}
|
||||
|
||||
public function sessionConfigurationProvider()
|
||||
{
|
||||
return array(
|
||||
array(
|
||||
false,
|
||||
null,
|
||||
false,
|
||||
),
|
||||
array(
|
||||
array(
|
||||
'cookie_secure' => true,
|
||||
'cookie_samesite' => 'lax',
|
||||
'save_path' => null,
|
||||
),
|
||||
'lax',
|
||||
true,
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
protected function getRawContainer()
|
||||
{
|
||||
$container = new ContainerBuilder();
|
||||
|
Reference in New Issue
Block a user