Fixed incompatibility of x509 auth with nginx
This commit is contained in:
parent
567213fea9
commit
ba8fc166ca
|
@ -41,10 +41,17 @@ class X509AuthenticationListener extends AbstractPreAuthenticatedListener
|
|||
*/
|
||||
protected function getPreAuthenticatedData(Request $request)
|
||||
{
|
||||
if (!$request->server->has($this->userKey)) {
|
||||
throw new BadCredentialsException(sprintf('SSL key was not found: %s', $this->userKey));
|
||||
$user = null;
|
||||
if ($request->server->has($this->userKey)) {
|
||||
$user = $request->server->get($this->userKey);
|
||||
} elseif ($request->server->has($this->credentialKey) && preg_match('#/emailAddress=(.+\@.+\..+)(/|$)#', $request->server->get($this->credentialKey), $matches)) {
|
||||
$user = $matches[1];
|
||||
}
|
||||
|
||||
return array($request->server->get($this->userKey), $request->server->get($this->credentialKey, ''));
|
||||
if (null === $user) {
|
||||
throw new BadCredentialsException(sprintf('SSL credentials not found: %s, %s', $this->userKey, $this->credentialKey));
|
||||
}
|
||||
|
||||
return array($user, $request->server->get($this->credentialKey, ''));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -42,11 +42,7 @@ class X509AuthenticationListenerTest extends \PHPUnit_Framework_TestCase
|
|||
|
||||
$authenticationManager = $this->getMock('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface');
|
||||
|
||||
$listener = new X509AuthenticationListener(
|
||||
$context,
|
||||
$authenticationManager,
|
||||
'TheProviderKey'
|
||||
);
|
||||
$listener = new X509AuthenticationListener($context, $authenticationManager, 'TheProviderKey');
|
||||
|
||||
$method = new \ReflectionMethod($listener, 'getPreAuthenticatedData');
|
||||
$method->setAccessible(true);
|
||||
|
@ -63,10 +59,39 @@ class X509AuthenticationListenerTest extends \PHPUnit_Framework_TestCase
|
|||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider dataProviderGetPreAuthenticatedDataNoUser
|
||||
*/
|
||||
public function testGetPreAuthenticatedDataNoUser($emailAddress)
|
||||
{
|
||||
$credentials = 'CN=Sample certificate DN/emailAddress='.$emailAddress;
|
||||
$request = new Request(array(), array(), array(), array(), array(), array('SSL_CLIENT_S_DN' => $credentials));
|
||||
|
||||
$context = $this->getMock('Symfony\Component\Security\Core\SecurityContextInterface');
|
||||
|
||||
$authenticationManager = $this->getMock('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface');
|
||||
|
||||
$listener = new X509AuthenticationListener($context, $authenticationManager, 'TheProviderKey');
|
||||
|
||||
$method = new \ReflectionMethod($listener, 'getPreAuthenticatedData');
|
||||
$method->setAccessible(true);
|
||||
|
||||
$result = $method->invokeArgs($listener, array($request));
|
||||
$this->assertSame($result, array($emailAddress, $credentials));
|
||||
}
|
||||
|
||||
public static function dataProviderGetPreAuthenticatedDataNoUser()
|
||||
{
|
||||
return array(
|
||||
'basicEmailAddress' => array('cert@example.com'),
|
||||
'emailAddressWithPlusSign' => array('cert+something@example.com'),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
|
||||
*/
|
||||
public function testGetPreAuthenticatedDataNoUser()
|
||||
public function testGetPreAuthenticatedDataNoData()
|
||||
{
|
||||
$request = new Request(array(), array(), array(), array(), array(), array());
|
||||
|
||||
|
@ -74,11 +99,7 @@ class X509AuthenticationListenerTest extends \PHPUnit_Framework_TestCase
|
|||
|
||||
$authenticationManager = $this->getMock('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface');
|
||||
|
||||
$listener = new X509AuthenticationListener(
|
||||
$context,
|
||||
$authenticationManager,
|
||||
'TheProviderKey'
|
||||
);
|
||||
$listener = new X509AuthenticationListener($context, $authenticationManager, 'TheProviderKey');
|
||||
|
||||
$method = new \ReflectionMethod($listener, 'getPreAuthenticatedData');
|
||||
$method->setAccessible(true);
|
||||
|
@ -98,13 +119,7 @@ class X509AuthenticationListenerTest extends \PHPUnit_Framework_TestCase
|
|||
|
||||
$authenticationManager = $this->getMock('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface');
|
||||
|
||||
$listener = new X509AuthenticationListener(
|
||||
$context,
|
||||
$authenticationManager,
|
||||
'TheProviderKey',
|
||||
'TheUserKey',
|
||||
'TheCredentialsKey'
|
||||
);
|
||||
$listener = new X509AuthenticationListener($context, $authenticationManager, 'TheProviderKey', 'TheUserKey', 'TheCredentialsKey');
|
||||
|
||||
$method = new \ReflectionMethod($listener, 'getPreAuthenticatedData');
|
||||
$method->setAccessible(true);
|
||||
|
|
Reference in New Issue