[Security] fixes a bug in DigestAuthenticationListener
This commit is contained in:
parent
44b89e5ac3
commit
bc05bef2b9
@ -82,13 +82,14 @@ class DigestAuthenticationListener implements ListenerInterface
|
||||
return;
|
||||
}
|
||||
|
||||
$digestAuth = new DigestData($header);
|
||||
|
||||
if (null !== $token = $this->securityContext->getToken()) {
|
||||
if ($token->isImmutable()) {
|
||||
return;
|
||||
}
|
||||
|
||||
// FIXME
|
||||
if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && (string) $token === $username) {
|
||||
if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && (string) $token === $digestAuth->getUsername()) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
@ -97,8 +98,6 @@ class DigestAuthenticationListener implements ListenerInterface
|
||||
$this->logger->debug(sprintf('Digest Authorization header received from user agent: %s', $header));
|
||||
}
|
||||
|
||||
$digestAuth = new DigestData($header);
|
||||
|
||||
try {
|
||||
$digestAuth->validateAndDecode($this->authenticationEntryPoint->getKey(), $this->authenticationEntryPoint->getRealmName());
|
||||
} catch (BadCredentialsException $e) {
|
||||
|
Reference in New Issue
Block a user