[Security] fixes a bug in DigestAuthenticationListener
This commit is contained in:
parent
44b89e5ac3
commit
bc05bef2b9
@ -82,13 +82,14 @@ class DigestAuthenticationListener implements ListenerInterface
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$digestAuth = new DigestData($header);
|
||||||
|
|
||||||
if (null !== $token = $this->securityContext->getToken()) {
|
if (null !== $token = $this->securityContext->getToken()) {
|
||||||
if ($token->isImmutable()) {
|
if ($token->isImmutable()) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// FIXME
|
if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && (string) $token === $digestAuth->getUsername()) {
|
||||||
if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && (string) $token === $username) {
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -97,8 +98,6 @@ class DigestAuthenticationListener implements ListenerInterface
|
|||||||
$this->logger->debug(sprintf('Digest Authorization header received from user agent: %s', $header));
|
$this->logger->debug(sprintf('Digest Authorization header received from user agent: %s', $header));
|
||||||
}
|
}
|
||||||
|
|
||||||
$digestAuth = new DigestData($header);
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$digestAuth->validateAndDecode($this->authenticationEntryPoint->getKey(), $this->authenticationEntryPoint->getRealmName());
|
$digestAuth->validateAndDecode($this->authenticationEntryPoint->getKey(), $this->authenticationEntryPoint->getRealmName());
|
||||||
} catch (BadCredentialsException $e) {
|
} catch (BadCredentialsException $e) {
|
||||||
|
Reference in New Issue
Block a user