diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Security] fixes a bug in DigestAuthenticationListener

Browse Source
This commit is contained in:
Johannes M. Schmitt 2011-02-14 20:40:18 +01:00 committed by Fabien Potencier
parent 44b89e5ac3
commit bc05bef2b9
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php
View File

@ -82,13 +82,14 @@ class DigestAuthenticationListener implements ListenerInterface
return;
}
$digestAuth = new DigestData($header);
if (null !== $token = $this->securityContext->getToken()) {
if ($token->isImmutable()) {
return;
}
// FIXME
if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && (string) $token === $username) {
if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && (string) $token === $digestAuth->getUsername()) {
return;
}
}
@ -97,8 +98,6 @@ class DigestAuthenticationListener implements ListenerInterface
$this->logger->debug(sprintf('Digest Authorization header received from user agent: %s', $header));
}
$digestAuth = new DigestData($header);
try {
$digestAuth->validateAndDecode($this->authenticationEntryPoint->getKey(), $this->authenticationEntryPoint->getRealmName());
} catch (BadCredentialsException $e) {