From bdbac2c6e666454a743b45e0f91612593e2755bd Mon Sep 17 00:00:00 2001 From: Robert Kopera Date: Tue, 7 May 2019 15:35:36 +0200 Subject: [PATCH] [Security] added support for updated \"distinguished name\" format in x509 authentication --- .../Http/Firewall/X509AuthenticationListener.php | 5 ++++- .../Firewall/X509AuthenticationListenerTest.php | 13 +++++++------ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/src/Symfony/Component/Security/Http/Firewall/X509AuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/X509AuthenticationListener.php index d17ef7464e..76b1cad349 100644 --- a/src/Symfony/Component/Security/Http/Firewall/X509AuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/X509AuthenticationListener.php @@ -44,7 +44,10 @@ class X509AuthenticationListener extends AbstractPreAuthenticatedListener $user = null; if ($request->server->has($this->userKey)) { $user = $request->server->get($this->userKey); - } elseif ($request->server->has($this->credentialKey) && preg_match('#/emailAddress=(.+\@.+\..+)(/|$)#', $request->server->get($this->credentialKey), $matches)) { + } elseif ( + $request->server->has($this->credentialKey) + && preg_match('#emailAddress=(.+\@.+\.[^,/]+)($|,|/)#', $request->server->get($this->credentialKey), $matches) + ) { $user = $matches[1]; } diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/X509AuthenticationListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/X509AuthenticationListenerTest.php index c55eaae0f3..577ca7c38f 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/X509AuthenticationListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/X509AuthenticationListenerTest.php @@ -56,9 +56,8 @@ class X509AuthenticationListenerTest extends TestCase /** * @dataProvider dataProviderGetPreAuthenticatedDataNoUser */ - public function testGetPreAuthenticatedDataNoUser($emailAddress) + public function testGetPreAuthenticatedDataNoUser($emailAddress, $credentials) { - $credentials = 'CN=Sample certificate DN/emailAddress='.$emailAddress; $request = new Request([], [], [], [], [], ['SSL_CLIENT_S_DN' => $credentials]); $tokenStorage = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')->getMock(); @@ -76,10 +75,12 @@ class X509AuthenticationListenerTest extends TestCase public static function dataProviderGetPreAuthenticatedDataNoUser() { - return [ - 'basicEmailAddress' => ['cert@example.com'], - 'emailAddressWithPlusSign' => ['cert+something@example.com'], - ]; + yield ['cert@example.com', 'CN=Sample certificate DN/emailAddress=cert@example.com']; + yield ['cert+something@example.com', 'CN=Sample certificate DN/emailAddress=cert+something@example.com']; + yield ['cert@example.com', 'CN=Sample certificate DN,emailAddress=cert@example.com']; + yield ['cert+something@example.com', 'CN=Sample certificate DN,emailAddress=cert+something@example.com']; + yield ['cert+something@example.com', 'emailAddress=cert+something@example.com,CN=Sample certificate DN']; + yield ['cert+something@example.com', 'emailAddress=cert+something@example.com']; } /**