[Security] added support for updated \"distinguished name\" format in x509 authentication
This commit is contained in:
parent
0797ef28ed
commit
bdbac2c6e6
@ -44,7 +44,10 @@ class X509AuthenticationListener extends AbstractPreAuthenticatedListener
|
|||||||
$user = null;
|
$user = null;
|
||||||
if ($request->server->has($this->userKey)) {
|
if ($request->server->has($this->userKey)) {
|
||||||
$user = $request->server->get($this->userKey);
|
$user = $request->server->get($this->userKey);
|
||||||
} elseif ($request->server->has($this->credentialKey) && preg_match('#/emailAddress=(.+\@.+\..+)(/|$)#', $request->server->get($this->credentialKey), $matches)) {
|
} elseif (
|
||||||
|
$request->server->has($this->credentialKey)
|
||||||
|
&& preg_match('#emailAddress=(.+\@.+\.[^,/]+)($|,|/)#', $request->server->get($this->credentialKey), $matches)
|
||||||
|
) {
|
||||||
$user = $matches[1];
|
$user = $matches[1];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -56,9 +56,8 @@ class X509AuthenticationListenerTest extends TestCase
|
|||||||
/**
|
/**
|
||||||
* @dataProvider dataProviderGetPreAuthenticatedDataNoUser
|
* @dataProvider dataProviderGetPreAuthenticatedDataNoUser
|
||||||
*/
|
*/
|
||||||
public function testGetPreAuthenticatedDataNoUser($emailAddress)
|
public function testGetPreAuthenticatedDataNoUser($emailAddress, $credentials)
|
||||||
{
|
{
|
||||||
$credentials = 'CN=Sample certificate DN/emailAddress='.$emailAddress;
|
|
||||||
$request = new Request([], [], [], [], [], ['SSL_CLIENT_S_DN' => $credentials]);
|
$request = new Request([], [], [], [], [], ['SSL_CLIENT_S_DN' => $credentials]);
|
||||||
|
|
||||||
$tokenStorage = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')->getMock();
|
$tokenStorage = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')->getMock();
|
||||||
@ -76,10 +75,12 @@ class X509AuthenticationListenerTest extends TestCase
|
|||||||
|
|
||||||
public static function dataProviderGetPreAuthenticatedDataNoUser()
|
public static function dataProviderGetPreAuthenticatedDataNoUser()
|
||||||
{
|
{
|
||||||
return [
|
yield ['cert@example.com', 'CN=Sample certificate DN/emailAddress=cert@example.com'];
|
||||||
'basicEmailAddress' => ['cert@example.com'],
|
yield ['cert+something@example.com', 'CN=Sample certificate DN/emailAddress=cert+something@example.com'];
|
||||||
'emailAddressWithPlusSign' => ['cert+something@example.com'],
|
yield ['cert@example.com', 'CN=Sample certificate DN,emailAddress=cert@example.com'];
|
||||||
];
|
yield ['cert+something@example.com', 'CN=Sample certificate DN,emailAddress=cert+something@example.com'];
|
||||||
|
yield ['cert+something@example.com', 'emailAddress=cert+something@example.com,CN=Sample certificate DN'];
|
||||||
|
yield ['cert+something@example.com', 'emailAddress=cert+something@example.com'];
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Reference in New Issue
Block a user