Merge branch '3.4' into 4.4
* 3.4: Handle fetch mode deprecation of DBAL 2.11. Fixed handling of CSRF logout error
This commit is contained in:
commit
dfe8c816a6
|
@ -63,7 +63,7 @@ class DoctrineTokenProvider implements TokenProviderInterface
|
|||
$paramValues = ['series' => $series];
|
||||
$paramTypes = ['series' => \PDO::PARAM_STR];
|
||||
$stmt = $this->conn->executeQuery($sql, $paramValues, $paramTypes);
|
||||
$row = $stmt->fetch(\PDO::FETCH_ASSOC);
|
||||
$row = method_exists($stmt, 'fetchAssociative') ? $stmt->fetchAssociative() : $stmt->fetch(\PDO::FETCH_ASSOC);
|
||||
|
||||
if ($row) {
|
||||
return new PersistentToken($row['class'], $row['username'], $series, $row['value'], new \DateTime($row['last_used']));
|
||||
|
|
|
@ -0,0 +1,88 @@
|
|||
<?php
|
||||
|
||||
namespace Security\RememberMe;
|
||||
|
||||
use Doctrine\DBAL\DriverManager;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Symfony\Bridge\Doctrine\Security\RememberMe\DoctrineTokenProvider;
|
||||
use Symfony\Component\Security\Core\Authentication\RememberMe\PersistentToken;
|
||||
use Symfony\Component\Security\Core\Exception\TokenNotFoundException;
|
||||
|
||||
/**
|
||||
* @requires extension pdo_sqlite
|
||||
*/
|
||||
class DoctrineTokenProviderTest extends TestCase
|
||||
{
|
||||
public static function setUpBeforeClass()
|
||||
{
|
||||
if (\PHP_VERSION_ID >= 80000) {
|
||||
self::markTestSkipped('Doctrine DBAL 2.x is incompatible with PHP 8.');
|
||||
}
|
||||
}
|
||||
|
||||
public function testCreateNewToken()
|
||||
{
|
||||
$provider = $this->bootstrapProvider();
|
||||
|
||||
$token = new PersistentToken('someClass', 'someUser', 'someSeries', 'tokenValue', new \DateTime('2013-01-26T18:23:51'));
|
||||
$provider->createNewToken($token);
|
||||
|
||||
$this->assertEquals($provider->loadTokenBySeries('someSeries'), $token);
|
||||
}
|
||||
|
||||
public function testLoadTokenBySeriesThrowsNotFoundException()
|
||||
{
|
||||
$provider = $this->bootstrapProvider();
|
||||
|
||||
$this->expectException(TokenNotFoundException::class);
|
||||
$provider->loadTokenBySeries('someSeries');
|
||||
}
|
||||
|
||||
public function testUpdateToken()
|
||||
{
|
||||
$provider = $this->bootstrapProvider();
|
||||
|
||||
$token = new PersistentToken('someClass', 'someUser', 'someSeries', 'tokenValue', new \DateTime('2013-01-26T18:23:51'));
|
||||
$provider->createNewToken($token);
|
||||
$provider->updateToken('someSeries', 'newValue', $lastUsed = new \DateTime('2014-06-26T22:03:46'));
|
||||
$token = $provider->loadTokenBySeries('someSeries');
|
||||
|
||||
$this->assertEquals('newValue', $token->getTokenValue());
|
||||
$this->assertEquals($token->getLastUsed(), $lastUsed);
|
||||
}
|
||||
|
||||
public function testDeleteToken()
|
||||
{
|
||||
$provider = $this->bootstrapProvider();
|
||||
$token = new PersistentToken('someClass', 'someUser', 'someSeries', 'tokenValue', new \DateTime('2013-01-26T18:23:51'));
|
||||
$provider->createNewToken($token);
|
||||
$provider->deleteTokenBySeries('someSeries');
|
||||
|
||||
$this->expectException(TokenNotFoundException::class);
|
||||
|
||||
$provider->loadTokenBySeries('someSeries');
|
||||
}
|
||||
|
||||
/**
|
||||
* @return DoctrineTokenProvider
|
||||
*/
|
||||
private function bootstrapProvider()
|
||||
{
|
||||
$connection = DriverManager::getConnection([
|
||||
'driver' => 'pdo_sqlite',
|
||||
'url' => 'sqlite:///:memory:',
|
||||
]);
|
||||
$connection->executeUpdate(<<< 'SQL'
|
||||
CREATE TABLE rememberme_token (
|
||||
series char(88) UNIQUE PRIMARY KEY NOT NULL,
|
||||
value char(88) NOT NULL,
|
||||
lastUsed datetime NOT NULL,
|
||||
class varchar(100) NOT NULL,
|
||||
username varchar(200) NOT NULL
|
||||
);
|
||||
SQL
|
||||
);
|
||||
|
||||
return new DoctrineTokenProvider($connection);
|
||||
}
|
||||
}
|
|
@ -24,11 +24,11 @@ trait PdoPruneableTrait
|
|||
$getPdoConn = $o->getMethod('getConnection');
|
||||
$getPdoConn->setAccessible(true);
|
||||
|
||||
/** @var \Doctrine\DBAL\Statement $select */
|
||||
/** @var \Doctrine\DBAL\Statement|\PDOStatement $select */
|
||||
$select = $getPdoConn->invoke($cache)->prepare('SELECT 1 FROM cache_items WHERE item_id LIKE :id');
|
||||
$select->bindValue(':id', sprintf('%%%s', $name));
|
||||
$select->execute();
|
||||
|
||||
return 0 === \count($select->fetchAll(\PDO::FETCH_COLUMN));
|
||||
return 1 !== (int) (method_exists($select, 'fetchOne') ? $select->fetchOne() : $select->fetch(\PDO::FETCH_COLUMN));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -194,7 +194,13 @@ trait PdoTrait
|
|||
}
|
||||
$stmt->execute();
|
||||
|
||||
while ($row = $stmt->fetch(\PDO::FETCH_NUM)) {
|
||||
if (method_exists($stmt, 'iterateNumeric')) {
|
||||
$stmt = $stmt->iterateNumeric();
|
||||
} else {
|
||||
$stmt->setFetchMode(\PDO::FETCH_NUM);
|
||||
}
|
||||
|
||||
foreach ($stmt as $row) {
|
||||
if (null === $row[1]) {
|
||||
$expired[] = $row[0];
|
||||
} else {
|
||||
|
|
|
@ -111,7 +111,7 @@ class ExceptionListener
|
|||
}
|
||||
|
||||
if ($exception instanceof LogoutException) {
|
||||
$this->handleLogoutException($exception);
|
||||
$this->handleLogoutException($event, $exception);
|
||||
|
||||
return;
|
||||
}
|
||||
|
@ -181,10 +181,12 @@ class ExceptionListener
|
|||
}
|
||||
}
|
||||
|
||||
private function handleLogoutException(LogoutException $exception): void
|
||||
private function handleLogoutException(GetResponseForExceptionEvent $event, LogoutException $exception): void
|
||||
{
|
||||
$event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
|
||||
|
||||
if (null !== $this->logger) {
|
||||
$this->logger->info('A LogoutException was thrown.', ['exception' => $exception]);
|
||||
$this->logger->info('A LogoutException was thrown; wrapping with AccessDeniedHttpException', ['exception' => $exception]);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -21,6 +21,7 @@ use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverIn
|
|||
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
|
||||
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
|
||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||
use Symfony\Component\Security\Core\Exception\LogoutException;
|
||||
use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface;
|
||||
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
|
||||
use Symfony\Component\Security\Http\Firewall\ExceptionListener;
|
||||
|
@ -157,6 +158,17 @@ class ExceptionListenerTest extends TestCase
|
|||
$this->assertSame(null === $eventException ? $exception : $eventException, $event->getThrowable()->getPrevious());
|
||||
}
|
||||
|
||||
public function testLogoutException()
|
||||
{
|
||||
$event = $this->createEvent(new LogoutException('Invalid CSRF.'));
|
||||
|
||||
$listener = $this->createExceptionListener();
|
||||
$listener->onKernelException($event);
|
||||
|
||||
$this->assertEquals('Invalid CSRF.', $event->getException()->getMessage());
|
||||
$this->assertEquals(403, $event->getException()->getStatusCode());
|
||||
}
|
||||
|
||||
public function getAccessDeniedExceptionProvider()
|
||||
{
|
||||
return [
|
||||
|
|
Reference in New Issue