Handle consecutive supports() calls in the RememberMeAuthenticator

2020-10-03 15:02:03 +02:00 · 2020-10-03 15:02:03 +02:00 · e0d1867b54
parent c453c3dbd5
commit e0d1867b54
2 changed files with 15 additions and 0 deletions
--- a/src/Symfony/Component/Security/Http/Authenticator/RememberMeAuthenticator.php
+++ b/src/Symfony/Component/Security/Http/Authenticator/RememberMeAuthenticator.php
@ -56,6 +56,13 @@ class RememberMeAuthenticator implements InteractiveAuthenticatorInterface
            return false;
        }

+        // if the attribute is set, this is a lazy firewall. The previous
+        // support call already indicated support, so return null and avoid
+        // recreating the cookie
+        if ($request->attributes->has('_remember_me_token')) {
+            return null;
+        }
+
        $token = $this->rememberMeServices->autoLogin($request);
        if (null === $token) {
            return false;
--- a/src/Symfony/Component/Security/Http/Tests/Authenticator/RememberMeAuthenticatorTest.php
+++ b/src/Symfony/Component/Security/Http/Tests/Authenticator/RememberMeAuthenticatorTest.php
@ -60,6 +60,14 @@ class RememberMeAuthenticatorTest extends TestCase
        yield [$this->createMock(TokenInterface::class), null];
    }

+    public function testConsecutiveSupportsCalls()
+    {
+        $this->rememberMeServices->expects($this->once())->method('autoLogin')->with($this->request)->willReturn($this->createMock(TokenInterface::class));
+
+        $this->assertNull($this->authenticator->supports($this->request));
+        $this->assertNull($this->authenticator->supports($this->request));
+    }
+
    public function testAuthenticate()
    {
        $this->request->attributes->set('_remember_me_token', new RememberMeToken($user = new User('wouter', 'test'), 'main', 'secret'));