Triggering RememberMe's loginFail() when token cannot be created

2018-05-17 09:59:56 -04:00 · 2018-05-17 09:59:56 -04:00 · e3412e6a67
parent 4279f53e34
commit e3412e6a67
2 changed files with 56 additions and 1 deletions
--- a/src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php
@ -68,7 +68,25 @@ class RememberMeListener implements ListenerInterface
        }

        $request = $event->getRequest();
-        if (null === $token = $this->rememberMeServices->autoLogin($request)) {
+        try {
+            if (null === $token = $this->rememberMeServices->autoLogin($request)) {
+                return;
+            }
+        } catch (AuthenticationException $e) {
+            if (null !== $this->logger) {
+                $this->logger->warning(
+                    'The token storage was not populated with remember-me token as the'
+                   .' RememberMeServices was not able to create a token from the remember'
+                   .' me information.', array('exception' => $e)
+                );
+            }
+
+            $this->rememberMeServices->loginFail($request);
+
+            if (!$this->catchExceptions) {
+                throw $e;
+            }
+
            return;
        }

--- a/src/Symfony/Component/Security/Http/Tests/Firewall/RememberMeListenerTest.php
+++ b/src/Symfony/Component/Security/Http/Tests/Firewall/RememberMeListenerTest.php
@ -143,6 +143,43 @@ class RememberMeListenerTest extends TestCase
        $listener->handle($event);
    }

+    public function testOnCoreSecurityAuthenticationExceptionDuringAutoLoginTriggersLoginFail()
+    {
+        list($listener, $tokenStorage, $service, $manager) = $this->getListener();
+
+        $tokenStorage
+            ->expects($this->once())
+            ->method('getToken')
+            ->will($this->returnValue(null))
+        ;
+
+        $exception = new AuthenticationException('Authentication failed.');
+        $service
+            ->expects($this->once())
+            ->method('autoLogin')
+            ->will($this->throwException($exception))
+        ;
+
+        $service
+            ->expects($this->once())
+            ->method('loginFail')
+        ;
+
+        $manager
+            ->expects($this->never())
+            ->method('authenticate')
+        ;
+
+        $event = $this->getGetResponseEvent();
+        $event
+            ->expects($this->once())
+            ->method('getRequest')
+            ->will($this->returnValue(new Request()))
+        ;
+
+        $listener->handle($event);
+    }
+
    public function testOnCoreSecurity()
    {
        list($listener, $tokenStorage, $service, $manager) = $this->getListener();