From bdbac2c6e666454a743b45e0f91612593e2755bd Mon Sep 17 00:00:00 2001 From: Robert Kopera Date: Tue, 7 May 2019 15:35:36 +0200 Subject: [PATCH 1/3] [Security] added support for updated \"distinguished name\" format in x509 authentication --- .../Http/Firewall/X509AuthenticationListener.php | 5 ++++- .../Firewall/X509AuthenticationListenerTest.php | 13 +++++++------ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/src/Symfony/Component/Security/Http/Firewall/X509AuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/X509AuthenticationListener.php index d17ef7464e..76b1cad349 100644 --- a/src/Symfony/Component/Security/Http/Firewall/X509AuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/X509AuthenticationListener.php @@ -44,7 +44,10 @@ class X509AuthenticationListener extends AbstractPreAuthenticatedListener $user = null; if ($request->server->has($this->userKey)) { $user = $request->server->get($this->userKey); - } elseif ($request->server->has($this->credentialKey) && preg_match('#/emailAddress=(.+\@.+\..+)(/|$)#', $request->server->get($this->credentialKey), $matches)) { + } elseif ( + $request->server->has($this->credentialKey) + && preg_match('#emailAddress=(.+\@.+\.[^,/]+)($|,|/)#', $request->server->get($this->credentialKey), $matches) + ) { $user = $matches[1]; } diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/X509AuthenticationListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/X509AuthenticationListenerTest.php index c55eaae0f3..577ca7c38f 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/X509AuthenticationListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/X509AuthenticationListenerTest.php @@ -56,9 +56,8 @@ class X509AuthenticationListenerTest extends TestCase /** * @dataProvider dataProviderGetPreAuthenticatedDataNoUser */ - public function testGetPreAuthenticatedDataNoUser($emailAddress) + public function testGetPreAuthenticatedDataNoUser($emailAddress, $credentials) { - $credentials = 'CN=Sample certificate DN/emailAddress='.$emailAddress; $request = new Request([], [], [], [], [], ['SSL_CLIENT_S_DN' => $credentials]); $tokenStorage = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')->getMock(); @@ -76,10 +75,12 @@ class X509AuthenticationListenerTest extends TestCase public static function dataProviderGetPreAuthenticatedDataNoUser() { - return [ - 'basicEmailAddress' => ['cert@example.com'], - 'emailAddressWithPlusSign' => ['cert+something@example.com'], - ]; + yield ['cert@example.com', 'CN=Sample certificate DN/emailAddress=cert@example.com']; + yield ['cert+something@example.com', 'CN=Sample certificate DN/emailAddress=cert+something@example.com']; + yield ['cert@example.com', 'CN=Sample certificate DN,emailAddress=cert@example.com']; + yield ['cert+something@example.com', 'CN=Sample certificate DN,emailAddress=cert+something@example.com']; + yield ['cert+something@example.com', 'emailAddress=cert+something@example.com,CN=Sample certificate DN']; + yield ['cert+something@example.com', 'emailAddress=cert+something@example.com']; } /** From e6e63017f07ef1830f1e9d3818120ed0a5593d32 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Tue, 4 Jun 2019 20:42:06 +0200 Subject: [PATCH 2/3] [HttpFoundation] work around PHP 7.3 bug related to json_encode() --- .../Console/Descriptor/JsonDescriptor.php | 6 ++++++ .../Component/Console/Descriptor/JsonDescriptor.php | 9 ++++++++- .../Component/Form/Console/Descriptor/JsonDescriptor.php | 6 ++++++ src/Symfony/Component/HttpFoundation/JsonResponse.php | 5 +++++ src/Symfony/Component/Serializer/Encoder/JsonEncode.php | 5 +++++ .../Component/Translation/Dumper/JsonFileDumper.php | 5 +++++ 6 files changed, 35 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Bundle/FrameworkBundle/Console/Descriptor/JsonDescriptor.php b/src/Symfony/Bundle/FrameworkBundle/Console/Descriptor/JsonDescriptor.php index 6b05612ff5..2e00fc2262 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Console/Descriptor/JsonDescriptor.php +++ b/src/Symfony/Bundle/FrameworkBundle/Console/Descriptor/JsonDescriptor.php @@ -185,6 +185,12 @@ class JsonDescriptor extends Descriptor private function writeData(array $data, array $options) { $flags = isset($options['json_encoding']) ? $options['json_encoding'] : 0; + + if (\PHP_VERSION_ID >= 70300 && (JSON_THROW_ON_ERROR & $flags)) { + // Work around https://bugs.php.net/77997 + json_encode(null); + } + $this->write(json_encode($data, $flags | JSON_PRETTY_PRINT)."\n"); } diff --git a/src/Symfony/Component/Console/Descriptor/JsonDescriptor.php b/src/Symfony/Component/Console/Descriptor/JsonDescriptor.php index 197b843d4b..529fb82c40 100644 --- a/src/Symfony/Component/Console/Descriptor/JsonDescriptor.php +++ b/src/Symfony/Component/Console/Descriptor/JsonDescriptor.php @@ -97,7 +97,14 @@ class JsonDescriptor extends Descriptor */ private function writeData(array $data, array $options) { - $this->write(json_encode($data, isset($options['json_encoding']) ? $options['json_encoding'] : 0)); + $flags = isset($options['json_encoding']) ? $options['json_encoding'] : 0; + + if (\PHP_VERSION_ID >= 70300 && (JSON_THROW_ON_ERROR & $flags)) { + // Work around https://bugs.php.net/77997 + json_encode(null); + } + + $this->write(json_encode($data, $flags)); } /** diff --git a/src/Symfony/Component/Form/Console/Descriptor/JsonDescriptor.php b/src/Symfony/Component/Form/Console/Descriptor/JsonDescriptor.php index ab518dbfee..00a5425866 100644 --- a/src/Symfony/Component/Form/Console/Descriptor/JsonDescriptor.php +++ b/src/Symfony/Component/Form/Console/Descriptor/JsonDescriptor.php @@ -82,6 +82,12 @@ class JsonDescriptor extends Descriptor private function writeData(array $data, array $options) { $flags = isset($options['json_encoding']) ? $options['json_encoding'] : 0; + + if (\PHP_VERSION_ID >= 70300 && (JSON_THROW_ON_ERROR & $flags)) { + // Work around https://bugs.php.net/77997 + json_encode(null); + } + $this->output->write(json_encode($data, $flags | JSON_PRETTY_PRINT)."\n"); } diff --git a/src/Symfony/Component/HttpFoundation/JsonResponse.php b/src/Symfony/Component/HttpFoundation/JsonResponse.php index 6fb32ee41b..52f55f7486 100644 --- a/src/Symfony/Component/HttpFoundation/JsonResponse.php +++ b/src/Symfony/Component/HttpFoundation/JsonResponse.php @@ -153,6 +153,11 @@ class JsonResponse extends Response restore_error_handler(); } } else { + if (\PHP_VERSION_ID >= 70300 && (JSON_THROW_ON_ERROR & $this->encodingOptions)) { + // Work around https://bugs.php.net/77997 + json_encode(null); + } + try { $data = json_encode($data, $this->encodingOptions); } catch (\Exception $e) { diff --git a/src/Symfony/Component/Serializer/Encoder/JsonEncode.php b/src/Symfony/Component/Serializer/Encoder/JsonEncode.php index 9b07d709b8..e5b48757dd 100644 --- a/src/Symfony/Component/Serializer/Encoder/JsonEncode.php +++ b/src/Symfony/Component/Serializer/Encoder/JsonEncode.php @@ -36,6 +36,11 @@ class JsonEncode implements EncoderInterface { $context = $this->resolveContext($context); + if (\PHP_VERSION_ID >= 70300 && (JSON_THROW_ON_ERROR & $context['json_encode_options'])) { + // Work around https://bugs.php.net/77997 + json_encode(null); + } + $encodedJson = json_encode($data, $context['json_encode_options']); if (JSON_ERROR_NONE !== json_last_error() && (false === $encodedJson || !($context['json_encode_options'] & JSON_PARTIAL_OUTPUT_ON_ERROR))) { diff --git a/src/Symfony/Component/Translation/Dumper/JsonFileDumper.php b/src/Symfony/Component/Translation/Dumper/JsonFileDumper.php index 3ee446dc73..2a8d23d477 100644 --- a/src/Symfony/Component/Translation/Dumper/JsonFileDumper.php +++ b/src/Symfony/Component/Translation/Dumper/JsonFileDumper.php @@ -31,6 +31,11 @@ class JsonFileDumper extends FileDumper $flags = \defined('JSON_PRETTY_PRINT') ? JSON_PRETTY_PRINT : 0; } + if (\PHP_VERSION_ID >= 70300 && (JSON_THROW_ON_ERROR & $flags)) { + // Work around https://bugs.php.net/77997 + json_encode(null); + } + return json_encode($messages->all($domain), $flags); } From d18f42c409b49771a5b8bb9c02de6a404e3260d1 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Wed, 5 Jun 2019 13:22:47 +0200 Subject: [PATCH 3/3] Fix json-encoding when JSON_THROW_ON_ERROR is used --- .../Console/Descriptor/JsonDescriptor.php | 5 ----- .../Component/Console/Descriptor/JsonDescriptor.php | 5 ----- .../Form/Console/Descriptor/JsonDescriptor.php | 5 ----- src/Symfony/Component/HttpFoundation/JsonResponse.php | 9 ++++----- .../Component/Serializer/Encoder/JsonDecode.php | 10 +++++++++- .../Component/Serializer/Encoder/JsonEncode.php | 9 ++++----- .../Component/Translation/Dumper/JsonFileDumper.php | 5 ----- 7 files changed, 17 insertions(+), 31 deletions(-) diff --git a/src/Symfony/Bundle/FrameworkBundle/Console/Descriptor/JsonDescriptor.php b/src/Symfony/Bundle/FrameworkBundle/Console/Descriptor/JsonDescriptor.php index 2e00fc2262..c18d278688 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Console/Descriptor/JsonDescriptor.php +++ b/src/Symfony/Bundle/FrameworkBundle/Console/Descriptor/JsonDescriptor.php @@ -186,11 +186,6 @@ class JsonDescriptor extends Descriptor { $flags = isset($options['json_encoding']) ? $options['json_encoding'] : 0; - if (\PHP_VERSION_ID >= 70300 && (JSON_THROW_ON_ERROR & $flags)) { - // Work around https://bugs.php.net/77997 - json_encode(null); - } - $this->write(json_encode($data, $flags | JSON_PRETTY_PRINT)."\n"); } diff --git a/src/Symfony/Component/Console/Descriptor/JsonDescriptor.php b/src/Symfony/Component/Console/Descriptor/JsonDescriptor.php index 529fb82c40..f5a143800b 100644 --- a/src/Symfony/Component/Console/Descriptor/JsonDescriptor.php +++ b/src/Symfony/Component/Console/Descriptor/JsonDescriptor.php @@ -99,11 +99,6 @@ class JsonDescriptor extends Descriptor { $flags = isset($options['json_encoding']) ? $options['json_encoding'] : 0; - if (\PHP_VERSION_ID >= 70300 && (JSON_THROW_ON_ERROR & $flags)) { - // Work around https://bugs.php.net/77997 - json_encode(null); - } - $this->write(json_encode($data, $flags)); } diff --git a/src/Symfony/Component/Form/Console/Descriptor/JsonDescriptor.php b/src/Symfony/Component/Form/Console/Descriptor/JsonDescriptor.php index 00a5425866..428586965b 100644 --- a/src/Symfony/Component/Form/Console/Descriptor/JsonDescriptor.php +++ b/src/Symfony/Component/Form/Console/Descriptor/JsonDescriptor.php @@ -83,11 +83,6 @@ class JsonDescriptor extends Descriptor { $flags = isset($options['json_encoding']) ? $options['json_encoding'] : 0; - if (\PHP_VERSION_ID >= 70300 && (JSON_THROW_ON_ERROR & $flags)) { - // Work around https://bugs.php.net/77997 - json_encode(null); - } - $this->output->write(json_encode($data, $flags | JSON_PRETTY_PRINT)."\n"); } diff --git a/src/Symfony/Component/HttpFoundation/JsonResponse.php b/src/Symfony/Component/HttpFoundation/JsonResponse.php index 52f55f7486..24798eea42 100644 --- a/src/Symfony/Component/HttpFoundation/JsonResponse.php +++ b/src/Symfony/Component/HttpFoundation/JsonResponse.php @@ -153,11 +153,6 @@ class JsonResponse extends Response restore_error_handler(); } } else { - if (\PHP_VERSION_ID >= 70300 && (JSON_THROW_ON_ERROR & $this->encodingOptions)) { - // Work around https://bugs.php.net/77997 - json_encode(null); - } - try { $data = json_encode($data, $this->encodingOptions); } catch (\Exception $e) { @@ -166,6 +161,10 @@ class JsonResponse extends Response } throw $e; } + + if (\PHP_VERSION_ID >= 70300 && (JSON_THROW_ON_ERROR & $this->encodingOptions)) { + return $this->setJson($data); + } } } diff --git a/src/Symfony/Component/Serializer/Encoder/JsonDecode.php b/src/Symfony/Component/Serializer/Encoder/JsonDecode.php index 1d0b86afc5..a55f1232e7 100644 --- a/src/Symfony/Component/Serializer/Encoder/JsonDecode.php +++ b/src/Symfony/Component/Serializer/Encoder/JsonDecode.php @@ -72,7 +72,15 @@ class JsonDecode implements DecoderInterface $recursionDepth = $context['json_decode_recursion_depth']; $options = $context['json_decode_options']; - $decodedData = json_decode($data, $associative, $recursionDepth, $options); + try { + $decodedData = json_decode($data, $associative, $recursionDepth, $options); + } catch (\JsonException $e) { + throw new NotEncodableValueException($e->getMessage(), 0, $e); + } + + if (\PHP_VERSION_ID >= 70300 && (JSON_THROW_ON_ERROR & $options)) { + return $decodedData; + } if (JSON_ERROR_NONE !== json_last_error()) { throw new NotEncodableValueException(json_last_error_msg()); diff --git a/src/Symfony/Component/Serializer/Encoder/JsonEncode.php b/src/Symfony/Component/Serializer/Encoder/JsonEncode.php index e5b48757dd..76e532c4b7 100644 --- a/src/Symfony/Component/Serializer/Encoder/JsonEncode.php +++ b/src/Symfony/Component/Serializer/Encoder/JsonEncode.php @@ -36,13 +36,12 @@ class JsonEncode implements EncoderInterface { $context = $this->resolveContext($context); - if (\PHP_VERSION_ID >= 70300 && (JSON_THROW_ON_ERROR & $context['json_encode_options'])) { - // Work around https://bugs.php.net/77997 - json_encode(null); - } - $encodedJson = json_encode($data, $context['json_encode_options']); + if (\PHP_VERSION_ID >= 70300 && (JSON_THROW_ON_ERROR & $context['json_encode_options'])) { + return $encodedJson; + } + if (JSON_ERROR_NONE !== json_last_error() && (false === $encodedJson || !($context['json_encode_options'] & JSON_PARTIAL_OUTPUT_ON_ERROR))) { throw new NotEncodableValueException(json_last_error_msg()); } diff --git a/src/Symfony/Component/Translation/Dumper/JsonFileDumper.php b/src/Symfony/Component/Translation/Dumper/JsonFileDumper.php index 2a8d23d477..3ee446dc73 100644 --- a/src/Symfony/Component/Translation/Dumper/JsonFileDumper.php +++ b/src/Symfony/Component/Translation/Dumper/JsonFileDumper.php @@ -31,11 +31,6 @@ class JsonFileDumper extends FileDumper $flags = \defined('JSON_PRETTY_PRINT') ? JSON_PRETTY_PRINT : 0; } - if (\PHP_VERSION_ID >= 70300 && (JSON_THROW_ON_ERROR & $flags)) { - // Work around https://bugs.php.net/77997 - json_encode(null); - } - return json_encode($messages->all($domain), $flags); }