diogo
/
symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Security] Remember me: allow to set the samesite cookie flag

This commit is contained in:
Kévin Dunglas 2018-07-17 14:51:24 +02:00 committed by Nicolas Grekas
parent 0e2d5e960a
commit f0ceb73397
6 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php
View File

@ -25,6 +25,7 @@ class RememberMeFactory implements SecurityFactoryInterface
'domain' => null,
'secure' => false,
'httponly' => true,
'samesite' => null,
'always_remember_me' => false,
'remember_me_parameter' => '_remember_me',
];

3
src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php
View File

@ -38,6 +38,7 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface
protected $options = [
'secure' => false,
'httponly' => true,
'samesite' => null,
];
private $providerKey;
private $secret;
@ -281,7 +282,7 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface
$this->logger->debug('Clearing remember-me cookie.', ['name' => $this->options['name']]);
}
$request->attributes->set(self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], null, 1, $this->options['path'], $this->options['domain'], $this->options['secure'], $this->options['httponly']));
$request->attributes->set(self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], null, 1, $this->options['path'], $this->options['domain'], $this->options['secure'], $this->options['httponly'], false, $this->options['samesite']));
}
/**

8
src/Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices.php
View File

@ -84,7 +84,9 @@ class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices
$this->options['path'],
$this->options['domain'],
$this->options['secure'],
$this->options['httponly']
$this->options['httponly'],
false,
$this->options['samesite']
)
);
@ -117,7 +119,9 @@ class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices
$this->options['path'],
$this->options['domain'],
$this->options['secure'],
$this->options['httponly']
$this->options['httponly'],
false,
$this->options['samesite']
)
);
}

4
src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
View File

@ -81,7 +81,9 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices
$this->options['path'],
$this->options['domain'],
$this->options['secure'],
$this->options['httponly']
$this->options['httponly'],
false,
$this->options['samesite']
)
);
}

4
src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentTokenBasedRememberMeServicesTest.php
View File

@ -12,6 +12,7 @@
namespace Symfony\Component\Security\Http\Tests\RememberMe;
use PHPUnit\Framework\TestCase;
use Symfony\Component\HttpFoundation\Cookie;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\ResponseHeaderBag;
@ -268,7 +269,7 @@ class PersistentTokenBasedRememberMeServicesTest extends TestCase
public function testLoginSuccessSetsCookieWhenLoggedInWithNonRememberMeTokenInterfaceImplementation()
{
$service = $this->getService(null, ['name' => 'foo', 'domain' => 'myfoodomain.foo', 'path' => '/foo/path', 'secure' => true, 'httponly' => true, 'lifetime' => 3600, 'always_remember_me' => true]);
$service = $this->getService(null, ['name' => 'foo', 'domain' => 'myfoodomain.foo', 'path' => '/foo/path', 'secure' => true, 'httponly' => true, 'samesite' => Cookie::SAMESITE_STRICT, 'lifetime' => 3600, 'always_remember_me' => true]);
$request = new Request();
$response = new Response();
@ -305,6 +306,7 @@ class PersistentTokenBasedRememberMeServicesTest extends TestCase
$this->assertTrue($cookie->getExpiresTime() > time() + 3590 && $cookie->getExpiresTime() < time() + 3610);
$this->assertEquals('myfoodomain.foo', $cookie->getDomain());
$this->assertEquals('/foo/path', $cookie->getPath());
$this->assertSame(Cookie::SAMESITE_STRICT, $cookie->getSameSite());
}
protected function encodeCookie(array $parts)

4
src/Symfony/Component/Security/Http/Tests/RememberMe/TokenBasedRememberMeServicesTest.php
View File

@ -12,6 +12,7 @@
namespace Symfony\Component\Security\Http\Tests\RememberMe;
use PHPUnit\Framework\TestCase;
use Symfony\Component\HttpFoundation\Cookie;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\ResponseHeaderBag;
@ -205,7 +206,7 @@ class TokenBasedRememberMeServicesTest extends TestCase
public function testLoginSuccess()
{
$service = $this->getService(null, ['name' => 'foo', 'domain' => 'myfoodomain.foo', 'path' => '/foo/path', 'secure' => true, 'httponly' => true, 'lifetime' => 3600, 'always_remember_me' => true]);
$service = $this->getService(null, ['name' => 'foo', 'domain' => 'myfoodomain.foo', 'path' => '/foo/path', 'secure' => true, 'httponly' => true, 'samesite' => Cookie::SAMESITE_STRICT, 'lifetime' => 3600, 'always_remember_me' => true]);
$request = new Request();
$response = new Response();
@ -240,6 +241,7 @@ class TokenBasedRememberMeServicesTest extends TestCase
$this->assertTrue($cookie->getExpiresTime() > time() + 3590 && $cookie->getExpiresTime() < time() + 3610);
$this->assertEquals('myfoodomain.foo', $cookie->getDomain());
$this->assertEquals('/foo/path', $cookie->getPath());
$this->assertSame(Cookie::SAMESITE_STRICT, $cookie->getSameSite());
}
protected function getCookie($class, $username, $expires, $password)