From fceb86bde6529d948232ce6ab60b924664e45993 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Mon, 30 Sep 2019 14:24:32 +0200 Subject: [PATCH] [Security/Http] fix parsing X509 emailAddress --- .../Security/Http/Firewall/X509AuthenticationListener.php | 2 +- .../Http/Tests/Firewall/X509AuthenticationListenerTest.php | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Component/Security/Http/Firewall/X509AuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/X509AuthenticationListener.php index 76b1cad349..e3cfb9d80e 100644 --- a/src/Symfony/Component/Security/Http/Firewall/X509AuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/X509AuthenticationListener.php @@ -46,7 +46,7 @@ class X509AuthenticationListener extends AbstractPreAuthenticatedListener $user = $request->server->get($this->userKey); } elseif ( $request->server->has($this->credentialKey) - && preg_match('#emailAddress=(.+\@.+\.[^,/]+)($|,|/)#', $request->server->get($this->credentialKey), $matches) + && preg_match('#emailAddress=([^,/@]++@[^,/]++)#', $request->server->get($this->credentialKey), $matches) ) { $user = $matches[1]; } diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/X509AuthenticationListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/X509AuthenticationListenerTest.php index 9ada4b1b49..e35e685d5b 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/X509AuthenticationListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/X509AuthenticationListenerTest.php @@ -81,6 +81,7 @@ class X509AuthenticationListenerTest extends TestCase yield ['cert+something@example.com', 'CN=Sample certificate DN,emailAddress=cert+something@example.com']; yield ['cert+something@example.com', 'emailAddress=cert+something@example.com,CN=Sample certificate DN']; yield ['cert+something@example.com', 'emailAddress=cert+something@example.com']; + yield ['firstname.lastname@mycompany.co.uk', 'emailAddress=firstname.lastname@mycompany.co.uk,CN=Firstname.Lastname,OU=london,OU=company design and engineering,OU=Issuer London,OU=Roaming,OU=Interactive,OU=Users,OU=Standard,OU=Business,DC=england,DC=core,DC=company,DC=co,DC=uk']; } public function testGetPreAuthenticatedDataNoData()