Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 4333d0b

Browse filesBrowse files
chalasrchalasr
committed
[Security\Http] Fix handling secure: auto using the new RememberMeAuthenticator
1 parent bbb0a69 commit 4333d0b
Copy full SHA for 4333d0b

File tree

4 files changed

+46
-2
lines changed
Filter options

4 files changed

+46
-2
lines changed

‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php
+4Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -104,6 +104,10 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal
104104
$loader->load('security_authenticator_remember_me.php');
105105
}
106106

107+
if ('auto' === $config['secure']) {
108+
$config['secure'] = null;
109+
}
110+
107111
// create remember me handler (which manage the remember-me cookies)
108112
$rememberMeHandlerId = 'security.authenticator.remember_me_handler.'.$firewallName;
109113
if (isset($config['service']) && isset($config['token_provider'])) {

‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/RememberMeCookieTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/Functional/RememberMeCookieTest.php
+16-1Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,8 +19,23 @@ public function testSessionRememberMeSecureCookieFlagAuto($https, $expectedSecur
1919
]);
2020

2121
$cookies = $client->getResponse()->headers->getCookies(ResponseHeaderBag::COOKIES_ARRAY);
22+
$this->assertSame($expectedSecureFlag, $cookies['']['/']['REMEMBERME']->isSecure());
23+
}
24+
25+
/** @dataProvider getSessionRememberMeSecureCookieFlagAutoHttpsMap */
26+
public function testLegacySessionRememberMeSecureCookieFlagAuto($https, $expectedSecureFlag)
27+
{
28+
$client = $this->createClient(['test_case' => 'RememberMeCookie', 'root_config' => 'legacy_config.yml']);
2229

23-
$this->assertEquals($expectedSecureFlag, $cookies['']['/']['REMEMBERME']->isSecure());
30+
$client->request('POST', '/login', [
31+
'_username' => 'test',
32+
'_password' => 'test',
33+
], [], [
34+
'HTTPS' => (int) $https,
35+
]);
36+
37+
$cookies = $client->getResponse()->headers->getCookies(ResponseHeaderBag::COOKIES_ARRAY);
38+
$this->assertSame($expectedSecureFlag, $cookies['']['/']['REMEMBERME']->isSecure());
2439
}
2540

2641
public function getSessionRememberMeSecureCookieFlagAutoHttpsMap()

‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeCookie/config.yml

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeCookie/config.yml
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ imports:
22
- { resource: ./../config/framework.yml }
33

44
security:
5+
enable_authenticator_manager: true
56
password_hashers:
67
Symfony\Component\Security\Core\User\InMemoryUser: plaintext
78

@@ -22,4 +23,3 @@ security:
2223
secret: key
2324
secure: auto
2425
logout: ~
25-
anonymous: ~

‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeCookie/legacy_config.yml

Copy file name to clipboard
+25Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
imports:
2+
- { resource: ./../config/framework.yml }
3+
4+
security:
5+
password_hashers:
6+
Symfony\Component\Security\Core\User\InMemoryUser: plaintext
7+
8+
providers:
9+
in_memory:
10+
memory:
11+
users:
12+
test: { password: test, roles: [ROLE_USER] }
13+
14+
firewalls:
15+
default:
16+
form_login:
17+
check_path: login
18+
remember_me: true
19+
require_previous_session: false
20+
remember_me:
21+
always_remember_me: true
22+
secret: key
23+
secure: auto
24+
logout: ~
25+
anonymous: ~

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.