Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 4382181

Browse filesBrowse files
nicolas-grekasnicolas-grekas
committed
bug #41254 [Security\Http] Fix handling secure: auto using the new RememberMeAuthenticator (chalasr)
This PR was merged into the 5.3-dev branch. Discussion ---------- [Security\Http] Fix handling `secure: auto` using the new RememberMeAuthenticator | Q | A | ------------- | --- | Branch? | 5.x | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | - | License | MIT | Doc PR | - The created cookie was always secure when using `auto` because of some missing config normalization that should have been copied from the legacy rememberme implementation. Commits ------- 3fdc154 [Security\Http] Fix handling `secure: auto` using the new RememberMeAuthenticator
2 parents eb70687 + 3fdc154 commit 4382181
Copy full SHA for 4382181

File tree

4 files changed

+46
-2
lines changed
Filter options

4 files changed

+46
-2
lines changed

‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php
+4Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -104,6 +104,10 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal
104104
$loader->load('security_authenticator_remember_me.php');
105105
}
106106

107+
if ('auto' === $config['secure']) {
108+
$config['secure'] = null;
109+
}
110+
107111
// create remember me handler (which manage the remember-me cookies)
108112
$rememberMeHandlerId = 'security.authenticator.remember_me_handler.'.$firewallName;
109113
if (isset($config['service']) && isset($config['token_provider'])) {

‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/RememberMeCookieTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/Functional/RememberMeCookieTest.php
+16-1Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,8 +19,23 @@ public function testSessionRememberMeSecureCookieFlagAuto($https, $expectedSecur
1919
]);
2020

2121
$cookies = $client->getResponse()->headers->getCookies(ResponseHeaderBag::COOKIES_ARRAY);
22+
$this->assertSame($expectedSecureFlag, $cookies['']['/']['REMEMBERME']->isSecure());
23+
}
24+
25+
/** @dataProvider getSessionRememberMeSecureCookieFlagAutoHttpsMap */
26+
public function testOldSessionRememberMeSecureCookieFlagAuto($https, $expectedSecureFlag)
27+
{
28+
$client = $this->createClient(['test_case' => 'RememberMeCookie', 'root_config' => 'legacy_config.yml']);
2229

23-
$this->assertEquals($expectedSecureFlag, $cookies['']['/']['REMEMBERME']->isSecure());
30+
$client->request('POST', '/login', [
31+
'_username' => 'test',
32+
'_password' => 'test',
33+
], [], [
34+
'HTTPS' => (int) $https,
35+
]);
36+
37+
$cookies = $client->getResponse()->headers->getCookies(ResponseHeaderBag::COOKIES_ARRAY);
38+
$this->assertSame($expectedSecureFlag, $cookies['']['/']['REMEMBERME']->isSecure());
2439
}
2540

2641
public function getSessionRememberMeSecureCookieFlagAutoHttpsMap()

‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeCookie/config.yml

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeCookie/config.yml
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ imports:
22
- { resource: ./../config/framework.yml }
33

44
security:
5+
enable_authenticator_manager: true
56
password_hashers:
67
Symfony\Component\Security\Core\User\InMemoryUser: plaintext
78

@@ -22,4 +23,3 @@ security:
2223
secret: key
2324
secure: auto
2425
logout: ~
25-
anonymous: ~

‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeCookie/legacy_config.yml

Copy file name to clipboard
+25Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
imports:
2+
- { resource: ./../config/framework.yml }
3+
4+
security:
5+
password_hashers:
6+
Symfony\Component\Security\Core\User\InMemoryUser: plaintext
7+
8+
providers:
9+
in_memory:
10+
memory:
11+
users:
12+
test: { password: test, roles: [ROLE_USER] }
13+
14+
firewalls:
15+
default:
16+
form_login:
17+
check_path: login
18+
remember_me: true
19+
require_previous_session: false
20+
remember_me:
21+
always_remember_me: true
22+
secret: key
23+
secure: auto
24+
logout: ~
25+
anonymous: ~

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.