Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

Commit 6ea76ca

Browse filesBrowse files
committed
Fix: exclude remember_me from security login authenticators
1 parent 40730a4 commit 6ea76ca
Copy full SHA for 6ea76ca

File tree

Expand file treeCollapse file tree

2 files changed

+48
-3
lines changed
Filter options
Expand file treeCollapse file tree

2 files changed

+48
-3
lines changed

‎src/Symfony/Bundle/SecurityBundle/Security.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Security.php
+1-2Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -188,8 +188,7 @@ private function getAuthenticator(?string $authenticatorName, string $firewallNa
188188
$firewallAuthenticatorLocator = $this->authenticators[$firewallName];
189189

190190
if (!$authenticatorName) {
191-
$authenticatorIds = array_keys($firewallAuthenticatorLocator->getProvidedServices());
192-
191+
$authenticatorIds = array_filter(array_keys($firewallAuthenticatorLocator->getProvidedServices()), fn (string $authenticatorId) => $authenticatorId !== \sprintf('security.authenticator.remember_me.%s', $firewallName));
193192
if (!$authenticatorIds) {
194193
throw new LogicException(sprintf('No authenticator was found for the firewall "%s".', $firewallName));
195194
}

‎src/Symfony/Bundle/SecurityBundle/Tests/SecurityTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/SecurityTest.php
+47-1Lines changed: 47 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -155,7 +155,10 @@ public function testLogin()
155155
$firewallAuthenticatorLocator
156156
->expects($this->once())
157157
->method('getProvidedServices')
158-
->willReturn(['security.authenticator.custom.dev' => $authenticator])
158+
->willReturn([
159+
'security.authenticator.custom.dev' => $authenticator,
160+
'security.authenticator.remember_me.main' => $authenticator
161+
])
159162
;
160163
$firewallAuthenticatorLocator
161164
->expects($this->once())
@@ -274,6 +277,49 @@ public function testLoginWithoutRequestContext()
274277
$security->login($user);
275278
}
276279

280+
public function testLoginFailsWhenTooManyAuthenticatorsFound()
281+
{
282+
$request = new Request();
283+
$authenticator = $this->createMock(AuthenticatorInterface::class);
284+
$requestStack = $this->createMock(RequestStack::class);
285+
$firewallMap = $this->createMock(FirewallMap::class);
286+
$firewall = new FirewallConfig('main', 'main');
287+
$userAuthenticator = $this->createMock(UserAuthenticatorInterface::class);
288+
$user = $this->createMock(UserInterface::class);
289+
$userChecker = $this->createMock(UserCheckerInterface::class);
290+
291+
$container = $this->createMock(ContainerInterface::class);
292+
$container
293+
->expects($this->atLeastOnce())
294+
->method('get')
295+
->willReturnMap([
296+
['request_stack', $requestStack],
297+
['security.firewall.map', $firewallMap],
298+
['security.authenticator.managers_locator', $this->createContainer('main', $userAuthenticator)],
299+
['security.user_checker_locator', $this->createContainer('main', $userChecker)],
300+
])
301+
;
302+
303+
$requestStack->expects($this->once())->method('getCurrentRequest')->willReturn($request);
304+
$firewallMap->expects($this->once())->method('getFirewallConfig')->willReturn($firewall);
305+
306+
$firewallAuthenticatorLocator = $this->createMock(ServiceProviderInterface::class);
307+
$firewallAuthenticatorLocator
308+
->expects($this->once())
309+
->method('getProvidedServices')
310+
->willReturn([
311+
'security.authenticator.custom.main' => $authenticator,
312+
'security.authenticator.other.main' => $authenticator
313+
])
314+
;
315+
316+
$security = new Security($container, ['main' => $firewallAuthenticatorLocator]);
317+
318+
$this->expectException(\LogicException::class);
319+
$this->expectExceptionMessage('Too many authenticators were found for the current firewall "main". You must provide an instance of "Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface" to login programmatically. The available authenticators for the firewall "main" are "security.authenticator.custom.main" ,"security.authenticator.other.main');
320+
$security->login($user);
321+
}
322+
277323
public function testLogout()
278324
{
279325
$request = new Request();

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.