Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 80444e8

Browse filesBrowse files
chalasrchalasr
committed
minor #36520 [Security] Apply left-over review comments from #33558 (wouterj)
This PR was merged into the 5.1-dev branch. Discussion ---------- [Security] Apply left-over review comments from #33558 | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | no | Deprecations? | no | Tickets | - | License | MIT | Doc PR | n/a This applies the review comments of @noniagriconomie in #33558. It's mostly doc fixes and one extra security-safeguard by resetting the plaintext password early (similair to what is done in `PasswordCredentials`). Commits ------- be3a9a9 Applied left-over review comments from #33558
2 parents 6b682bf + be3a9a9 commit 80444e8
Copy full SHA for 80444e8

File tree

Expand file treeCollapse file tree

6 files changed

+26
-18
lines changed
Filter options
Expand file treeCollapse file tree

6 files changed

+26
-18
lines changed

‎src/Symfony/Component/Security/Http/Authentication/AuthenticatorManager.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Authentication/AuthenticatorManager.php
+3-3Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,7 @@ public function authenticateUser(UserInterface $user, AuthenticatorInterface $au
7777
public function supports(Request $request): ?bool
7878
{
7979
if (null !== $this->logger) {
80-
$context = ['firewall_key' => $this->firewallName];
80+
$context = ['firewall_name' => $this->firewallName];
8181

8282
if ($this->authenticators instanceof \Countable || \is_array($this->authenticators)) {
8383
$context['authenticators'] = \count($this->authenticators);
@@ -90,14 +90,14 @@ public function supports(Request $request): ?bool
9090
$lazy = true;
9191
foreach ($this->authenticators as $authenticator) {
9292
if (null !== $this->logger) {
93-
$this->logger->debug('Checking support on authenticator.', ['firewall_key' => $this->firewallName, 'authenticator' => \get_class($authenticator)]);
93+
$this->logger->debug('Checking support on authenticator.', ['firewall_name' => $this->firewallName, 'authenticator' => \get_class($authenticator)]);
9494
}
9595

9696
if (false !== $supports = $authenticator->supports($request)) {
9797
$authenticators[] = $authenticator;
9898
$lazy = $lazy && null === $supports;
9999
} elseif (null !== $this->logger) {
100-
$this->logger->debug('Authenticator does not support the request.', ['firewall_key' => $this->firewallName, 'authenticator' => \get_class($authenticator)]);
100+
$this->logger->debug('Authenticator does not support the request.', ['firewall_name' => $this->firewallName, 'authenticator' => \get_class($authenticator)]);
101101
}
102102
}
103103

‎src/Symfony/Component/Security/Http/Authentication/NoopAuthenticationManager.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Authentication/NoopAuthenticationManager.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
*
2020
* This is used to not break AuthenticationChecker and ContextListener when
2121
* using the authenticator system. Once the authenticator system is no longer
22-
* experimental, this class can be used trigger deprecation notices.
22+
* experimental, this class can be used to trigger deprecation notices.
2323
*
2424
* @internal
2525
*

‎src/Symfony/Component/Security/Http/Authentication/UserAuthenticatorInterface.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Authentication/UserAuthenticatorInterface.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@
2424
interface UserAuthenticatorInterface
2525
{
2626
/**
27-
* Convenience method to manually login a user and return a
27+
* Convenience method to programmatically login a user and return a
2828
* Response *if any* for success.
2929
*/
3030
public function authenticateUser(UserInterface $user, AuthenticatorInterface $authenticator, Request $request): ?Response;

‎src/Symfony/Component/Security/Http/Authenticator/Passport/Badge/PasswordUpgradeBadge.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Authenticator/Passport/Badge/PasswordUpgradeBadge.php
+10-10Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111

1212
namespace Symfony\Component\Security\Http\Authenticator\Passport\Badge;
1313

14+
use Symfony\Component\Security\Core\Exception\LogicException;
1415
use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
1516

1617
/**
@@ -38,24 +39,23 @@ public function __construct(string $plaintextPassword, PasswordUpgraderInterface
3839
$this->passwordUpgrader = $passwordUpgrader;
3940
}
4041

41-
public function getPlaintextPassword(): string
42+
public function getAndErasePlaintextPassword(): string
4243
{
43-
return $this->plaintextPassword;
44+
$password = $this->plaintextPassword;
45+
if (null === $password) {
46+
throw new LogicException('The password is erased as another listener already used this badge.');
47+
}
48+
49+
$this->plaintextPassword = null;
50+
51+
return $password;
4452
}
4553

4654
public function getPasswordUpgrader(): PasswordUpgraderInterface
4755
{
4856
return $this->passwordUpgrader;
4957
}
5058

51-
/**
52-
* @internal
53-
*/
54-
public function eraseCredentials()
55-
{
56-
$this->plaintextPassword = null;
57-
}
58-
5959
public function isResolved(): bool
6060
{
6161
return true;

‎src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php
+10-2Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,14 @@
11
<?php
22

3+
/*
4+
* This file is part of the Symfony package.
5+
*
6+
* (c) Fabien Potencier <fabien@symfony.com>
7+
*
8+
* For the full copyright and license information, please view the LICENSE
9+
* file that was distributed with this source code.
10+
*/
11+
312
namespace Symfony\Component\Security\Http\EventListener;
413

514
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
@@ -32,8 +41,7 @@ public function onLoginSuccess(LoginSuccessEvent $event): void
3241

3342
/** @var PasswordUpgradeBadge $badge */
3443
$badge = $passport->getBadge(PasswordUpgradeBadge::class);
35-
$plaintextPassword = $badge->getPlaintextPassword();
36-
$badge->eraseCredentials();
44+
$plaintextPassword = $badge->getAndErasePlaintextPassword();
3745

3846
if ('' === $plaintextPassword) {
3947
return;

‎src/Symfony/Component/Security/Http/EventListener/SessionStrategyListener.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/EventListener/SessionStrategyListener.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
1818

1919
/**
20-
* Migrates/invalidate the session after successful login.
20+
* Migrates/invalidates the session after successful login.
2121
*
2222
* This should be registered as subscriber to any "stateful" firewalls.
2323
*

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.