Skip to content

Navigation Menu

Sign in

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 9f3b172

Browse filesBrowse files
MatTheCatMatTheCat
committed
[Security][LoginLink] Throw InvalidLoginLinkException on missing parameter
1 parent bd9cfda commit 9f3b172
Copy full SHA for 9f3b172

File tree

2 files changed

+30
-2
lines changed
Filter options

2 files changed

+30
-2
lines changed

‎src/Symfony/Component/Security/Http/LoginLink/LoginLinkHandler.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/LoginLink/LoginLinkHandler.php
+6-2Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -97,8 +97,12 @@ public function consumeLoginLink(Request $request): UserInterface
9797
throw new InvalidLoginLinkException('User not found.', 0, $exception);
9898
}
9999

100-
$hash = $request->get('hash');
101-
$expires = $request->get('expires');
100+
if (!($hash = $request->get('hash'))) {
101+
throw new InvalidLoginLinkException('Missing "hash" parameter.');
102+
}
103+
if (!($expires = $request->get('expires'))) {
104+
throw new InvalidLoginLinkException('Missing "expires" parameter.');
105+
}
102106

103107
try {
104108
$this->signatureHasher->verifySignatureHash($user, $expires, $hash);

‎src/Symfony/Component/Security/Http/Tests/LoginLink/LoginLinkHandlerTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Tests/LoginLink/LoginLinkHandlerTest.php
+24Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -182,6 +182,30 @@ public function testConsumeLoginLinkExceedsMaxUsage()
182182
$linker->consumeLoginLink($request);
183183
}
184184

185+
public function testConsumeLoginLinkWithMissingHash()
186+
{
187+
$user = new TestLoginLinkHandlerUser('weaverryan', 'ryan@symfonycasts.com', 'pwhash');
188+
$this->userProvider->createUser($user);
189+
190+
$this->expectException(InvalidLoginLinkException::class);
191+
$request = Request::create('/login/verify?user=weaverryan&expires=10000');
192+
193+
$linker = $this->createLinker();
194+
$linker->consumeLoginLink($request);
195+
}
196+
197+
public function testConsumeLoginLinkWithMissingExpiration()
198+
{
199+
$user = new TestLoginLinkHandlerUser('weaverryan', 'ryan@symfonycasts.com', 'pwhash');
200+
$this->userProvider->createUser($user);
201+
202+
$this->expectException(InvalidLoginLinkException::class);
203+
$request = Request::create('/login/verify?user=weaverryan&hash=thehash');
204+
205+
$linker = $this->createLinker();
206+
$linker->consumeLoginLink($request);
207+
}
208+
185209
private function createSignatureHash(string $username, int $expires, array $extraFields): string
186210
{
187211
$fields = [base64_encode($username), $expires];

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.