Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

[Security][Guard] check if session exist before using it #19218

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 9 commits into from
Closed

[Security][Guard] check if session exist before using it #19218

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
3e8c68d
check if session exist before using it
pasdeloup Jun 29, 2016
473bb7f
fix CS on old code according to fabbot.io
pasdeloup Jun 29, 2016
4f1d0db
added tests
pasdeloup Jun 29, 2016
164d327
fix CS according to fabbot.io
pasdeloup Jun 29, 2016
30d1d7d
Move Mock class at the send of the test class
pasdeloup Jun 29, 2016
e0f4924
initialize targetPath to null
pasdeloup Jun 30, 2016
bf7e3e4
improve test lisibility and add case where targetPath is set or not i…
pasdeloup Jun 30, 2016
15e3f06
fix CS: remove useless spaces
pasdeloup Jun 30, 2016
43b9194
rename tested class to TestFormLoginAuthenticator
pasdeloup Jun 30, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 10 additions & 2 deletions 12 src/Symfony/Component/Security/Guard/Authenticator/AbstractFormLoginAuthenticator.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@

namespace Symfony\Component\Security\Guard\Authenticator;

use Symfony\Component\HttpFoundation\Session\SessionInterface;
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
Expand Down Expand Up @@ -52,7 +53,10 @@ abstract protected function getDefaultSuccessRedirectUrl();
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
$request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
if ($request->getSession() instanceof SessionInterface) {
$request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
}

$url = $this->getLoginUrl();

return new RedirectResponse($url);
Expand All @@ -69,9 +73,13 @@ public function onAuthenticationFailure(Request $request, AuthenticationExceptio
*/
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
{
$targetPath = null;

// if the user hit a secure page and start() was called, this was
// the URL they were on, and probably where you want to redirect to
$targetPath = $request->getSession()->get('_security.'.$providerKey.'.target_path');
if ($request->getSession() instanceof SessionInterface) {
$targetPath = $request->getSession()->get('_security.'.$providerKey.'.target_path');
}

if (!$targetPath) {
$targetPath = $this->getDefaultSuccessRedirectUrl();
Expand Down
212 changes: 212 additions & 0 deletions 212 src/Symfony/Component/Security/Guard/Tests/Authenticator/FormLoginAuthenticatorTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,212 @@
<?php

/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace Symfony\Component\Security\Guard\Tests\Authenticator;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator;

/**
* @author Jean Pasdeloup <jpasdeloup@sedona.fr>
*/
class FormLoginAuthenticatorTest extends \PHPUnit_Framework_TestCase
{
private $requestWithoutSession;
private $requestWithSession;
private $authenticator;

const LOGIN_URL = 'http://login';
const DEFAULT_SUCCESS_URL = 'http://defaultsuccess';
const CUSTOM_SUCCESS_URL = 'http://customsuccess';

public function testAuthenticationFailureWithoutSession()
{
$failureResponse = $this->authenticator->onAuthenticationFailure($this->requestWithoutSession, new AuthenticationException());

$this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $failureResponse);
$this->assertEquals(self::LOGIN_URL, $failureResponse->getTargetUrl());
}

public function testAuthenticationFailureWithSession()
{
$this->requestWithSession->getSession()
->expects($this->once())
->method('set');

$failureResponse = $this->authenticator->onAuthenticationFailure($this->requestWithSession, new AuthenticationException());

$this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $failureResponse);
$this->assertEquals(self::LOGIN_URL, $failureResponse->getTargetUrl());
}

public function testAuthenticationSuccessWithoutSession()
{
$token = $this->getMockBuilder('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface')
->disableOriginalConstructor()
->getMock();

$redirectResponse = $this->authenticator->onAuthenticationSuccess($this->requestWithoutSession, $token, 'providerkey');

$this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $redirectResponse);
$this->assertEquals(self::DEFAULT_SUCCESS_URL, $redirectResponse->getTargetUrl());
}

public function testAuthenticationSuccessWithSessionButEmpty()
{
$token = $this->getMockBuilder('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface')
->disableOriginalConstructor()
->getMock();
$this->requestWithSession->getSession()
->expects($this->once())
->method('get')
->will($this->returnValue(null));

$redirectResponse = $this->authenticator->onAuthenticationSuccess($this->requestWithSession, $token, 'providerkey');

$this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $redirectResponse);
$this->assertEquals(self::DEFAULT_SUCCESS_URL, $redirectResponse->getTargetUrl());
}

public function testAuthenticationSuccessWithSessionAndTarget()
{
$token = $this->getMockBuilder('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface')
->disableOriginalConstructor()
->getMock();
$this->requestWithSession->getSession()
->expects($this->once())
->method('get')
->will($this->returnValue(self::CUSTOM_SUCCESS_URL));

$redirectResponse = $this->authenticator->onAuthenticationSuccess($this->requestWithSession, $token, 'providerkey');

$this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $redirectResponse);
$this->assertEquals(self::CUSTOM_SUCCESS_URL, $redirectResponse->getTargetUrl());
}

public function testRememberMe()
{
$doSupport = $this->authenticator->supportsRememberMe();

$this->assertTrue($doSupport);
}

public function testStartWithoutSession()
{
$failureResponse = $this->authenticator->start($this->requestWithoutSession, new AuthenticationException());

$this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $failureResponse);
$this->assertEquals(self::LOGIN_URL, $failureResponse->getTargetUrl());
}

public function testStartWithSession()
{
$failureResponse = $this->authenticator->start($this->requestWithSession, new AuthenticationException());

$this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $failureResponse);
$this->assertEquals(self::LOGIN_URL, $failureResponse->getTargetUrl());
}

protected function setUp()
{
$this->requestWithoutSession = new Request(array(), array(), array(), array(), array(), array());
$this->requestWithSession = new Request(array(), array(), array(), array(), array(), array());

$session = $this->getMockBuilder('Symfony\\Component\\HttpFoundation\\Session\\SessionInterface')
->disableOriginalConstructor()
->getMock();
$this->requestWithSession->setSession($session);

$this->authenticator = new TestFormLoginAuthenticator();
$this->authenticator
->setLoginUrl(self::LOGIN_URL)
->setDefaultSuccessRedirectUrl(self::DEFAULT_SUCCESS_URL)
;
}

protected function tearDown()
{
$this->request = null;
$this->requestWithSession = null;
}
}

class TestFormLoginAuthenticator extends AbstractFormLoginAuthenticator
{
private $loginUrl;
private $defaultSuccessRedirectUrl;

/**
* @param mixed $defaultSuccessRedirectUrl
*
* @return TestFormLoginAuthenticator
*/
public function setDefaultSuccessRedirectUrl($defaultSuccessRedirectUrl)
{
$this->defaultSuccessRedirectUrl = $defaultSuccessRedirectUrl;

return $this;
}

/**
* @param mixed $loginUrl
*
* @return TestFormLoginAuthenticator
*/
public function setLoginUrl($loginUrl)
{
$this->loginUrl = $loginUrl;

return $this;
}

/**
* {@inheritdoc}
*/
protected function getLoginUrl()
{
return $this->loginUrl;
}

/**
* {@inheritdoc}
*/
protected function getDefaultSuccessRedirectUrl()
{
return $this->defaultSuccessRedirectUrl;
}

/**
* {@inheritdoc}
*/
public function getCredentials(Request $request)
{
return 'credentials';
}

/**
* {@inheritdoc}
*/
public function getUser($credentials, UserProviderInterface $userProvider)
{
return $userProvider->loadUserByUsername($credentials);
}

/**
* {@inheritdoc}
*/
public function checkCredentials($credentials, UserInterface $user)
{
return true;
}
}
Morty Proxy This is a proxified and sanitized view of the page, visit original site.