diff --git a/src/Symfony/Component/Security/Http/RememberMe/RememberMeDetails.php b/src/Symfony/Component/Security/Http/RememberMe/RememberMeDetails.php index ba9b118a34af7..3126ca5d5e259 100644 --- a/src/Symfony/Component/Security/Http/RememberMe/RememberMeDetails.php +++ b/src/Symfony/Component/Security/Http/RememberMe/RememberMeDetails.php @@ -37,12 +37,12 @@ public function __construct(string $userFqcn, string $userIdentifier, int $expir public static function fromRawCookie(string $rawCookie): self { $cookieParts = explode(self::COOKIE_DELIMITER, base64_decode($rawCookie), 4); - if (false === $cookieParts[1] = base64_decode($cookieParts[1], true)) { - throw new AuthenticationException('The user identifier contains a character from outside the base64 alphabet.'); - } if (4 !== \count($cookieParts)) { throw new AuthenticationException('The cookie contains invalid data.'); } + if (false === $cookieParts[1] = base64_decode($cookieParts[1], true)) { + throw new AuthenticationException('The user identifier contains a character from outside the base64 alphabet.'); + } return new static(...$cookieParts); } diff --git a/src/Symfony/Component/Security/Http/Tests/Authenticator/RememberMeAuthenticatorTest.php b/src/Symfony/Component/Security/Http/Tests/Authenticator/RememberMeAuthenticatorTest.php index 406d48c164add..c7492a95a464f 100644 --- a/src/Symfony/Component/Security/Http/Tests/Authenticator/RememberMeAuthenticatorTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Authenticator/RememberMeAuthenticatorTest.php @@ -89,4 +89,12 @@ public function testAuthenticateWithoutOldToken() $request = Request::create('/', 'GET', [], ['_remember_me_cookie' => base64_encode('foo:bar')]); $this->authenticator->authenticate($request); } + + public function testAuthenticateWithTokenWithoutDelimiter() + { + $this->expectException(AuthenticationException::class); + + $request = Request::create('/', 'GET', [], ['_remember_me_cookie' => 'invalid']); + $this->authenticator->authenticate($request); + } }