From cf6c783904db7e0e18142b5b8dc8f408bb4025bd Mon Sep 17 00:00:00 2001 From: Igor Makarov Date: Sat, 17 Nov 2012 19:42:55 +0400 Subject: [PATCH 1/2] [2.1][Security] Fix for check_path and logout n security fairwall fails on non ASCII symbols --- .../Controller/UnicodeController.php | 60 +++++++++++++++ .../Resources/config/unicode_routing.yml | 19 +++++ .../Resources/views/Unicode/login.html.twig | 21 +++++ .../Tests/Functional/UnicodeRoutesTest.php | 77 +++++++++++++++++++ .../app/StandardFormLogin/routing.yml | 3 + .../unicode_routes_in_firewall.yml | 27 +++++++ .../Component/Security/Http/HttpUtils.php | 3 +- 7 files changed, 209 insertions(+), 1 deletion(-) create mode 100644 src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/FormLoginBundle/Controller/UnicodeController.php create mode 100644 src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/FormLoginBundle/Resources/config/unicode_routing.yml create mode 100644 src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/FormLoginBundle/Resources/views/Unicode/login.html.twig create mode 100644 src/Symfony/Bundle/SecurityBundle/Tests/Functional/UnicodeRoutesTest.php create mode 100644 src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/unicode_routes_in_firewall.yml diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/FormLoginBundle/Controller/UnicodeController.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/FormLoginBundle/Controller/UnicodeController.php new file mode 100644 index 0000000000000..305f15533b5c8 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/FormLoginBundle/Controller/UnicodeController.php @@ -0,0 +1,60 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\FormLoginBundle\Controller; + +use Symfony\Component\Security\Core\SecurityContext; +use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\DependencyInjection\ContainerAware; + +class UnicodeController extends ContainerAware +{ + public function loginAction() + { + // get the login error if there is one + if ($this->container->get('request')->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) { + $error = $this->container->get('request')->attributes->get(SecurityContext::AUTHENTICATION_ERROR); + } else { + $error = $this->container->get('request')->getSession()->get(SecurityContext::AUTHENTICATION_ERROR); + } + + return $this->container->get('templating')->renderResponse('FormLoginBundle:Unicode:login.html.twig', array( + // last username entered by the user + 'last_username' => $this->container->get('request')->getSession()->get(SecurityContext::LAST_USERNAME), + 'error' => $error, + )); + } + + public function loginCheckAction() + { + throw new \RuntimeException('loginCheckAction() should never be called.'); + } + + public function logoutAction() + { + throw new \RuntimeException('logoutAction() should never be called.'); + } + + public function secureAction() + { + throw new \RuntimeException('secureAction() should never be called.'); + } + + public function profileAction() + { + return new Response('Profile'); + } + + public function homepageAction() + { + return new Response('Homepage'); + } +} diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/FormLoginBundle/Resources/config/unicode_routing.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/FormLoginBundle/Resources/config/unicode_routing.yml new file mode 100644 index 0000000000000..2079e7bb2e5b0 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/FormLoginBundle/Resources/config/unicode_routing.yml @@ -0,0 +1,19 @@ +unicode_login_path: + pattern: /вход + defaults: { _controller: FormLoginBundle:Unicode:login } + +unicode_check_path: + pattern: /аутентификация + defaults: { _controller: FormLoginBundle:Unicode:loginCheck } + +unicode_default_target_path: + pattern: /профайл + defaults: { _controller: FormLoginBundle:Unicode:profile } + +unicode_logout_path: + pattern: /выход + defaults: { _controller: FormLoginBundle:Unicode:logout } + +unicode_logout_target_path: + pattern: /домашняя_страница + defaults: { _controller: FormLoginBundle:Unicode:homepage } \ No newline at end of file diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/FormLoginBundle/Resources/views/Unicode/login.html.twig b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/FormLoginBundle/Resources/views/Unicode/login.html.twig new file mode 100644 index 0000000000000..6d0671e5ff583 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/FormLoginBundle/Resources/views/Unicode/login.html.twig @@ -0,0 +1,21 @@ +{% extends "::base.html.twig" %} + +{% block body %} + + {% if error %} +
{{ error.message }}
+ {% endif %} + +
+ + + + + + + + + +
+ +{% endblock %} diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/UnicodeRoutesTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/UnicodeRoutesTest.php new file mode 100644 index 0000000000000..4292c4352a39f --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/UnicodeRoutesTest.php @@ -0,0 +1,77 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Bundle\SecurityBundle\Tests\Functional; + +class UnicodeRoutesTest extends WebTestCase +{ + /** + * @var string Login username + */ + protected $username = 'johannes'; + + /** + * @var string Login password + */ + protected $password = 'test'; + + /** + * @var array Routes helper + */ + protected $routes = array( + 'homepage' => '/домашняя_страница', + 'profile' => '/профайл', + 'login' => '/вход', + 'logout' => '/выход', + ); + + public function testLoginLogoutProcedure() + { + $client = $this->createClient(array('test_case' => 'StandardFormLogin', 'root_config' => 'unicode_routes_in_firewall.yml')); + $client->insulate(); + + $crawler = $client->request('GET', $this->getRoute('login')); + $form = $crawler->selectButton('login')->form(); + $form['_username'] = $this->username; + $form['_password'] = $this->password; + $client->submit($form); + + $this->assertRedirect($client->getResponse(), $this->getRoute('profile')); + $this->assertEquals('Profile', $client->followRedirect()->text()); + + $client->request('GET', $this->getRoute('logout')); + $this->assertRedirect($client->getResponse(), $this->getRoute('homepage')); + $this->assertEquals('Homepage', $client->followRedirect()->text()); + } + + public function getRoute($name) + { + if (!isset($this->routes[$name])) { + throw new \InvalidArgumentException(sprintf('No route defined with name: %s', $name)); + } + + return $this->routes[$name]; + } + + protected function setUp() + { + parent::setUp(); + + $this->deleteTmpDir('StandardFormLogin'); + } + + protected function tearDown() + { + parent::tearDown(); + + $this->deleteTmpDir('StandardFormLogin'); + } +} diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/routing.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/routing.yml index 6c408c150deb2..fbb551d46d888 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/routing.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/routing.yml @@ -3,3 +3,6 @@ _form_login_bundle: _form_login_localized: resource: @FormLoginBundle/Resources/config/localized_routing.yml + +_form_login_unicode: + resource: @FormLoginBundle/Resources/config/unicode_routing.yml \ No newline at end of file diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/unicode_routes_in_firewall.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/unicode_routes_in_firewall.yml new file mode 100644 index 0000000000000..c3d4c4afbab3c --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/unicode_routes_in_firewall.yml @@ -0,0 +1,27 @@ +imports: + - { resource: ./../config/default.yml } + +security: + encoders: + Symfony\Component\Security\Core\User\User: plaintext + + providers: + in_memory: + memory: + users: + johannes: { password: test, roles: [ROLE_USER] } + + firewalls: + default: + form_login: + login_path: /вход + check_path: /аутентификация + default_target_path: /профайл + use_forward: true + logout: + path: /выход + target: /домашняя_страница + anonymous: ~ + + access_control: + - { path: '^/(?:[a-z]{2})/secure/.*', roles: ROLE_USER } diff --git a/src/Symfony/Component/Security/Http/HttpUtils.php b/src/Symfony/Component/Security/Http/HttpUtils.php index 1c87e770a1b8a..35211efd277c2 100644 --- a/src/Symfony/Component/Security/Http/HttpUtils.php +++ b/src/Symfony/Component/Security/Http/HttpUtils.php @@ -105,7 +105,8 @@ public function checkRequestPath(Request $request, $path) return false; } } - + //var_dump($request->getPathInfo()); + return $path === rawurldecode($request->getPathInfo()); return $path === $request->getPathInfo(); } From 6e9d7145a8df6d78fa4cce3e51350efbd8080a42 Mon Sep 17 00:00:00 2001 From: Igor Makarov Date: Sat, 17 Nov 2012 19:58:32 +0400 Subject: [PATCH 2/2] Remove debug comments --- src/Symfony/Component/Security/Http/HttpUtils.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/Symfony/Component/Security/Http/HttpUtils.php b/src/Symfony/Component/Security/Http/HttpUtils.php index 35211efd277c2..53aec0f247138 100644 --- a/src/Symfony/Component/Security/Http/HttpUtils.php +++ b/src/Symfony/Component/Security/Http/HttpUtils.php @@ -105,9 +105,8 @@ public function checkRequestPath(Request $request, $path) return false; } } - //var_dump($request->getPathInfo()); + return $path === rawurldecode($request->getPathInfo()); - return $path === $request->getPathInfo(); } /**