bug symfony#35343 [Security] Fix RememberMe with null password (jderusse)

chalasr · chalasr · commit 6cc377ff3ddc · 2020-01-16T01:14:41.000+01:00
This PR was merged into the 3.4 branch. Discussion ---------- [Security] Fix RememberMe with null password | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | Deprecations? | yes | Tickets | NA | License | MIT | Doc PR | NA From `UserInterface` the method getPassword may return null, while generateCookieHash requires a string. This PR changes the signature of the methods to allows null password Similar to symfony#35335 for branch 3.4 Commits ------- 820eb35 Fix RememberMe with null password
diff --git a/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
@@ -89,10 +89,10 @@ protected function onLoginSuccess(Request $request, Response $response, TokenInt
     /**
      * Generates the cookie value.
      *
-     * @param string $class
-     * @param string $username The username
-     * @param int    $expires  The Unix timestamp when the cookie expires
-     * @param string $password The encoded password
+     * @param string      $class
+     * @param string      $username The username
+     * @param int         $expires  The Unix timestamp when the cookie expires
+     * @param string|null $password The encoded password
      *
      * @return string
      */
@@ -111,10 +111,10 @@ protected function generateCookieValue($class, $username, $expires, $password)
     /**
      * Generates a hash for the cookie to ensure it is not being tampered with.
      *
-     * @param string $class
-     * @param string $username The username
-     * @param int    $expires  The Unix timestamp when the cookie expires
-     * @param string $password The encoded password
+     * @param string      $class
+     * @param string      $username The username
+     * @param int         $expires  The Unix timestamp when the cookie expires
+     * @param string|null $password The encoded password
      *
      * @return string
      */
