From b7df8ff958e4d56b88f76de40ec05a1c73d13f3e Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Sun, 15 Mar 2020 10:01:00 +0100 Subject: [PATCH 1/5] Add missing dots at the end of exception messages --- Authentication/SimpleAuthenticationHandler.php | 4 ++-- Firewall/DigestAuthenticationListener.php | 6 +++--- Firewall/ExceptionListener.php | 2 +- Firewall/RemoteUserAuthenticationListener.php | 2 +- Firewall/SimpleFormAuthenticationListener.php | 2 +- Firewall/SimplePreAuthenticationListener.php | 4 ++-- Firewall/SwitchUserListener.php | 2 +- Firewall/X509AuthenticationListener.php | 2 +- RememberMe/AbstractRememberMeServices.php | 2 +- Session/SessionAuthenticationStrategy.php | 2 +- Tests/Firewall/ExceptionListenerTest.php | 2 +- 11 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Authentication/SimpleAuthenticationHandler.php b/Authentication/SimpleAuthenticationHandler.php index 1d03e23a..4456cff9 100644 --- a/Authentication/SimpleAuthenticationHandler.php +++ b/Authentication/SimpleAuthenticationHandler.php @@ -64,7 +64,7 @@ public function onAuthenticationSuccess(Request $request, TokenInterface $token) } if (null !== $response) { - throw new \UnexpectedValueException(sprintf('The %s::onAuthenticationSuccess method must return null to use the default success handler, or a Response object', \get_class($this->simpleAuthenticator))); + throw new \UnexpectedValueException(sprintf('The %s::onAuthenticationSuccess method must return null to use the default success handler, or a Response object.', \get_class($this->simpleAuthenticator))); } } @@ -91,7 +91,7 @@ public function onAuthenticationFailure(Request $request, AuthenticationExceptio } if (null !== $response) { - throw new \UnexpectedValueException(sprintf('The %s::onAuthenticationFailure method must return null to use the default failure handler, or a Response object', \get_class($this->simpleAuthenticator))); + throw new \UnexpectedValueException(sprintf('The %s::onAuthenticationFailure method must return null to use the default failure handler, or a Response object.', \get_class($this->simpleAuthenticator))); } } diff --git a/Firewall/DigestAuthenticationListener.php b/Firewall/DigestAuthenticationListener.php index 693dbcd5..2308896e 100644 --- a/Firewall/DigestAuthenticationListener.php +++ b/Firewall/DigestAuthenticationListener.php @@ -94,7 +94,7 @@ public function handle(GetResponseEvent $event) $user = $this->provider->loadUserByUsername($digestAuth->getUsername()); if (null === $user) { - throw new AuthenticationServiceException('Digest User provider returned null, which is an interface contract violation'); + throw new AuthenticationServiceException('Digest User provider returned null, which is an interface contract violation.'); } $serverDigestMd5 = $digestAuth->calculateServerDigest($user->getPassword(), $request->getMethod()); @@ -199,11 +199,11 @@ public function getUsername() public function validateAndDecode($entryPointKey, $expectedRealm) { if ($keys = array_diff(['username', 'realm', 'nonce', 'uri', 'response'], array_keys($this->elements))) { - throw new BadCredentialsException(sprintf('Missing mandatory digest value; received header "%s" (%s)', $this->header, implode(', ', $keys))); + throw new BadCredentialsException(sprintf('Missing mandatory digest value; received header "%s" (%s).', $this->header, implode(', ', $keys))); } if ('auth' === $this->elements['qop'] && !isset($this->elements['nc'], $this->elements['cnonce'])) { - throw new BadCredentialsException(sprintf('Missing mandatory digest value; received header "%s"', $this->header)); + throw new BadCredentialsException(sprintf('Missing mandatory digest value; received header "%s".', $this->header)); } if ($expectedRealm !== $this->elements['realm']) { diff --git a/Firewall/ExceptionListener.php b/Firewall/ExceptionListener.php index b1259d11..21e45516 100644 --- a/Firewall/ExceptionListener.php +++ b/Firewall/ExceptionListener.php @@ -212,7 +212,7 @@ private function startAuthentication(Request $request, AuthenticationException $ if (!$response instanceof Response) { $given = \is_object($response) ? \get_class($response) : \gettype($response); - throw new \LogicException(sprintf('The %s::start() method must return a Response object (%s returned)', \get_class($this->authenticationEntryPoint), $given)); + throw new \LogicException(sprintf('The %s::start() method must return a Response object (%s returned).', \get_class($this->authenticationEntryPoint), $given)); } return $response; diff --git a/Firewall/RemoteUserAuthenticationListener.php b/Firewall/RemoteUserAuthenticationListener.php index fbba95db..ea18b22d 100644 --- a/Firewall/RemoteUserAuthenticationListener.php +++ b/Firewall/RemoteUserAuthenticationListener.php @@ -41,7 +41,7 @@ public function __construct(TokenStorageInterface $tokenStorage, AuthenticationM protected function getPreAuthenticatedData(Request $request) { if (!$request->server->has($this->userKey)) { - throw new BadCredentialsException(sprintf('User key was not found: %s', $this->userKey)); + throw new BadCredentialsException(sprintf('User key was not found: %s.', $this->userKey)); } return [$request->server->get($this->userKey), null]; diff --git a/Firewall/SimpleFormAuthenticationListener.php b/Firewall/SimpleFormAuthenticationListener.php index b21a50d5..010f0574 100644 --- a/Firewall/SimpleFormAuthenticationListener.php +++ b/Firewall/SimpleFormAuthenticationListener.php @@ -54,7 +54,7 @@ class SimpleFormAuthenticationListener extends AbstractAuthenticationListener public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, HttpUtils $httpUtils, $providerKey, AuthenticationSuccessHandlerInterface $successHandler, AuthenticationFailureHandlerInterface $failureHandler, array $options = [], LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, CsrfTokenManagerInterface $csrfTokenManager = null, SimpleFormAuthenticatorInterface $simpleAuthenticator = null) { if (!$simpleAuthenticator) { - throw new \InvalidArgumentException('Missing simple authenticator'); + throw new \InvalidArgumentException('Missing simple authenticator.'); } $this->simpleAuthenticator = $simpleAuthenticator; diff --git a/Firewall/SimplePreAuthenticationListener.php b/Firewall/SimplePreAuthenticationListener.php index 7e376f5e..d5163ae0 100644 --- a/Firewall/SimplePreAuthenticationListener.php +++ b/Firewall/SimplePreAuthenticationListener.php @@ -120,7 +120,7 @@ public function handle(GetResponseEvent $event) if ($response instanceof Response) { $event->setResponse($response); } elseif (null !== $response) { - throw new \UnexpectedValueException(sprintf('The %s::onAuthenticationFailure method must return null or a Response object', \get_class($this->simpleAuthenticator))); + throw new \UnexpectedValueException(sprintf('The %s::onAuthenticationFailure method must return null or a Response object.', \get_class($this->simpleAuthenticator))); } } @@ -132,7 +132,7 @@ public function handle(GetResponseEvent $event) if ($response instanceof Response) { $event->setResponse($response); } elseif (null !== $response) { - throw new \UnexpectedValueException(sprintf('The %s::onAuthenticationSuccess method must return null or a Response object', \get_class($this->simpleAuthenticator))); + throw new \UnexpectedValueException(sprintf('The %s::onAuthenticationSuccess method must return null or a Response object.', \get_class($this->simpleAuthenticator))); } } } diff --git a/Firewall/SwitchUserListener.php b/Firewall/SwitchUserListener.php index a5d077fb..7fe6b33f 100644 --- a/Firewall/SwitchUserListener.php +++ b/Firewall/SwitchUserListener.php @@ -100,7 +100,7 @@ public function handle(GetResponseEvent $event) try { $this->tokenStorage->setToken($this->attemptSwitchUser($request, $username)); } catch (AuthenticationException $e) { - throw new \LogicException(sprintf('Switch User failed: "%s"', $e->getMessage())); + throw new \LogicException(sprintf('Switch User failed: "%s".', $e->getMessage())); } } diff --git a/Firewall/X509AuthenticationListener.php b/Firewall/X509AuthenticationListener.php index e3cfb9d8..8adf5679 100644 --- a/Firewall/X509AuthenticationListener.php +++ b/Firewall/X509AuthenticationListener.php @@ -52,7 +52,7 @@ protected function getPreAuthenticatedData(Request $request) } if (null === $user) { - throw new BadCredentialsException(sprintf('SSL credentials not found: %s, %s', $this->userKey, $this->credentialKey)); + throw new BadCredentialsException(sprintf('SSL credentials not found: %s, %s.', $this->userKey, $this->credentialKey)); } return [$user, $request->server->get($this->credentialKey, '')]; diff --git a/RememberMe/AbstractRememberMeServices.php b/RememberMe/AbstractRememberMeServices.php index e47e1812..fba79fba 100644 --- a/RememberMe/AbstractRememberMeServices.php +++ b/RememberMe/AbstractRememberMeServices.php @@ -265,7 +265,7 @@ protected function encodeCookie(array $cookieParts) { foreach ($cookieParts as $cookiePart) { if (false !== strpos($cookiePart, self::COOKIE_DELIMITER)) { - throw new \InvalidArgumentException(sprintf('$cookieParts should not contain the cookie delimiter "%s"', self::COOKIE_DELIMITER)); + throw new \InvalidArgumentException(sprintf('$cookieParts should not contain the cookie delimiter "%s".', self::COOKIE_DELIMITER)); } } diff --git a/Session/SessionAuthenticationStrategy.php b/Session/SessionAuthenticationStrategy.php index a04a9afc..3a886afc 100644 --- a/Session/SessionAuthenticationStrategy.php +++ b/Session/SessionAuthenticationStrategy.php @@ -59,7 +59,7 @@ public function onAuthentication(Request $request, TokenInterface $token) return; default: - throw new \RuntimeException(sprintf('Invalid session authentication strategy "%s"', $this->strategy)); + throw new \RuntimeException(sprintf('Invalid session authentication strategy "%s".', $this->strategy)); } } } diff --git a/Tests/Firewall/ExceptionListenerTest.php b/Tests/Firewall/ExceptionListenerTest.php index aff73429..10c9b57b 100644 --- a/Tests/Firewall/ExceptionListenerTest.php +++ b/Tests/Firewall/ExceptionListenerTest.php @@ -86,7 +86,7 @@ public function testExceptionWhenEntryPointReturnsBadValue() $listener->onKernelException($event); // the exception has been replaced by our LogicException $this->assertInstanceOf('LogicException', $event->getException()); - $this->assertStringEndsWith('start() method must return a Response object (string returned)', $event->getException()->getMessage()); + $this->assertStringEndsWith('start() method must return a Response object (string returned).', $event->getException()->getMessage()); } /** From baab66bcd3cb305bbe7d2e3e3198d3d46f029d21 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Mon, 16 Mar 2020 08:32:23 +0100 Subject: [PATCH 2/5] Fix quotes in exception messages --- Authentication/SimpleAuthenticationHandler.php | 4 ++-- Firewall/ExceptionListener.php | 2 +- Firewall/RemoteUserAuthenticationListener.php | 2 +- Firewall/SimplePreAuthenticationListener.php | 4 ++-- Firewall/X509AuthenticationListener.php | 2 +- Tests/Authentication/SimpleAuthenticationHandlerTest.php | 4 ++-- Tests/Firewall/ExceptionListenerTest.php | 2 +- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Authentication/SimpleAuthenticationHandler.php b/Authentication/SimpleAuthenticationHandler.php index 4456cff9..8e24ff74 100644 --- a/Authentication/SimpleAuthenticationHandler.php +++ b/Authentication/SimpleAuthenticationHandler.php @@ -64,7 +64,7 @@ public function onAuthenticationSuccess(Request $request, TokenInterface $token) } if (null !== $response) { - throw new \UnexpectedValueException(sprintf('The %s::onAuthenticationSuccess method must return null to use the default success handler, or a Response object.', \get_class($this->simpleAuthenticator))); + throw new \UnexpectedValueException(sprintf('The "%s::onAuthenticationSuccess()" method must return null to use the default success handler, or a Response object.', \get_class($this->simpleAuthenticator))); } } @@ -91,7 +91,7 @@ public function onAuthenticationFailure(Request $request, AuthenticationExceptio } if (null !== $response) { - throw new \UnexpectedValueException(sprintf('The %s::onAuthenticationFailure method must return null to use the default failure handler, or a Response object.', \get_class($this->simpleAuthenticator))); + throw new \UnexpectedValueException(sprintf('The "%s::onAuthenticationFailure()" method must return null to use the default failure handler, or a Response object.', \get_class($this->simpleAuthenticator))); } } diff --git a/Firewall/ExceptionListener.php b/Firewall/ExceptionListener.php index 21e45516..02329176 100644 --- a/Firewall/ExceptionListener.php +++ b/Firewall/ExceptionListener.php @@ -212,7 +212,7 @@ private function startAuthentication(Request $request, AuthenticationException $ if (!$response instanceof Response) { $given = \is_object($response) ? \get_class($response) : \gettype($response); - throw new \LogicException(sprintf('The %s::start() method must return a Response object (%s returned).', \get_class($this->authenticationEntryPoint), $given)); + throw new \LogicException(sprintf('The "%s::start()" method must return a Response object ("%s" returned).', \get_class($this->authenticationEntryPoint), $given)); } return $response; diff --git a/Firewall/RemoteUserAuthenticationListener.php b/Firewall/RemoteUserAuthenticationListener.php index ea18b22d..d456d852 100644 --- a/Firewall/RemoteUserAuthenticationListener.php +++ b/Firewall/RemoteUserAuthenticationListener.php @@ -41,7 +41,7 @@ public function __construct(TokenStorageInterface $tokenStorage, AuthenticationM protected function getPreAuthenticatedData(Request $request) { if (!$request->server->has($this->userKey)) { - throw new BadCredentialsException(sprintf('User key was not found: %s.', $this->userKey)); + throw new BadCredentialsException(sprintf('User key was not found: "%s".', $this->userKey)); } return [$request->server->get($this->userKey), null]; diff --git a/Firewall/SimplePreAuthenticationListener.php b/Firewall/SimplePreAuthenticationListener.php index d5163ae0..2b25333e 100644 --- a/Firewall/SimplePreAuthenticationListener.php +++ b/Firewall/SimplePreAuthenticationListener.php @@ -120,7 +120,7 @@ public function handle(GetResponseEvent $event) if ($response instanceof Response) { $event->setResponse($response); } elseif (null !== $response) { - throw new \UnexpectedValueException(sprintf('The %s::onAuthenticationFailure method must return null or a Response object.', \get_class($this->simpleAuthenticator))); + throw new \UnexpectedValueException(sprintf('The "%s::onAuthenticationFailure()" method must return null or a Response object.', \get_class($this->simpleAuthenticator))); } } @@ -132,7 +132,7 @@ public function handle(GetResponseEvent $event) if ($response instanceof Response) { $event->setResponse($response); } elseif (null !== $response) { - throw new \UnexpectedValueException(sprintf('The %s::onAuthenticationSuccess method must return null or a Response object.', \get_class($this->simpleAuthenticator))); + throw new \UnexpectedValueException(sprintf('The "%s::onAuthenticationSuccess()" method must return null or a Response object.', \get_class($this->simpleAuthenticator))); } } } diff --git a/Firewall/X509AuthenticationListener.php b/Firewall/X509AuthenticationListener.php index 8adf5679..8b9da1de 100644 --- a/Firewall/X509AuthenticationListener.php +++ b/Firewall/X509AuthenticationListener.php @@ -52,7 +52,7 @@ protected function getPreAuthenticatedData(Request $request) } if (null === $user) { - throw new BadCredentialsException(sprintf('SSL credentials not found: %s, %s.', $this->userKey, $this->credentialKey)); + throw new BadCredentialsException(sprintf('SSL credentials not found: "%s", "%s".', $this->userKey, $this->credentialKey)); } return [$user, $request->server->get($this->credentialKey, '')]; diff --git a/Tests/Authentication/SimpleAuthenticationHandlerTest.php b/Tests/Authentication/SimpleAuthenticationHandlerTest.php index cd28c52d..cbdfec13 100644 --- a/Tests/Authentication/SimpleAuthenticationHandlerTest.php +++ b/Tests/Authentication/SimpleAuthenticationHandlerTest.php @@ -81,7 +81,7 @@ public function testOnAuthenticationSuccessCallsSimpleAuthenticator() public function testOnAuthenticationSuccessThrowsAnExceptionIfNonResponseIsReturned() { $this->expectException('UnexpectedValueException'); - $this->expectExceptionMessage('onAuthenticationSuccess method must return null to use the default success handler, or a Response object'); + $this->expectExceptionMessage('onAuthenticationSuccess()" method must return null to use the default success handler, or a Response object'); $this->successHandler->expects($this->never()) ->method('onAuthenticationSuccess'); @@ -149,7 +149,7 @@ public function testOnAuthenticationFailureCallsSimpleAuthenticator() public function testOnAuthenticationFailureThrowsAnExceptionIfNonResponseIsReturned() { $this->expectException('UnexpectedValueException'); - $this->expectExceptionMessage('onAuthenticationFailure method must return null to use the default failure handler, or a Response object'); + $this->expectExceptionMessage('onAuthenticationFailure()" method must return null to use the default failure handler, or a Response object'); $this->failureHandler->expects($this->never()) ->method('onAuthenticationFailure'); diff --git a/Tests/Firewall/ExceptionListenerTest.php b/Tests/Firewall/ExceptionListenerTest.php index 10c9b57b..29899de1 100644 --- a/Tests/Firewall/ExceptionListenerTest.php +++ b/Tests/Firewall/ExceptionListenerTest.php @@ -86,7 +86,7 @@ public function testExceptionWhenEntryPointReturnsBadValue() $listener->onKernelException($event); // the exception has been replaced by our LogicException $this->assertInstanceOf('LogicException', $event->getException()); - $this->assertStringEndsWith('start() method must return a Response object (string returned).', $event->getException()->getMessage()); + $this->assertStringEndsWith('start()" method must return a Response object ("string" returned).', $event->getException()->getMessage()); } /** From 32596f3c90f0cb4f4cd027f1218fff7e08c2fc2e Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Tue, 24 Sep 2019 13:01:54 +0200 Subject: [PATCH 3/5] [DI] fix preloading script generation --- Firewall/AnonymousAuthenticationListener.php | 3 +++ Firewall/LegacyListenerTrait.php | 3 +++ 2 files changed, 6 insertions(+) diff --git a/Firewall/AnonymousAuthenticationListener.php b/Firewall/AnonymousAuthenticationListener.php index 0f1da391..999796d3 100644 --- a/Firewall/AnonymousAuthenticationListener.php +++ b/Firewall/AnonymousAuthenticationListener.php @@ -19,6 +19,9 @@ use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; +// Help opcache.preload discover always-needed symbols +class_exists(AnonymousToken::class); + /** * AnonymousAuthenticationListener automatically adds a Token if none is * already present. diff --git a/Firewall/LegacyListenerTrait.php b/Firewall/LegacyListenerTrait.php index 260cb680..6f2bc223 100644 --- a/Firewall/LegacyListenerTrait.php +++ b/Firewall/LegacyListenerTrait.php @@ -15,6 +15,9 @@ use Symfony\Component\HttpKernel\Event\GetResponseEvent; use Symfony\Component\HttpKernel\Event\RequestEvent; +// Help opcache.preload discover always-needed symbols +class_exists(RequestEvent::class); + /** * @deprecated * From ea48e2da7959835a4be4817566573d1aadd9c6fe Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Tue, 17 Mar 2020 19:02:13 +0100 Subject: [PATCH 4/5] [Security/Http] don't require the session to be started when tracking its id --- Firewall/ContextListener.php | 4 ++-- Tests/Firewall/ContextListenerTest.php | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/Firewall/ContextListener.php b/Firewall/ContextListener.php index 9243119a..1201e161 100644 --- a/Firewall/ContextListener.php +++ b/Firewall/ContextListener.php @@ -115,10 +115,10 @@ public function authenticate(RequestEvent $event) if (null !== $session) { $usageIndexValue = method_exists(Request::class, 'getPreferredFormat') && $session instanceof Session ? $usageIndexReference = &$session->getUsageIndex() : 0; - $sessionId = $session->getId(); + $sessionId = $request->cookies->get($session->getName()); $token = $session->get($this->sessionKey); - if ($this->sessionTrackerEnabler && $session->getId() === $sessionId) { + if ($this->sessionTrackerEnabler && \in_array($sessionId, [true, $session->getId()], true)) { $usageIndexReference = $usageIndexValue; } } diff --git a/Tests/Firewall/ContextListenerTest.php b/Tests/Firewall/ContextListenerTest.php index 0d053190..82a5f917 100644 --- a/Tests/Firewall/ContextListenerTest.php +++ b/Tests/Firewall/ContextListenerTest.php @@ -344,6 +344,26 @@ public function testDeauthenticatedEvent() $this->assertNull($tokenStorage->getToken()); } + /** + * @requires function \Symfony\Component\HttpFoundation\Request::getPreferredFormat + */ + public function testWithPreviousNotStartedSession() + { + $session = new Session(new MockArraySessionStorage()); + + $request = new Request(); + $request->setSession($session); + $request->cookies->set('MOCKSESSID', true); + + $usageIndex = $session->getUsageIndex(); + + $tokenStorage = new TokenStorage(); + $listener = new ContextListener($tokenStorage, [], 'context_key', null, null, null, [$tokenStorage, 'getToken']); + $listener(new RequestEvent($this->getMockBuilder(HttpKernelInterface::class)->getMock(), $request, HttpKernelInterface::MASTER_REQUEST)); + + $this->assertSame($usageIndex, $session->getUsageIndex()); + } + protected function runSessionOnKernelResponse($newToken, $original = null) { $session = new Session(new MockArraySessionStorage()); From d964f003ddd85bdff8739d463e2b97a90765697c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Tue, 17 Jul 2018 14:51:24 +0200 Subject: [PATCH 5/5] [Security] Remember me: allow to set the samesite cookie flag --- RememberMe/AbstractRememberMeServices.php | 3 ++- RememberMe/PersistentTokenBasedRememberMeServices.php | 8 ++++++-- RememberMe/TokenBasedRememberMeServices.php | 4 +++- .../PersistentTokenBasedRememberMeServicesTest.php | 4 +++- Tests/RememberMe/TokenBasedRememberMeServicesTest.php | 4 +++- 5 files changed, 17 insertions(+), 6 deletions(-) diff --git a/RememberMe/AbstractRememberMeServices.php b/RememberMe/AbstractRememberMeServices.php index fba79fba..53b63689 100644 --- a/RememberMe/AbstractRememberMeServices.php +++ b/RememberMe/AbstractRememberMeServices.php @@ -38,6 +38,7 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface protected $options = [ 'secure' => false, 'httponly' => true, + 'samesite' => null, ]; private $providerKey; private $secret; @@ -281,7 +282,7 @@ protected function cancelCookie(Request $request) $this->logger->debug('Clearing remember-me cookie.', ['name' => $this->options['name']]); } - $request->attributes->set(self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], null, 1, $this->options['path'], $this->options['domain'], $this->options['secure'], $this->options['httponly'])); + $request->attributes->set(self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], null, 1, $this->options['path'], $this->options['domain'], $this->options['secure'], $this->options['httponly'], false, $this->options['samesite'])); } /** diff --git a/RememberMe/PersistentTokenBasedRememberMeServices.php b/RememberMe/PersistentTokenBasedRememberMeServices.php index 272a5cc2..94ec0eae 100644 --- a/RememberMe/PersistentTokenBasedRememberMeServices.php +++ b/RememberMe/PersistentTokenBasedRememberMeServices.php @@ -84,7 +84,9 @@ protected function processAutoLoginCookie(array $cookieParts, Request $request) $this->options['path'], $this->options['domain'], $this->options['secure'], - $this->options['httponly'] + $this->options['httponly'], + false, + $this->options['samesite'] ) ); @@ -117,7 +119,9 @@ protected function onLoginSuccess(Request $request, Response $response, TokenInt $this->options['path'], $this->options['domain'], $this->options['secure'], - $this->options['httponly'] + $this->options['httponly'], + false, + $this->options['samesite'] ) ); } diff --git a/RememberMe/TokenBasedRememberMeServices.php b/RememberMe/TokenBasedRememberMeServices.php index 3df2ced6..32e65f3c 100644 --- a/RememberMe/TokenBasedRememberMeServices.php +++ b/RememberMe/TokenBasedRememberMeServices.php @@ -81,7 +81,9 @@ protected function onLoginSuccess(Request $request, Response $response, TokenInt $this->options['path'], $this->options['domain'], $this->options['secure'], - $this->options['httponly'] + $this->options['httponly'], + false, + $this->options['samesite'] ) ); } diff --git a/Tests/RememberMe/PersistentTokenBasedRememberMeServicesTest.php b/Tests/RememberMe/PersistentTokenBasedRememberMeServicesTest.php index 599a7e81..7afa48ed 100644 --- a/Tests/RememberMe/PersistentTokenBasedRememberMeServicesTest.php +++ b/Tests/RememberMe/PersistentTokenBasedRememberMeServicesTest.php @@ -12,6 +12,7 @@ namespace Symfony\Component\Security\Http\Tests\RememberMe; use PHPUnit\Framework\TestCase; +use Symfony\Component\HttpFoundation\Cookie; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\ResponseHeaderBag; @@ -268,7 +269,7 @@ public function testLoginFail() public function testLoginSuccessSetsCookieWhenLoggedInWithNonRememberMeTokenInterfaceImplementation() { - $service = $this->getService(null, ['name' => 'foo', 'domain' => 'myfoodomain.foo', 'path' => '/foo/path', 'secure' => true, 'httponly' => true, 'lifetime' => 3600, 'always_remember_me' => true]); + $service = $this->getService(null, ['name' => 'foo', 'domain' => 'myfoodomain.foo', 'path' => '/foo/path', 'secure' => true, 'httponly' => true, 'samesite' => Cookie::SAMESITE_STRICT, 'lifetime' => 3600, 'always_remember_me' => true]); $request = new Request(); $response = new Response(); @@ -305,6 +306,7 @@ public function testLoginSuccessSetsCookieWhenLoggedInWithNonRememberMeTokenInte $this->assertTrue($cookie->getExpiresTime() > time() + 3590 && $cookie->getExpiresTime() < time() + 3610); $this->assertEquals('myfoodomain.foo', $cookie->getDomain()); $this->assertEquals('/foo/path', $cookie->getPath()); + $this->assertSame(Cookie::SAMESITE_STRICT, $cookie->getSameSite()); } protected function encodeCookie(array $parts) diff --git a/Tests/RememberMe/TokenBasedRememberMeServicesTest.php b/Tests/RememberMe/TokenBasedRememberMeServicesTest.php index f24e4fff..4a34d614 100644 --- a/Tests/RememberMe/TokenBasedRememberMeServicesTest.php +++ b/Tests/RememberMe/TokenBasedRememberMeServicesTest.php @@ -12,6 +12,7 @@ namespace Symfony\Component\Security\Http\Tests\RememberMe; use PHPUnit\Framework\TestCase; +use Symfony\Component\HttpFoundation\Cookie; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\ResponseHeaderBag; @@ -205,7 +206,7 @@ public function testLoginSuccessIgnoresTokensWhichDoNotContainAnUserInterfaceImp public function testLoginSuccess() { - $service = $this->getService(null, ['name' => 'foo', 'domain' => 'myfoodomain.foo', 'path' => '/foo/path', 'secure' => true, 'httponly' => true, 'lifetime' => 3600, 'always_remember_me' => true]); + $service = $this->getService(null, ['name' => 'foo', 'domain' => 'myfoodomain.foo', 'path' => '/foo/path', 'secure' => true, 'httponly' => true, 'samesite' => Cookie::SAMESITE_STRICT, 'lifetime' => 3600, 'always_remember_me' => true]); $request = new Request(); $response = new Response(); @@ -240,6 +241,7 @@ public function testLoginSuccess() $this->assertTrue($cookie->getExpiresTime() > time() + 3590 && $cookie->getExpiresTime() < time() + 3610); $this->assertEquals('myfoodomain.foo', $cookie->getDomain()); $this->assertEquals('/foo/path', $cookie->getPath()); + $this->assertSame(Cookie::SAMESITE_STRICT, $cookie->getSameSite()); } protected function getCookie($class, $username, $expires, $password)