Skip to content

Commit 1fa2aab

Browse files
wouterjwouterj
committed
Merge branch '5.3' into 5.4
* 5.3: [Security] Fix wrong cache directive when using the new PUBLIC_ACCESS attribute
2 parents c91322d + fd0dc96 commit 1fa2aab

File tree

5 files changed

+48
-4
lines changed

5 files changed

+48
-4
lines changed

src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/RememberMeBundle/Security/UserChangingUserProvider.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111

1212
namespace Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\RememberMeBundle\Security;
1313

14+
use Symfony\Component\Security\Core\User\InMemoryUser;
1415
use Symfony\Component\Security\Core\User\InMemoryUserProvider;
1516
use Symfony\Component\Security\Core\User\User;
1617
use Symfony\Component\Security\Core\User\UserInterface;
@@ -39,7 +40,7 @@ public function refreshUser(UserInterface $user)
3940
{
4041
$user = $this->inner->refreshUser($user);
4142

42-
$alterUser = \Closure::bind(function (User $user) { $user->password = 'foo'; }, null, User::class);
43+
$alterUser = \Closure::bind(function (InMemoryUser $user) { $user->password = 'foo'; }, null, class_exists(User::class) ? User::class : InMemoryUser::class);
4344
$alterUser($user);
4445

4546
return $user;

src/Symfony/Component/PasswordHasher/Hasher/UserPasswordHasher.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ public function hashPassword($user, string $plainPassword): string
5050
} elseif ($user instanceof UserInterface) {
5151
$salt = $user->getSalt();
5252

53-
if (null !== $salt) {
53+
if ($salt) {
5454
trigger_deprecation('symfony/password-hasher', '5.3', 'Returning a string from "getSalt()" without implementing the "%s" interface is deprecated, the "%s" class should implement it.', LegacyPasswordAuthenticatedUserInterface::class, get_debug_type($user));
5555
}
5656
}

src/Symfony/Component/PasswordHasher/Tests/Hasher/UserPasswordHasherTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -158,7 +158,7 @@ public function testNeedsRehash()
158158

159159
$passwordHasher = new UserPasswordHasher($mockPasswordHasherFactory);
160160

161-
\Closure::bind(function () use ($passwordHasher) { $this->password = $passwordHasher->hashPassword($this, 'foo', 'salt'); }, $user, User::class)();
161+
\Closure::bind(function () use ($passwordHasher) { $this->password = $passwordHasher->hashPassword($this, 'foo', 'salt'); }, $user, class_exists(User::class) ? User::class : InMemoryUser::class)();
162162
$this->assertFalse($passwordHasher->needsRehash($user));
163163
$this->assertTrue($passwordHasher->needsRehash($user));
164164
$this->assertFalse($passwordHasher->needsRehash($user));

src/Symfony/Component/Security/Http/Firewall/AccessListener.php

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -86,7 +86,13 @@ public function authenticate(RequestEvent $event)
8686
$attributes = $request->attributes->get('_access_control_attributes');
8787
$request->attributes->remove('_access_control_attributes');
8888

89-
if (!$attributes || ([AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY] === $attributes && $event instanceof LazyResponseEvent)) {
89+
if (
90+
!$attributes
91+
|| (
92+
([AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY] === $attributes || [AuthenticatedVoter::PUBLIC_ACCESS] === $attributes)
93+
&& $event instanceof LazyResponseEvent
94+
)
95+
) {
9096
return;
9197
}
9298

src/Symfony/Component/Security/Http/Tests/Firewall/AccessListenerTest.php

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -372,4 +372,41 @@ public function testHandleMWithultipleAttributesShouldBeHandledAsAnd()
372372

373373
$listener(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST));
374374
}
375+
376+
public function testLazyPublicPagesShouldNotAccessTokenStorage()
377+
{
378+
$tokenStorage = $this->createMock(TokenStorageInterface::class);
379+
$tokenStorage->expects($this->never())->method('getToken');
380+
381+
$request = new Request();
382+
$accessMap = $this->createMock(AccessMapInterface::class);
383+
$accessMap->expects($this->any())
384+
->method('getPatterns')
385+
->with($this->equalTo($request))
386+
->willReturn([[AuthenticatedVoter::PUBLIC_ACCESS], null])
387+
;
388+
389+
$listener = new AccessListener($tokenStorage, $this->createMock(AccessDecisionManagerInterface::class), $accessMap, $this->createMock(AuthenticationManagerInterface::class), false);
390+
$listener(new LazyResponseEvent(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST)));
391+
}
392+
393+
/**
394+
* @group legacy
395+
*/
396+
public function testLegacyLazyPublicPagesShouldNotAccessTokenStorage()
397+
{
398+
$tokenStorage = $this->createMock(TokenStorageInterface::class);
399+
$tokenStorage->expects($this->never())->method('getToken');
400+
401+
$request = new Request();
402+
$accessMap = $this->createMock(AccessMapInterface::class);
403+
$accessMap->expects($this->any())
404+
->method('getPatterns')
405+
->with($this->equalTo($request))
406+
->willReturn([[AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY], null])
407+
;
408+
409+
$listener = new AccessListener($tokenStorage, $this->createMock(AccessDecisionManagerInterface::class), $accessMap, $this->createMock(AuthenticationManagerInterface::class), false);
410+
$listener(new LazyResponseEvent(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST)));
411+
}
375412
}

0 commit comments

Comments
 (0)