bug #46054 [SecurityBundle] Use config's secret in remember-me signatures (jderusse)

fabpot · fabpot · commit 213381edef95 · 2022-04-16T15:38:50.000+02:00
This PR was merged into the 5.4 branch. Discussion ---------- [SecurityBundle] Use config's secret in remember-me signatures | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | - | License | MIT | Doc PR | - Commits ------- a412f30 [SecurityBundle] Use config's secret in remember-me signatures
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php
@@ -128,6 +128,7 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal
             $tokenVerifier = $this->createTokenVerifier($container, $firewallName, $config['token_verifier'] ?? null);
             $container->setDefinition($rememberMeHandlerId, new ChildDefinition('security.authenticator.persistent_remember_me_handler'))
                 ->replaceArgument(0, new Reference($tokenProviderId))
+                ->replaceArgument(1, $config['secret'])
                 ->replaceArgument(2, new Reference($userProviderId))
                 ->replaceArgument(4, $config)
                 ->replaceArgument(6, $tokenVerifier)
@@ -136,6 +137,7 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal
             $signatureHasherId = 'security.authenticator.remember_me_signature_hasher.'.$firewallName;
             $container->setDefinition($signatureHasherId, new ChildDefinition('security.authenticator.remember_me_signature_hasher'))
                 ->replaceArgument(1, $config['signature_properties'])
+                ->replaceArgument(2, $config['secret'])
             ;
 
             $container->setDefinition($rememberMeHandlerId, new ChildDefinition('security.authenticator.signature_remember_me_handler'))
@@ -205,7 +207,10 @@ public function addConfiguration(NodeDefinition $node)
         ;
 
         $builder
-            ->scalarNode('secret')->isRequired()->cannotBeEmpty()->end()
+            ->scalarNode('secret')
+                ->cannotBeEmpty()
+                ->defaultValue('%kernel.secret%')
+            ->end()
             ->scalarNode('service')->end()
             ->arrayNode('user_providers')
                 ->beforeNormalization()
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
@@ -419,7 +419,7 @@ public function testRememberMeCookieInheritFrameworkSessionCookie($config, $same
             'firewalls' => [
                 'default' => [
                     'form_login' => null,
-                    'remember_me' => ['secret' => 'baz'],
+                    'remember_me' => [],
                 ],
             ],
         ]);
@@ -433,6 +433,7 @@ public function testRememberMeCookieInheritFrameworkSessionCookie($config, $same
 
         $this->assertEquals($samesite, $definition->getArgument(3)['samesite']);
         $this->assertEquals($secure, $definition->getArgument(3)['secure']);
+        $this->assertSame('%kernel.secret%', $definition->getArgument(1));
     }
 
     /**
@@ -484,6 +485,46 @@ public function testCustomRememberMeHandler()
         $this->assertEquals([['firewall' => 'default']], $handler->getTag('security.remember_me_handler'));
     }
 
+    public function testSecretRememberMeHasher()
+    {
+        $container = $this->getRawContainer();
+
+        $container->register('custom_remember_me', \stdClass::class);
+        $container->loadFromExtension('security', [
+            'enable_authenticator_manager' => true,
+            'firewalls' => [
+                'default' => [
+                    'remember_me' => ['secret' => 'very'],
+                ],
+            ],
+        ]);
+
+        $container->compile();
+
+        $handler = $container->getDefinition('security.authenticator.remember_me_signature_hasher.default');
+        $this->assertSame('very', $handler->getArgument(2));
+    }
+
+    public function testSecretRememberMeHandler()
+    {
+        $container = $this->getRawContainer();
+
+        $container->register('custom_remember_me', \stdClass::class);
+        $container->loadFromExtension('security', [
+            'enable_authenticator_manager' => true,
+            'firewalls' => [
+                'default' => [
+                    'remember_me' => ['secret' => 'very', 'token_provider' => 'token_provider_id'],
+                ],
+            ],
+        ]);
+
+        $container->compile();
+
+        $handler = $container->getDefinition('security.authenticator.remember_me_handler.default');
+        $this->assertSame('very', $handler->getArgument(1));
+    }
+
     public function sessionConfigurationProvider()
     {
         return [
