Skip to content

Commit 46f93d3

Browse files
MatTheCatMatTheCat
committed
[Security][LoginLink] Throw InvalidLoginLinkException on missing parameter
1 parent 84e90f6 commit 46f93d3

File tree

2 files changed

+30
-2
lines changed

2 files changed

+30
-2
lines changed

src/Symfony/Component/Security/Http/LoginLink/LoginLinkHandler.php

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -97,8 +97,12 @@ public function consumeLoginLink(Request $request): UserInterface
9797
throw new InvalidLoginLinkException('User not found.', 0, $exception);
9898
}
9999

100-
$hash = $request->get('hash');
101-
$expires = $request->get('expires');
100+
if (!$hash = $request->get('hash')) {
101+
throw new InvalidLoginLinkException('Missing "hash" parameter.');
102+
}
103+
if (!$expires = $request->get('expires')) {
104+
throw new InvalidLoginLinkException('Missing "expires" parameter.');
105+
}
102106

103107
try {
104108
$this->signatureHasher->verifySignatureHash($user, $expires, $hash);

src/Symfony/Component/Security/Http/Tests/LoginLink/LoginLinkHandlerTest.php

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -182,6 +182,30 @@ public function testConsumeLoginLinkExceedsMaxUsage()
182182
$linker->consumeLoginLink($request);
183183
}
184184

185+
public function testConsumeLoginLinkWithMissingHash()
186+
{
187+
$user = new TestLoginLinkHandlerUser('weaverryan', 'ryan@symfonycasts.com', 'pwhash');
188+
$this->userProvider->createUser($user);
189+
190+
$this->expectException(InvalidLoginLinkException::class);
191+
$request = Request::create('/login/verify?user=weaverryan&expires=10000');
192+
193+
$linker = $this->createLinker();
194+
$linker->consumeLoginLink($request);
195+
}
196+
197+
public function testConsumeLoginLinkWithMissingExpiration()
198+
{
199+
$user = new TestLoginLinkHandlerUser('weaverryan', 'ryan@symfonycasts.com', 'pwhash');
200+
$this->userProvider->createUser($user);
201+
202+
$this->expectException(InvalidLoginLinkException::class);
203+
$request = Request::create('/login/verify?user=weaverryan&hash=thehash');
204+
205+
$linker = $this->createLinker();
206+
$linker->consumeLoginLink($request);
207+
}
208+
185209
private function createSignatureHash(string $username, int $expires, array $extraFields): string
186210
{
187211
$fields = [base64_encode($username), $expires];

0 commit comments

Comments
 (0)