Skip to content

Commit 940bba0

Browse files
nicolas-grekasnicolas-grekas
committed
bug #35335 [Security] Fix RememberMe with null password (jderusse)
This PR was merged into the 5.0 branch. Discussion ---------- [Security] Fix RememberMe with null password | Q | A | ------------- | --- | Branch? | 5.0 | Bug fix? | yes | New feature? | no | Deprecations? | yes | Tickets | NA | License | MIT | Doc PR | NA From `UserInterface` the method getPassword may return null, while generateCookieHash requires a string. This PR changes the signature of the methods to allows null password Commits ------- a7d0d82 Fix RememberMe with null password
2 parents 0dcf2fc + a7d0d82 commit 940bba0

File tree

1 file changed

+6
-6
lines changed

1 file changed

+6
-6
lines changed

src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -91,12 +91,12 @@ protected function onLoginSuccess(Request $request, Response $response, TokenInt
9191
/**
9292
* Generates the cookie value.
9393
*
94-
* @param int $expires The Unix timestamp when the cookie expires
95-
* @param string $password The encoded password
94+
* @param int $expires The Unix timestamp when the cookie expires
95+
* @param string|null $password The encoded password
9696
*
9797
* @return string
9898
*/
99-
protected function generateCookieValue(string $class, string $username, int $expires, string $password)
99+
protected function generateCookieValue(string $class, string $username, int $expires, ?string $password)
100100
{
101101
// $username is encoded because it might contain COOKIE_DELIMITER,
102102
// we assume other values don't
@@ -111,12 +111,12 @@ protected function generateCookieValue(string $class, string $username, int $exp
111111
/**
112112
* Generates a hash for the cookie to ensure it is not being tampered with.
113113
*
114-
* @param int $expires The Unix timestamp when the cookie expires
115-
* @param string $password The encoded password
114+
* @param int $expires The Unix timestamp when the cookie expires
115+
* @param string|null $password The encoded password
116116
*
117117
* @return string
118118
*/
119-
protected function generateCookieHash(string $class, string $username, int $expires, string $password)
119+
protected function generateCookieHash(string $class, string $username, int $expires, ?string $password)
120120
{
121121
return hash_hmac('sha256', $class.self::COOKIE_DELIMITER.$username.self::COOKIE_DELIMITER.$expires.self::COOKIE_DELIMITER.$password, $this->getSecret());
122122
}

0 commit comments

Comments
 (0)