Skip to content

Commit af81008

Browse files
fbourigaultfbourigault
committed
[SecurityBundle] Fix remember-me cookie framework inheritance when session is disabled
1 parent 100f205 commit af81008

File tree

2 files changed

+55
-1
lines changed

2 files changed

+55
-1
lines changed

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@ public function prepend(ContainerBuilder $container)
6565
return;
6666
}
6767
foreach ($container->getExtensionConfig('framework') as $config) {
68-
if (isset($config['session'])) {
68+
if (isset($config['session']) && \is_array($config['session'])) {
6969
$rememberMeSecureDefault = $config['session']['cookie_secure'] ?? $rememberMeSecureDefault;
7070
$rememberMeSameSiteDefault = array_key_exists('cookie_samesite', $config['session']) ? $config['session']['cookie_samesite'] : $rememberMeSameSiteDefault;
7171
}

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
namespace Symfony\Bundle\SecurityBundle\Tests\DependencyInjection;
1313

1414
use PHPUnit\Framework\TestCase;
15+
use Symfony\Bundle\FrameworkBundle\DependencyInjection\FrameworkExtension;
1516
use Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension;
1617
use Symfony\Bundle\SecurityBundle\SecurityBundle;
1718
use Symfony\Bundle\SecurityBundle\Tests\DependencyInjection\Fixtures\UserProvider\DummyProvider;
@@ -343,6 +344,59 @@ public function testDoNotRegisterTheUserProviderAliasWithMultipleProviders()
343344
$this->assertFalse($container->has(UserProviderInterface::class));
344345
}
345346

347+
/**
348+
* @dataProvider sessionConfigurationProvider
349+
*/
350+
public function testRememberMeCookieInheritFrameworkSessionCookie($config, $samesite, $secure)
351+
{
352+
$container = $this->getRawContainer();
353+
354+
$container->registerExtension(new FrameworkExtension());
355+
$container->setParameter('kernel.bundles_metadata', array());
356+
$container->setParameter('kernel.project_dir', __DIR__);
357+
$container->setParameter('kernel.root_dir', __DIR__);
358+
$container->setParameter('kernel.cache_dir', __DIR__);
359+
360+
$container->loadFromExtension('security', array(
361+
'firewalls' => array(
362+
'default' => array(
363+
'form_login' => null,
364+
'remember_me' => array('secret' => 'baz'),
365+
),
366+
),
367+
));
368+
$container->loadFromExtension('framework', array(
369+
'session' => $config,
370+
));
371+
372+
$container->compile();
373+
374+
$definition = $container->getDefinition('security.authentication.rememberme.services.simplehash.default');
375+
376+
$this->assertEquals($samesite, $definition->getArgument(3)['samesite']);
377+
$this->assertEquals($secure, $definition->getArgument(3)['secure']);
378+
}
379+
380+
public function sessionConfigurationProvider()
381+
{
382+
return array(
383+
array(
384+
false,
385+
null,
386+
false,
387+
),
388+
array(
389+
array(
390+
'cookie_secure' => true,
391+
'cookie_samesite' => 'lax',
392+
'save_path' => null,
393+
),
394+
'lax',
395+
true,
396+
),
397+
);
398+
}
399+
346400
protected function getRawContainer()
347401
{
348402
$container = new ContainerBuilder();

0 commit comments

Comments
 (0)