Skip to content

[Security] [LoginLink] Throw InvalidLoginLinkException on missing parameter #48292

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 30, 2022
Merged

[Security] [LoginLink] Throw InvalidLoginLinkException on missing parameter #48292

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions src/Symfony/Component/Security/Http/LoginLink/LoginLinkHandler.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,8 +97,12 @@ public function consumeLoginLink(Request $request): UserInterface
throw new InvalidLoginLinkException('User not found.', 0, $exception);
}

$hash = $request->get('hash');
$expires = $request->get('expires');
if (!$hash = $request->get('hash')) {
throw new InvalidLoginLinkException('Missing "hash" parameter.');
}
if (!$expires = $request->get('expires')) {
throw new InvalidLoginLinkException('Missing "expires" parameter.');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other authenticators throw a BadRequestHttpException in such cases, I would do the same here. See e.g.

symfony/src/Symfony/Component/Security/Http/Authenticator/JsonLoginAuthenticator.php

Line 161 in c79d4ab

throw new BadRequestHttpException(sprintf('The key "%s" must be a string.', $this->options['password_path']));

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm LoginLinkHandlerInterface::consumeLoginLink is supposed to throw InvalidLoginLinkException:

symfony/src/Symfony/Component/Security/Http/LoginLink/LoginLinkHandlerInterface.php

Lines 32 to 34 in f67ff76

* Throw InvalidLoginLinkExceptionInterface if the link is invalid.
*/
public function consumeLoginLink(Request $request): UserInterface;

The LoginLinkAuthenticator then converts it to InvalidLoginLinkAuthenticationException which triggers its onAuthenticationFailure method to be called.

Are you sure we should bypass this behavior?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thinking twice about it, I think it's safer to go with your approach.

}

try {
$this->signatureHasher->verifySignatureHash($user, $expires, $hash);
Expand Down
24 changes: 24 additions & 0 deletions src/Symfony/Component/Security/Http/Tests/LoginLink/LoginLinkHandlerTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,30 @@ public function testConsumeLoginLinkExceedsMaxUsage()
$linker->consumeLoginLink($request);
}

public function testConsumeLoginLinkWithMissingHash()
{
$user = new TestLoginLinkHandlerUser('weaverryan', 'ryan@symfonycasts.com', 'pwhash');
$this->userProvider->createUser($user);

$this->expectException(InvalidLoginLinkException::class);
$request = Request::create('/login/verify?user=weaverryan&expires=10000');

$linker = $this->createLinker();
$linker->consumeLoginLink($request);
}

public function testConsumeLoginLinkWithMissingExpiration()
{
$user = new TestLoginLinkHandlerUser('weaverryan', 'ryan@symfonycasts.com', 'pwhash');
$this->userProvider->createUser($user);

$this->expectException(InvalidLoginLinkException::class);
$request = Request::create('/login/verify?user=weaverryan&hash=thehash');

$linker = $this->createLinker();
$linker->consumeLoginLink($request);
}

private function createSignatureHash(string $username, int $expires, array $extraFields): string
{
$fields = [base64_encode($username), $expires];
Expand Down