8000 merged branch vicb/security/password_0 (PR #4624) · lauris/symfony@231d9d9 · GitHub
[go: up one dir, main page]
Skip to content

Commit 231d9d9

Browse files
fabpotfabpot
committed
merged branch vicb/security/password_0 (PR symfony# 8000 4624)
Commits ------- 680b83c [Security] Allow "0" as a password Discussion ---------- [Security] allow "0" as a password ```php <?php !"0" == true ```
2 parents e78a7ba + 680b83c commit 231d9d9

File tree

2 files changed

+67
-29
lines changed

2 files changed

+67
-29
lines changed

src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ protected function checkAuthentication(UserInterface $user, UsernamePasswordToke
5959
throw new BadCredentialsException('The credentials were changed from another session.');
6060
}
6161
} else {
62-
if (!$presentedPassword = $token->getCredentials()) {
62+
if ("" === ($presentedPassword = $token->getCredentials())) {
6363
throw new BadCredentialsException('The presented password cannot be empty.');
6464
}
6565

tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/DaoAuthenticationProviderTest.php

Lines changed: 66 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -35,13 +35,13 @@ public function testRetrieveUserWhenProviderDoesNotReturnAnUserInterface()
3535
*/
3636
public function testRetrieveUserWhenUsernameIsNotFound()
3737
{
38-
$userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface');
38+
$userProvider = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserProviderInterface');
3939
$userProvider->expects($this->once())
4040
->method('loadUserByUsername')
41-
->will($this->throwException($this->getMock('Symfony\Component\Security\Core\Exception\UsernameNotFoundException', null, array(), '', false)))
41+
->will($this->throwException($this->getMock('Symfony\\Component\\Security\\Core\\Exception\\UsernameNotFoundException', null, array(), '', false)))
4242
;
4343

44-
$provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'), 'key', $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface'));
44+
$provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserCheckerInterface'), 'key', $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\EncoderFactoryInterface'));
4545
$method = new \ReflectionMethod($provider, 'retrieveUser');
4646
$method->setAccessible(true);
4747

@@ -53,13 +53,13 @@ public function testRetrieveUserWhenUsernameIsNotFound()
5353
*/
5454
public function testRetrieveUserWhenAnExceptionOccurs()
5555
{
56-
$userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface');
56+
$userProvider = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserProviderInterface');
5757
$userProvider->expects($this->once())
5858
->method('loadUserByUsername')
5959
->will($this->throwException($this->getMock('RuntimeException', null, array(), '', false)))
6060
;
6161

62-
$provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'), 'key', $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface'));
62+
$provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserCheckerInterface'), 'key', $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\EncoderFactoryInterface'));
6363
$method = new \ReflectionMethod($provider, 'retrieveUser');
6464
$method->setAccessible(true);
6565

@@ -68,19 +68,19 @@ public function testRetrieveUserWhenAnExceptionOccurs()
6868

6969
public function testRetrieveUserReturnsUserFromTokenOnReauthentication()
7070
{
71-
$userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface');
71+
$userProvider = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserProviderInterface');
7272
$userProvider->expects($this->never())
7373
->method('loadUserByUsername')
7474
;
7575

76-
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
76+
$user = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface');
7777
$token = $this->getSupportedToken();
7878
$token->expects($this->once())
7979
->method('getUser')
8080
->will($this->returnValue($user))
8181
;
8282

83-
$provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'), 'key', $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface'));
83+
$provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserCheckerInterface'), 'key', $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\EncoderFactoryInterface'));
8484
$reflection = new \ReflectionMethod($provider, 'retrieveUser');
8585
$reflection->setAccessible(true);
8686
$result = $reflection->invoke($provider, null, $token);
@@ -90,15 +90,15 @@ public function testRetrieveUserReturnsUserFromTokenOnReauthentication()
9090

9191
public function testRetrieveUser()
9292
{
93-
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
93+
$user = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface');
9494

95-
$userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface');
95+
$userProvider = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserProviderInterface');
9696
$userProvider->expects($this->once())
9797
->method('loadUserByUsername')
9898
->will($this->returnValue($user))
9999
;
100100

101-
$provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'), 'key', $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface'));
101+
$provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserCheckerInterface'), 'key', $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\EncoderFactoryInterface'));
102102
$method = new \ReflectionMethod($provider, 'retrieveUser');
103103
$method->setAccessible(true);
104104

@@ -110,25 +110,63 @@ public function testRetrieveUser()
110110
*/
111111
public function testCheckAuthenticationWhenCredentialsAreEmpty()
112112
{
113-
$provider = $this->getProvider();
113+
$encoder = $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\PasswordEncoderInterface');
114+
$encoder
115+
->expects($this->never())
116+
->method('isPasswordValid')
117+
;
118+
119+
$provider = $this->getProvider(false, false, $encoder);
114120
$method = new \ReflectionMethod($provider, 'checkAuthentication');
115121
$method->setAccessible(true);
116122

117123
$token = $this->getSupportedToken();
118-
$token->expects($this->once())
119-
->method('getCredentials')
120-
->will($this->returnValue(''))
124+
$token
125+
->expects($this->once())
126+
->method('getCredentials')
127+
->will($this->returnValue(''))
128+
;
129+
130+
$method->invoke(
131+
$provider,
132+
$this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'),
133+
$token
134+
);
135+
}
136+
137+
public function testCheckAuthenticationWhenCredentialsAre0()
138+
{
139+
$encoder = $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\PasswordEncoderInterface');
140+
$encoder
141+
->expects($this->once())
142+
->method('isPasswordValid')
143+
->will($this->returnValue(true))
144+
;
145+
146+
$provider = $this->getProvider(false, false, $encoder);
147+
$method = new \ReflectionMethod($provider, 'checkAuthentication');
148+
$method->setAccessible(true);
149+
150+
$token = $this->getSupportedToken();
151+
$token
152+
->expects($this->once())
153+
->method('getCredentials')
154+
->will($this->returnValue('0'))
121155
;
122156

123-
$method->invoke($provider, $this->getMock('Symfony\Component\Security\Core\User\UserInterface'), $token);
157+
$method->invoke(
158+
$provider,
159+
$this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'),
160+
$token
161+
);
124162
}
125163

126164
/**
127165
* @expectedException Symfony\Component\Security\Core\Exception\BadCredentialsException
128166
*/
129167
public function testCheckAuthenticationWhenCredentialsAreNotValid()
130168
{
131-
$encoder = $this->getMock('Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface');
169+
$encoder = $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\PasswordEncoderInterface');
132170
$encoder->expects($this->once())
133171
->method('isPasswordValid')
134172
->will($this->returnValue(false))
@@ -144,15 +182,15 @@ public function testCheckAuthenticationWhenCredentialsAreNotValid()
144182
->will($this->returnValue('foo'))
145183
;
146184

147-
$method->invoke($provider, $this->getMock('Symfony\Component\Security\Core\User\UserInterface'), $token);
185+
$method->invoke($provider, $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'), $token);
148186
}
149187

150188
/**
151189
* @expectedException Symfony\Component\Security\Core\Exception\BadCredentialsException
152190
*/
153191
public function testCheckAuthenticationDoesNotReauthenticateWhenPasswordHasChanged()
154192
{
155-
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
193+
$user = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface');
156194
$user->expects($this->once())
157195
->method('getPassword')
158196
->will($this->returnValue('foo'))
@@ -163,7 +201,7 @@ public function testCheckAuthenticationDoesNotReauthenticateWhenPasswordHasChang
163201
->method('getUser')
164202
->will($this->returnValue($user));
165203

166-
$dbUser = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
204+
$dbUser = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface');
167205
$dbUser->expects($this->once())
168206
->method('getPassword')
169207
->will($this->returnValue('newFoo'))
@@ -177,7 +215,7 @@ public function testCheckAuthenticationDoesNotReauthenticateWhenPasswordHasChang
177215

178216
public function testCheckAuthenticationWhenTokenNeedsReauthenticationWorksWithoutOriginalCredentials()
179217
{
180-
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
218+
$user = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface');
181219
$user->expects($this->once())
182220
->method('getPassword')
183221
->will($this->returnValue('foo'))
@@ -188,7 +226,7 @@ public function testCheckAuthenticationWhenTokenNeedsReauthenticationWorksWithou
188226
->method('getUser')
189227
->will($this->returnValue($user));
190228

191-
$dbUser = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
229+
$dbUser = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface');
192230
$dbUser->expects($this->once())
193231
->method('getPassword')
194232
->will($this->returnValue('foo'))
@@ -202,7 +240,7 @@ public function testCheckAuthenticationWhenTokenNeedsReauthenticationWorksWithou
202240

203241
public function testCheckAuthentication()
204242
{
205-
$encoder = $this->getMock('Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface');
243+
$encoder = $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\PasswordEncoderInterface');
206244
$encoder->expects($this->once())
207245
->method('isPasswordValid')
208246
->will($this->returnValue(true))
@@ -218,12 +256,12 @@ public function testCheckAuthentication()
218256
->will($this->returnValue('foo'))
219257
;
220258

221-
$method->invoke($provider, $this->getMock('Symfony\Component\Security\Core\User\UserInterface'), $token);
259+
$method->invoke($provider, $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'), $token);
222260
}
223261

224262
protected function getSupportedToken()
225263
{
226-
$mock = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', array('getCredentials', 'getUser', 'getProviderKey'), array(), '', false);
264+
$mock = $this->getMock('Symfony\\Component\\Security\\Core\\Authentication\\Token\\UsernamePasswordToken', array('getCredentials', 'getUser', 'getProviderKey'), array(), '', false);
227265
$mock
228266
->expects($this->any())
229267
->method('getProviderKey')
@@ -235,7 +273,7 @@ protected function getSupportedToken()
235273

236274
protected function getProvider($user = false, $userChecker = false, $passwordEncoder = null)
237275
{
238-
$userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface');
276+
$userProvider = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserProviderInterface');
239277
if (false !== $user) {
240278
$userProvider->expects($this->once())
241279
->method('loadUserByUsername')
@@ -244,14 +282,14 @@ protected function getProvider($user = false, $userChecker = false, $passwordEnc
244282
}
245283

246284
if (false === $userChecker) {
247-
$userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface');
285+
$userChecker = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserCheckerInterface');
248286
}
249287

250288
if (null === $passwordEncoder) {
251289
$passwordEncoder = new PlaintextPasswordEncoder();
252290
}
253291

254-
$encoderFactory = $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface');
292+
$encoderFactory = $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\EncoderFactoryInterface');
255293
$encoderFactory
256294
->expects($this->any())
257295
->method('getEncoder')

0 commit comments

Comments
 (0)
0