8000 bug #19307 [Security] Fix deprecated usage of DigestAuthenticationEnt… · symfony/symfony@0bac08a · GitHub
[go: up one dir, main page]
Skip to content
/ symfony Public

Commit 0bac08a

Browse files
fabpotfabpot
committed
bug #19307 [Security] Fix deprecated usage of DigestAuthenticationEntryPoint::getKey() in DigestAuthenticationListener (Maxime STEINHAUSSER)
This PR was squashed before being merged into the 2.8 branch (closes #19307). Discussion ---------- [Security] Fix deprecated usage of DigestAuthenticationEntryPoint::getKey() in DigestAuthenticationListener | Q | A | ------------- | --- | Branch? | 2.8 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - Fix the following deprecation triggered by Symfony when using the `http_digest` authentication: <details> <summary>Symfony\Component\Security\Http\EntryPoint\DigestAuthenticationEntryPoint::getKey() is deprecated since version 2.8 and will be removed in 3.0. Use getSecret() instead. </summary> > DigestAuthenticationEntryPoint::getKey() (called from DigestAuthenticationListener.php at line 81) DigestAuthenticationListener::handle() (called from classes.php at line 2622) Firewall::onKernelRequest() call_user_func() (called from WrappedListener.php at line 61) WrappedListener::__invoke() call_user_func() (called from classes.php at line 1858) EventDispatcher::doDispatch() (called from classes.php at line 1773) EventDispatcher::dispatch() (called from TraceableEventDispatcher.php at line 140) TraceableEventDispatcher::dispatch() (called from HttpKernel.php at line 125) HttpKernel::handleRaw() (called from HttpKernel.php at line 64) HttpKernel::handle() (called from ContainerAwareHttpKernel.php at line 69) ContainerAwareHttpKernel::handle() (called from Kernel.php at line 193) Kernel::handle() (called from app_dev.php at line 36) </details> Refs: #16493 Commits ------- 880a392 [Security] Fix deprecated usage of DigestAuthenticationEntryPoint::getKey() in DigestAuthenticationListener
2 parents f8d3ef7 + 880a392 commit 0bac08a

File tree

2 files changed

+80
-1
lines changed

2 files changed

+80
-1
lines changed

src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@ public function handle(GetResponseEvent $event)
7878
}
7979

8080
try {
81-
$digestAuth->validateAndDecode($this->authenticationEntryPoint->getKey(), $this->authenticationEntryPoint->getRealmName());
81+
$digestAuth->validateAndDecode($this->authenticationEntryPoint->getSecret(), $this->authenticationEntryPoint->getRealmName());
8282
} catch (BadCredentialsException $e) {
8383
$this->fail($event, $request, $e);
8484

src/Symfony/Component/Security/Http/Tests/Firewall/DigestAuthenticationListenerTest.php

Lines changed: 79 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,79 @@
1+
<?php
2+
3+
namespace Symfony\Component\Security\Http\Tests\Firewall;
4+
5+
use Symfony\Component\HttpFoundation\Request;
6+
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
7+
use Symfony\Component\Security\Http\EntryPoint\DigestAuthenticationEntryPoint;
8+
use Symfony\Component\Security\Http\Firewall\DigestAuthenticationListener;
9+
10+
class DigestAuthenticationListenerTest extends \PHPUnit_Framework_TestCase
11+
{
12+
public function testHandleWithValidDigest()
13+
{
14+
$time = microtime(true) + 1000;
15+
$secret = 'ThisIsASecret';
16+
$nonce = base64_encode($time.':'.md5($time.':'.$secret));
17+
$username = 'user';
18+
$password = 'password';
19+
$realm = 'Welcome, robot!';
20+
$cnonce = 'MDIwODkz';
21+
$nc = '00000001';
22+
$qop = 'auth';
23+
$uri = '/path/info?p1=5&p2=5';
24+
25+
$serverDigest = $this->calculateServerDigest($username, $realm, $password, $nc, $nonce, $cnonce, $qop, 'GET', $uri);
26+
27+
$digestData =
28+
'username="'.$username.'", realm="'.$realm.'", nonce="'.$nonce.'", '.
29+
'uri="'.$uri.'", cnonce="'.$cnonce.'", nc='.$nc.', qop="'.$qop.'", '.
30+
'response="'.$serverDigest.'"'
31+
;
32+
33+
$request = new Request(array(), array(), array(), array(), array(), array('PHP_AUTH_DIGEST' => $digestData));
34+
35+
$entryPoint = new DigestAuthenticationEntryPoint($realm, $secret);
36+
37+
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
38+
$user->method('getPassword')->willReturn($password);
39+
40+
$providerKey = 'TheProviderKey';
41+
42+
$tokenStorage = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface');
43+
$tokenStorage
44+
->expects($this->once())
45+
->method('getToken')
46+
->will($this->returnValue(null))
47+
;
48+
$tokenStorage
49+
->expects($this->once())
50+
->method('setToken')
51+
->with($this->equalTo(new UsernamePasswordToken($user, $password, $providerKey)))
52+
;
53+
54+
$userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface');
55+
$userProvider->method('loadUserByUsername')->willReturn($user);
56+
57+
$listener = new DigestAuthenticationListener($tokenStorage, $userProvider, $providerKey, $entryPoint);
58+
59+
$event = $this->getMock('Symfony\Component\HttpKernel\Event\GetResponseEvent', array(), array(), '', false);
60+
$event
61+
->expects($this->any())
62+
->method('getRequest')
63+
->will($this->returnValue($request))
64+
;
65+
66+
$listener->handle($event);
67+
}
68+
69+
private function calculateServerDigest($username, $realm, $password, $nc, $nonce, $cnonce, $qop, $method, $uri)
70+
{
71+
$response = md5(
72+
md5($username.':'.$realm.':'.$password).':'.$nonce.':'.$nc.':'.$cnonce.':'.$qop.':'.md5($method.':'.$uri)
73+
);
74+
75+
return sprintf('username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=%s, qop="%s", response="%s"',
76+
$username, $realm, $nonce, $uri, $cnonce, $nc, $qop, $response
77+
);
78+
}
79+
}

0 commit comments

Comments
 (0)
0