8000 minor #30044 [Security] Fix serialization workaround in CustomUserMes… · symfony/symfony@11dc73d · GitHub
[go: up one dir, main page]
Skip to content

Commit 11dc73d

Browse files
nicolas-grekasnicolas-grekas
committed
minor #30044 [Security] Fix serialization workaround in CustomUserMessageAuthenticationException (renanbr)
This PR was merged into the 3.4 branch. Discussion ---------- [Security] Fix serialization workaround in CustomUserMessageAuthenticationException | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | m/a Commits ------- 542e9e2 fix serialization workaround in CustomUserMessageAuthenticationException
2 parents 46edcee + 542e9e2 commit 11dc73d

File tree

2 files changed

+30
-1
lines changed

2 files changed

+30
-1
lines changed

src/Symfony/Component/Security/Core/Exception/CustomUserMessageAuthenticationException.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ public function getMessageData()
6060
*/
6161
public function serialize()
6262
{
63-
return serialize([parent::serialize(true), $this->messageKey, $this->messageData]);
63+
$serialized = [parent::serialize(true), $this->messageKey, $this->messageData];
6464

6565
return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
6666
}

src/Symfony/Component/Security/Core/Tests/Exception/CustomUserMessageAuthenticationExceptionTest.php

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,21 @@
1515
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
1616
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
1717

18+
class ChildCustomUserMessageAuthenticationException extends CustomUserMessageAuthenticationException
19+
{
20+
public function serialize()
21+
{
22+
return serialize([$this->childMember, parent::serialize()]);
23+
}
24+
25+
public function unserialize($str)
26+
{
27+
list($this->childMember, $parentData) = unserialize($str);
28+
29+
parent::unserialize($parentData);
30+
}
31+
}
32+
1833
class CustomUserMessageAuthenticationExceptionTest extends TestCase
1934
{
2035
public function testConstructWithSAfeMessage()
@@ -39,4 +54,18 @@ public function testSharedSerializedData()
3954
$this->assertEquals($token, $processed->getMessageData()['token']);
4055
$this->assertSame($processed->getToken(), $processed->getMessageData()['token']);
4156
}
57+
58+
public function testSharedSerializedDataFromChild()
59+
{
60+
$token = new AnonymousToken('foo', 'bar');
61+
62+
$exception = new ChildCustomUserMessageAuthenticationException();
63+
$exception->childMember = $token;
64+
$exception->setToken($token);
65+
66+
$processed = unserialize(serialize($exception));
67+
$this->assertEquals($token, $processed->childMember);
68+
$this->assertEquals($token, $processed->getToken());
69+
$this->assertSame($processed->getToken(), $processed->childMember);
70+
}
4271
}

0 commit comments

Comments
 (0)
0