8000 [Security] Use SessionAuthenticationStrategy on RememberMe login · symfony/symfony@795c8b3 · GitHub
[go: up one dir, main page]

Skip to content

Commit 795c8b3

Browse files
s12vfabpot
authored andcommitted
[Security] Use SessionAuthenticationStrategy on RememberMe login
Regenerate session ID with default session strategy
1 parent 7e848fb commit 795c8b3

File tree

3 files changed

+89
-10
lines changed

3 files changed

+89
-10
lines changed

src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.xml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@
2525
<argument type="service" id="logger" on-invalid="null" />
2626
<argument type="service" id="event_dispatcher" on-invalid="null"/>
2727
<argument /> <!-- Catch exception flag set in RememberMeFactory -->
28+
<argument type="service" id="security.authentication.session_strategy" />
2829
</service>
2930

3031
<service id="security.authentication.provider.rememberme" class="%security.authentication.provider.rememberme.class%" abstract="true" public="false">

src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php

Lines changed: 14 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020
use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
2121
use Symfony\Component\Security\Http\SecurityEvents;
2222
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
23+
use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
2324

2425
/**
2526
* RememberMeListener implements authentication capabilities via a cookie.
@@ -34,25 +35,28 @@ class RememberMeListener implements ListenerInterface
3435
private $logger;
3536
private $dispatcher;
3637
private $catchExceptions = true;
38+
private $sessionStrategy;
3739

3840
/**
3941
* Constructor.
4042
*
41-
* @param TokenStorageInterface $tokenStorage
42-
* @param RememberMeServicesInterface $rememberMeServices
43-
* @param AuthenticationManagerInterface $authenticationManager
44-
* @param LoggerInterface $logger
45-
* @param EventDispatcherInterface $dispatcher
46-
* @param bool $catchExceptions
43+
* @param TokenStorageInterface $tokenStorage
44+
* @param RememberMeServicesInterface $rememberMeServices
45+
* @param AuthenticationManagerInterface $authenticationManager
46+
* @param LoggerInterface $logger
47+
* @param EventDispatcherInterface $dispatcher
48+
* @param bool $catchExceptions
49+
* @param SessionAuthenticationStrategyInterface $sessionStrategy
4750
*/
48-
public function __construct(TokenStorageInterface $tokenStorage, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $catchExceptions = true)
51+
public function __construct(TokenStorageInterface $tokenStorage, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $catchExceptions = true, SessionAuthenticationStrategyInterface $sessionStrategy = null)
4952
{
5053
$this->tokenStorage = $tokenStorage;
5154
$this->rememberMeServices = $rememberMeServices;
5255
$this->authenticationManager = $authenticationManager;
5356
$this->logger = $logger;
5457
$this->dispatcher = $dispatcher;
5558
$this->catchExceptions = $catchExceptions;
59+
$this->sessionStrategy = $sessionStrategy;
5660
}
5761

5862
/**
@@ -73,6 +77,9 @@ public function handle(GetResponseEvent $event)
7377

7478
try {
7579
$token = $this->authenticationManager->authenticate($token);
80+
if (null !== $this->sessionStrategy && $request->hasSession() && $request->getSession()->isStarted()) {
81+
$this->sessionStrategy->onAuthentication($request, $token);
82+
}
7683
$this->tokenStorage->setToken($token);
7784

7885
if (null !== $this->dispatcher) {

src/Symfony/Component/Security/Http/Tests/Firewall/RememberMeListenerTest.php

Lines changed: 74 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -181,6 +181,71 @@ public function testOnCoreSecurity()
181181
$listener->handle($event);
182182
}
183183

184+
public function testSessionStrategy()
185+
{
186+
list($listener, $tokenStorage, $service, $manager, , $dispatcher, $sessionStrategy) = $this->getListener(false, true, true);
187+
188+
$tokenStorage
189+
->expects($this->once())
190+
->method('getToken')
191+
->will($this->returnValue(null))
192+
;
193+
194+
$token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
195+
$service
196+
->expects($this->once())
197+
->method('autoLogin')
198+
->will($this->returnValue($token))
199+
;
200+
201+
$tokenStorage
202+
->expects($this->once())
203+
->method('setToken')
204+
->with($this->equalTo($token))
205+
;
206+
207+
$manager
208+
->expects($this->once())
209+
->method('authenticate')
210+
->will($this->returnValue($token))
211+
;
212+
213+
$session = $this->getMock('\Symfony\Component\HttpFoundation\Session\SessionInterface');
214+
$session
215+
->expects($this->once())
216+
->method('isStarted')
217+
->will($this->returnValue(true))
218+
;
219+
220+
$request = $this->getMock('\Symfony\Component\HttpFoundation\Request');
221+
$request
222+
->expects($this->once())
223+
->method('hasSession')
224+
->will($this->returnValue(true))
225+
;
226+
227+
$request
228+
->expects($this->once())
229+
->method('getSession')
230+
->will($this->returnValue($session))
231+
;
232+
233+
$event = $this->getGetResponseEvent();
234+
$event
235+
->expects($this->once())
236+
->method('getRequest')
237+
->will($this->returnValue($request))
238+
;
239+
240+
$sessionStrategy
241+
->expects($this->once())
242+
->method('onAuthentication')
243+
->will($this->returnValue(null))
244+
;
245+
246+
$listener->handle($event);
247+
}
248+
184249
public function testOnCoreSecurityInteractiveLoginEventIsDispatchedIfDispatcherIsPresent()
185250
{
186251
list($listener, $tokenStorage, $service, $manager, , $dispatcher) = $this->getListener(true);
@@ -240,18 +305,19 @@ protected function getFilterResponseEvent()
240305
return $this->getMock('Symfony\Component\HttpKernel\Event\FilterResponseEvent', array(), array(), '', false);
241306
}
242307

243-
protected function getListener($withDispatcher = false, $catchExceptions = true)
308+
protected function getListener($withDispatcher = false, $catchExceptions = true, $withSessionStrategy = false)
244309
{
245310
$listener = new RememberMeListener(
246311
$tokenStorage = $this->getTokenStorage(),
247312
$service = $this->getService(),
248313
$manager = $this->getManager(),
249314
$logger = $this->getLogger(),
250315
$dispatcher = ($withDispatcher ? $this->getDispatcher() : null),
251-
$catchExceptions
316+
$catchExceptions,
317+
$sessionStrategy = ($withSessionStrategy ? $this->getSessionStrategy() : null)
252318
);
253319

254-
return array($listener, $tokenStorage, $service, $manager, $logger, $dispatcher);
320+
return array($listener, $tokenStorage, $service, $manager, $logger, $dispatcher, $sessionStrategy);
255321
}
256322

257323
protected function getLogger()
@@ -278,4 +344,9 @@ protected function getDispatcher()
278344
{
279345
return $this->getMock('Symfony\Component\EventDispatcher\EventDispatcherInterface');
280346
}
347+
348+
private function getSessionStrategy()
349+
{
350+
return $this->getMock('\Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface');
351+
}
281352
}

0 commit comments

Comments
 (0)
0