feature #60222 [FrameworkBundle][HttpFoundation] Add Clock support for UriSigner (kbond)

chalasr · chalasr · commit 904df780584e · 2025-04-18T00:07:27.000+02:00
This PR was merged into the 7.3 branch. Discussion ---------- [FrameworkBundle][HttpFoundation] Add Clock support for `UriSigner` | Q | A | ------------- | --- | Branch? | 7.3 | Bug fix? | no | New feature? | yes | Deprecations? | no | Issues | n/a | License | MIT Optionally adds the ability to inject a `ClockInterface` to `UriSigner` (mostly to help with testing). The framework-bundle wires this up if possible. Commits ------- 4566f3a [HttpFoundation][FrameworkBundle] clock support for `UriSigner`
diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/services.php b/src/Symfony/Bundle/FrameworkBundle/Resources/config/services.php
@@ -158,6 +158,9 @@ class_exists(WorkflowEvents::class) ? WorkflowEvents::ALIASES : []
         ->set('uri_signer', UriSigner::class)
             ->args([
                 new Parameter('kernel.secret'),
+                '_hash',
+                '_expiration',
+                service('clock')->nullOnInvalid(),
             ])
             ->lazy()
         ->alias(UriSigner::class, 'uri_signer')
diff --git a/src/Symfony/Component/HttpFoundation/CHANGELOG.md b/src/Symfony/Component/HttpFoundation/CHANGELOG.md
@@ -8,6 +8,7 @@ CHANGELOG
  * Add `EventStreamResponse` and `ServerEvent` classes to streamline server event streaming
  * Add support for `valkey:` / `valkeys:` schemes for sessions
  * `Request::getPreferredLanguage()` now favors a more preferred language above exactly matching a locale
+ * Allow `UriSigner` to use a `ClockInterface`
 
 7.2
 ---
diff --git a/src/Symfony/Component/HttpFoundation/Tests/UriSignerTest.php b/src/Symfony/Component/HttpFoundation/Tests/UriSignerTest.php
@@ -12,6 +12,7 @@
 namespace Symfony\Component\HttpFoundation\Tests;
 
 use PHPUnit\Framework\TestCase;
+use Symfony\Component\Clock\MockClock;
 use Symfony\Component\HttpFoundation\Exception\LogicException;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\UriSigner;
@@ -199,6 +200,29 @@ public function testCheckWithUriExpiration()
         $this->assertFalse($signer->check($relativeUriFromNow3));
     }
 
+    public function testCheckWithUriExpirationWithClock()
+    {
+        $clock = new MockClock();
+        $signer = new UriSigner('foobar', clock: $clock);
+
+        $this->assertFalse($signer->check($signer->sign('http://example.com/foo', new \DateTimeImmutable('2000-01-01 00:00:00'))));
+        $this->assertFalse($signer->check($signer->sign('http://example.com/foo?foo=bar', new \DateTimeImmutable('2000-01-01 00:00:00'))));
+        $this->assertFalse($signer->check($signer->sign('http://example.com/foo?foo=bar&0=integer', new \DateTimeImmutable('2000-01-01 00:00:00'))));
+
+        $this->assertFalse($signer->check($signer->sign('http://example.com/foo', 1577836800))); // 2000-01-01
+        $this->assertFalse($signer->check($signer->sign('http://example.com/foo?foo=bar', 1577836800))); // 2000-01-01
+        $this->assertFalse($signer->check($signer->sign('http://example.com/foo?foo=bar&0=integer', 1577836800))); // 2000-01-01
+
+        $relativeUriFromNow1 = $signer->sign('http://example.com/foo', new \DateInterval('PT3S'));
+        $relativeUriFromNow2 = $signer->sign('http://example.com/foo?foo=bar', new \DateInterval('PT3S'));
+        $relativeUriFromNow3 = $signer->sign('http://example.com/foo?foo=bar&0=integer', new \DateInterval('PT3S'));
+        $clock->sleep(10);
+
+        $this->assertFalse($signer->check($relativeUriFromNow1));
+        $this->assertFalse($signer->check($relativeUriFromNow2));
+        $this->assertFalse($signer->check($relativeUriFromNow3));
+    }
+
     public function testNonUrlSafeBase64()
     {
         $signer = new UriSigner('foobar');
diff --git a/src/Symfony/Component/HttpFoundation/UriSigner.php b/src/Symfony/Component/HttpFoundation/UriSigner.php
@@ -11,6 +11,7 @@
 
 namespace Symfony\Component\HttpFoundation;
 
+use Psr\Clock\ClockInterface;
 use Symfony\Component\HttpFoundation\Exception\LogicException;
 
 /**
@@ -26,6 +27,7 @@ public function __construct(
         #[\SensitiveParameter] private string $secret,
         private string $hashParameter = '_hash',
         private string $expirationParameter = '_expiration',
+        private ?ClockInterface $clock = null,
     ) {
         if (!$secret) {
             throw new \InvalidArgumentException('A non-empty secret is required.');
@@ -109,7 +111,7 @@ public function check(string $uri): bool
         }
 
         if ($expiration = $params[$this->expirationParameter] ?? false) {
-            return time() < $expiration;
+            return $this->now()->getTimestamp() < $expiration;
         }
 
         return true;
@@ -153,9 +155,14 @@ private function getExpirationTime(\DateTimeInterface|\DateInterval|int $expirat
         }
 
         if ($expiration instanceof \DateInterval) {
-            return \DateTimeImmutable::createFromFormat('U', time())->add($expiration)->format('U');
+            return $this->now()->add($expiration)->format('U');
         }
 
         return (string) $expiration;
     }
+
+    private function now(): \DateTimeImmutable
+    {
+        return $this->clock?->now() ?? \DateTimeImmutable::createFromFormat('U', time());
+    }
 }
diff --git a/src/Symfony/Component/HttpFoundation/composer.json b/src/Symfony/Component/HttpFoundation/composer.json
@@ -25,6 +25,7 @@
         "doctrine/dbal": "^3.6|^4",
         "predis/predis": "^1.1|^2.0",
         "symfony/cache": "^6.4.12|^7.1.5",
+        "symfony/clock": "^6.4|^7.0",
         "symfony/dependency-injection": "^6.4|^7.0",
         "symfony/http-kernel": "^6.4|^7.0",
         "symfony/mime": "^6.4|^7.0",

Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,7 @@`
`11`	`11`
`12`	`12`	`namespace Symfony\Component\HttpFoundation;`
`13`	`13`
	`14`	`+use Psr\Clock\ClockInterface;`
`14`	`15`	`use Symfony\Component\HttpFoundation\Exception\LogicException;`
`15`	`16`
`16`	`17`	`/**`
`@@ -26,6 +27,7 @@ public function __construct(`
`26`	`27`	`#[\SensitiveParameter] private string $secret,`
`27`	`28`	`private string $hashParameter = '_hash',`
`28`	`29`	`private string $expirationParameter = '_expiration',`
	`30`	`+ private ?ClockInterface $clock = null,`
`29`	`31`	`) {`
`30`	`32`	`if (!$secret) {`
`31`	`33`	`throw new \InvalidArgumentException('A non-empty secret is required.');`
`@@ -109,7 +111,7 @@ public function check(string $uri): bool`
`109`	`111`	`}`
`110`	`112`
`111`	`113`	`if ($expiration = $params[$this->expirationParameter] ?? false) {`
`112`		`- return time() < $expiratio 57AE n;`
	`114`	`+ return $this->now()->getTimestamp() < $expiration;`
`113`	`115`	`}`
`114`	`116`
`115`	`117`	`return true;`
`@@ -153,9 +155,14 @@ private function getExpirationTime(\DateTimeInterface\|\DateInterval\|int $expirat`
`153`	`155`	`}`
`154`	`156`
`155`	`157`	`if ($expiration instanceof \DateInterval) {`
`156`		`- return \DateTimeImmutable::createFromFormat('U', time())->add($expiration)->format('U');`
	`158`	`+ return $this->now()->add($expiration)->format('U');`
`157`	`159`	`}`
`158`	`160`
`159`	`161`	`return (string) $expiration;`
`160`	`162`	`}`
	`163`	`+`
	`164`	`+ private function now(): \DateTimeImmutable`
	`165`	`+ {`
	`166`	`+ return $this->clock?->now() ?? \DateTimeImmutable::createFromFormat('U', time());`
	`167`	`+ }`
`161`	`168`	`}`