Fix false-string handling in RememberMeAuthenticator

ossinkine · ossinkine · commit 925044465a98 · 2023-06-06T18:59:29.000+03:00
diff --git a/src/Symfony/Component/Security/Http/Authenticator/RememberMeAuthenticator.php b/src/Symfony/Component/Security/Http/Authenticator/RememberMeAuthenticator.php
@@ -85,7 +85,7 @@ public function supports(Request $request): ?bool
     public function authenticate(Request $request): PassportInterface
     {
         $rawCookie = $request->cookies->get($this->cookieName);
-        if (!$rawCookie) {
+        if (!is_string($rawCookie) || '' === $rawCookie) {
             throw new \LogicException('No remember-me cookie is found.');
         }
 
diff --git a/src/Symfony/Component/Security/Http/Tests/Authenticator/RememberMeAuthenticatorTest.php b/src/Symfony/Component/Security/Http/Tests/Authenticator/RememberMeAuthenticatorTest.php
@@ -61,6 +61,9 @@ public static function provideSupportsData()
         $request = Request::create('/', 'GET', [], ['_remember_me_cookie' => 'rememberme']);
         $request->attributes->set(ResponseListener::COOKIE_ATTR_NAME, new Cookie('_remember_me_cookie', null));
         yield [$request, false];
+
+        $request = Request::create('/', 'GET', [], ['_remember_me_cookie' => '0']);
+        yield [$request, null];
     }
 
     public function testAuthenticate()
@@ -97,4 +100,12 @@ public function testAuthenticateWithTokenWithoutDelimiter()
         $request = Request::create('/', 'GET', [], ['_remember_me_cookie' => 'invalid']);
         $this->authenticator->authenticate($request);
     }
+
+    public function testAuthenticateWithFalseToken()
+    {
+        $this->expectException(AuthenticationException::class);
+
+        $request = Request::create('/', 'GET', [], ['_remember_me_cookie' => '0']);
+        $this->authenticator->authenticate($request);
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -85,7 +85,7 @@ public function supports(Request $request): ?bool`
`85`	`85`	`public function authenticate(Request $request): PassportInterface`
`86`	`86`	`{`
`87`	`87`	`$rawCookie = $request->cookies->get($this->cookieName);`
`88`		`- if (!$rawCookie) {`
	`88`	`+ if (!is_string($rawCookie) \|\| '' === $rawCookie) {`
`89`	`89`	`throw new \LogicException('No remember-me cookie is found.');`
`90`	`90`	`}`
`91`	`91`