8000 bug #46948 [Validator] : Fix "PHP Warning: Undefined array key 1" in … · symfony/symfony@9eca550 · GitHub
[go: up one dir, main page]
Skip to content

Commit 9eca550

Browse files
chalasrchalasr
committed
bug #46948 [Validator] : Fix "PHP Warning: Undefined array key 1" in NotCompromisedPasswordValidator (KevinVanSonsbeek)
This PR was squashed before being merged into the 5.4 branch. Discussion ---------- [Validator] : Fix "PHP Warning: Undefined array key 1" in NotCompromisedPasswordValidator | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #46935 | License | MIT This PR is made based on #46935. With this approach the validator will still work if it ends up on a line that does not contain the exploding operator `:`. So other cases than just an empty string are caught with this. Commits ------- 7e7e2bd [Validator] : Fix "PHP Warning: Undefined array key 1" in NotCompromisedPasswordValidator
2 parents 550e4cc + 7e7e2bd commit 9eca550

File tree

2 files changed

+32
-3
lines changed

2 files changed

+32
-3
lines changed

src/Symfony/Component/Validator/Constraints/NotCompromisedPasswordValidator.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,10 @@ public function validate($value, Constraint $constraint)
9191
}
9292

9393
foreach (explode("\r\n", $result) as $line) {
94+
if (!str_contains($line, ':')) {
95+
continue;
96+
}
97+
9498
[$hashSuffix, $count] = explode(':', $line);
9599

96100
if ($hashPrefix.$hashSuffix === $hash && $constraint->threshold <= (int) $count) {

src/Symfony/Component/Validator/Tests/Constraints/NotCompromisedPasswordValidatorTest.php

Lines changed: 28 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -165,6 +165,31 @@ public function testInvalidPasswordCustomEndpoint()
165165
->assertRaised();
166166
}
167167

168+
public function testEndpointWithInvalidValueInReturn()
169+
{
170+
$returnValue = implode(
171+
"\r\n",
172+
[
173+
'36039744C253F9B2A4E90CBEDB02EBFB82D:5',
174+
'This should not break the validator',
175+
'3686792BBC66A72D40D928ED15621124CFE:7',
176+
'36EEC709091B810AA240179A44317ED415C:2',
177+
'',
178+
]
179+
);
180+
181+
$validator = new NotCompromisedPasswordValidator(
182+
$this->createHttpClientStub($returnValue),
183+
'UTF-8',
184+
true,
185+
'https://password-check.internal.example.com/range/%s'
186+
);
187+
188+
$validator->validate(self::PASSWORD_NOT_LEAKED, new NotCompromisedPassword());
189+
190+
$this->assertNoViolation();
191+
}
192+
168193
public function testInvalidConstraint()
169194
{
170195
$this->expectException(UnexpectedTypeException::class);
@@ -202,11 +227,11 @@ public function provideErrorSkippingConstraints(): iterable
202227
}
203228
}
204229

205-
private function createHttpClientStub(): HttpClientInterface
230+
private function createHttpClientStub(?string $returnValue = null): HttpClientInterface
206231
{
207232
$httpClientStub = $this->createMock(HttpClientInterface::class);
208233
$httpClientStub->method('request')->willReturnCallback(
209-
function (string $method, string $url): ResponseInterface {
234+
function (string $method, string $url) use ($returnValue): ResponseInterface {
210235
if (self::PASSWORD_TRIGGERING_AN_ERROR_RANGE_URL === $url) {
211236
throw new class('Problem contacting the Have I been Pwned API.') extends \Exception implements ServerExceptionInterface {
212237
public function getResponse(): ResponseInterface
@@ -219,7 +244,7 @@ public function getResponse(): ResponseInterface
219244
$responseStub = $this->createMock(ResponseInterface::class);
220245
$responseStub
221246
->method('getContent')
222-
->willReturn(implode("\r\n", self::RETURN));
247+
->willReturn($returnValue ?? implode("\r\n", self::RETURN));
223248

224249
return $responseStub;
225250
}

0 commit comments

Comments
 (0)
0