From 0e07df2e962f902f498a5660a303fa494d07d04f Mon Sep 17 00:00:00 2001 From: Klaas Cuvelier Date: Tue, 28 Apr 2015 09:07:44 +0200 Subject: [PATCH 01/13] Add remember me cookie configuration --- .../Http/RememberMe/AbstractRememberMeServices.php | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php index 51eddb6206501..d0e56d0539d58 100644 --- a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php +++ b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php @@ -293,7 +293,18 @@ protected function cancelCookie(Request $request) $this->logger->debug(sprintf('Clearing remember-me cookie "%s"', $this->options['name'])); } - $request->attributes->set(self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], null, 1, $this->options['path'], $this->options['domain'], $this->options['secure'], $this->options['httponly'])); + // Hard coded the default values for secure and http only, would be better if those where constants + $request->attributes->set( + self::COOKIE_ATTR_NAME, + new Cookie($this->options['name'], + null, + 1, + $this->options['path'], + $this->options['domain'], + isset($this->options['secure']) ? $this->options['secure'] : false, + isset($this->options['httponly']) ? $this->options['httponly'] : true + ) + ); } /** From a91ba3825365025362c1272014a171d1ba475c57 Mon Sep 17 00:00:00 2001 From: Klaas Cuvelier Date: Tue, 22 Sep 2015 14:29:24 +0200 Subject: [PATCH 02/13] Update comment --- .../Security/Http/RememberMe/AbstractRememberMeServices.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php index d0e56d0539d58..f69c772e913a3 100644 --- a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php +++ b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php @@ -293,7 +293,7 @@ protected function cancelCookie(Request $request) $this->logger->debug(sprintf('Clearing remember-me cookie "%s"', $this->options['name'])); } - // Hard coded the default values for secure and http only, would be better if those where constants + // Hard coded the default values for secure and http only, would be better if these where constants $request->attributes->set( self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], From d1247b6877c51d87398e38f460fa9c075b099f6e Mon Sep 17 00:00:00 2001 From: Klaas Cuvelier Date: Wed, 23 Sep 2015 15:09:43 +0200 Subject: [PATCH 03/13] Add test --- .../Tests/Http/RememberMe/AbstractRememberMeServicesTest.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/Symfony/Component/Security/Tests/Http/RememberMe/AbstractRememberMeServicesTest.php b/src/Symfony/Component/Security/Tests/Http/RememberMe/AbstractRememberMeServicesTest.php index 9dbcf3f510b51..ba3079636b56a 100644 --- a/src/Symfony/Component/Security/Tests/Http/RememberMe/AbstractRememberMeServicesTest.php +++ b/src/Symfony/Component/Security/Tests/Http/RememberMe/AbstractRememberMeServicesTest.php @@ -91,11 +91,8 @@ public function testLogout(array $options) $request = new Request(); $response = new Response(); $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface'); - $service->logout($request, $response, $token); - $cookie = $request->attributes->get(RememberMeServicesInterface::COOKIE_ATTR_NAME); - $this->assertInstanceOf('Symfony\Component\HttpFoundation\Cookie', $cookie); $this->assertTrue($cookie->isCleared()); $this->assertSame($options['name'], $cookie->getName()); From 73d7fd94eaabe7dc227afcdc3b481bc4e62fe0a3 Mon Sep 17 00:00:00 2001 From: Klaas Cuvelier Date: Thu, 24 Sep 2015 11:21:03 +0200 Subject: [PATCH 04/13] Use array_merge to set default options --- .../Http/RememberMe/AbstractRememberMeServices.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php index f69c772e913a3..de93247a5e9f3 100644 --- a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php +++ b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php @@ -34,7 +34,10 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface const COOKIE_DELIMITER = ':'; protected $logger; - protected $options; + protected $options = array( + 'secure' => false, + 'httponly' => true + ); private $providerKey; private $key; private $userProviders; @@ -65,7 +68,7 @@ public function __construct(array $userProviders, $key, $providerKey, array $opt $this->userProviders = $userProviders; $this->key = $key; $this->providerKey = $providerKey; - $this->options = $options; + $this->options = array_merge($this->options, $options); $this->logger = $logger; } @@ -293,6 +296,7 @@ protected function cancelCookie(Request $request) $this->logger->debug(sprintf('Clearing remember-me cookie "%s"', $this->options['name'])); } + // Hard coded the default values for secure and http only, would be better if these where constants $request->attributes->set( self::COOKIE_ATTR_NAME, @@ -301,8 +305,8 @@ protected function cancelCookie(Request $request) 1, $this->options['path'], $this->options['domain'], - isset($this->options['secure']) ? $this->options['secure'] : false, - isset($this->options['httponly']) ? $this->options['httponly'] : true + $this->options['secure'], + $this->options['httponly'] ) ); } From 038b3208e3954454a246f04d37059bfcf8f0e5de Mon Sep 17 00:00:00 2001 From: Klaas Cuvelier Date: Thu, 24 Sep 2015 11:26:23 +0200 Subject: [PATCH 05/13] Fix coding standards + remove comment --- .../Security/Http/RememberMe/AbstractRememberMeServices.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php index de93247a5e9f3..ddd3e58178c82 100644 --- a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php +++ b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php @@ -36,7 +36,7 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface protected $logger; protected $options = array( 'secure' => false, - 'httponly' => true + 'httponly' => true, ); private $providerKey; private $key; @@ -296,8 +296,6 @@ protected function cancelCookie(Request $request) $this->logger->debug(sprintf('Clearing remember-me cookie "%s"', $this->options['name'])); } - - // Hard coded the default values for secure and http only, would be better if these where constants $request->attributes->set( self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], From be14083a8ba4b265e6aede8686a1d166673e6f94 Mon Sep 17 00:00:00 2001 From: Klaas Cuvelier Date: Tue, 28 Apr 2015 09:07:44 +0200 Subject: [PATCH 06/13] Add remember me cookie configuration --- .../Security/Http/RememberMe/AbstractRememberMeServices.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php index ddd3e58178c82..c68bc4dbd8de7 100644 --- a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php +++ b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php @@ -296,6 +296,7 @@ protected function cancelCookie(Request $request) $this->logger->debug(sprintf('Clearing remember-me cookie "%s"', $this->options['name'])); } + // Hard coded the default values for secure and http only, would be better if those where constants $request->attributes->set( self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], @@ -303,8 +304,8 @@ protected function cancelCookie(Request $request) 1, $this->options['path'], $this->options['domain'], - $this->options['secure'], - $this->options['httponly'] + isset($this->options['secure']) ? $this->options['secure'] : false, + isset($this->options['httponly']) ? $this->options['httponly'] : true ) ); } From 66d5a77ee0e5be396d2b263637e70c40b0d50fbc Mon Sep 17 00:00:00 2001 From: Klaas Cuvelier Date: Tue, 22 Sep 2015 14:29:24 +0200 Subject: [PATCH 07/13] Update comment --- .../Security/Http/RememberMe/AbstractRememberMeServices.php | 1 - 1 file changed, 1 deletion(-) diff --git a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php index c68bc4dbd8de7..e02abae1fe1fd 100644 --- a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php +++ b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php @@ -296,7 +296,6 @@ protected function cancelCookie(Request $request) $this->logger->debug(sprintf('Clearing remember-me cookie "%s"', $this->options['name'])); } - // Hard coded the default values for secure and http only, would be better if those where constants $request->attributes->set( self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], From 378313a6c7b7ee63a59eaba882575a10e3a21c6c Mon Sep 17 00:00:00 2001 From: Klaas Cuvelier Date: Wed, 23 Sep 2015 15:09:43 +0200 Subject: [PATCH 08/13] Add test --- .../Security/Http/RememberMe/AbstractRememberMeServices.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php index e02abae1fe1fd..c2cc932d94cf9 100644 --- a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php +++ b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php @@ -296,6 +296,8 @@ protected function cancelCookie(Request $request) $this->logger->debug(sprintf('Clearing remember-me cookie "%s"', $this->options['name'])); } + + $request->attributes->set( self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], From 629f129ec61644fa2960c4586bfa0ee7793bb0e5 Mon Sep 17 00:00:00 2001 From: Klaas Cuvelier Date: Thu, 24 Sep 2015 11:21:03 +0200 Subject: [PATCH 09/13] Use array_merge to set default options --- .../Security/Http/RememberMe/AbstractRememberMeServices.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php index c2cc932d94cf9..7763e10280e2a 100644 --- a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php +++ b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php @@ -297,7 +297,6 @@ protected function cancelCookie(Request $request) } - $request->attributes->set( self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], @@ -305,8 +304,8 @@ protected function cancelCookie(Request $request) 1, $this->options['path'], $this->options['domain'], - isset($this->options['secure']) ? $this->options['secure'] : false, - isset($this->options['httponly']) ? $this->options['httponly'] : true + $this->options['secure'], + $this->options['httponly'] ) ); } From 7a7faad73f3cf258768071a0d3c516edb9e89034 Mon Sep 17 00:00:00 2001 From: Klaas Cuvelier Date: Tue, 6 Oct 2015 15:24:48 +0200 Subject: [PATCH 10/13] Apply code standard patch --- .../Security/Http/RememberMe/AbstractRememberMeServices.php | 1 - 1 file changed, 1 deletion(-) diff --git a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php index 7763e10280e2a..ddd3e58178c82 100644 --- a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php +++ b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php @@ -296,7 +296,6 @@ protected function cancelCookie(Request $request) $this->logger->debug(sprintf('Clearing remember-me cookie "%s"', $this->options['name'])); } - $request->attributes->set( self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], From 8ce2ffff67afb52fc0c2c75509397da884093555 Mon Sep 17 00:00:00 2001 From: Klaas Cuvelier Date: Tue, 6 Oct 2015 15:26:57 +0200 Subject: [PATCH 11/13] Remove default values --- .../Http/RememberMe/AbstractRememberMeServicesTest.php | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/Symfony/Component/Security/Tests/Http/RememberMe/AbstractRememberMeServicesTest.php b/src/Symfony/Component/Security/Tests/Http/RememberMe/AbstractRememberMeServicesTest.php index ba3079636b56a..c98b6b45b5a99 100644 --- a/src/Symfony/Component/Security/Tests/Http/RememberMe/AbstractRememberMeServicesTest.php +++ b/src/Symfony/Component/Security/Tests/Http/RememberMe/AbstractRememberMeServicesTest.php @@ -283,13 +283,6 @@ protected function getService($userProvider = null, $options = array(), $logger $userProvider = $this->getProvider(); } - if (!isset($options['secure'])) { - $options['secure'] = false; - } - if (!isset($options['httponly'])) { - $options['httponly'] = true; - } - return $this->getMockForAbstractClass('Symfony\Component\Security\Http\RememberMe\AbstractRememberMeServices', array( array($userProvider), 'fookey', 'fookey', $options, $logger, )); From 017d1288958af23bd6b08e5c00aabe1b9db5d63e Mon Sep 17 00:00:00 2001 From: Klaas Cuvelier Date: Tue, 6 Oct 2015 15:27:56 +0200 Subject: [PATCH 12/13] Revert to 1 line --- .../Http/RememberMe/AbstractRememberMeServices.php | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php index ddd3e58178c82..be22a1daffe0f 100644 --- a/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php +++ b/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php @@ -296,17 +296,7 @@ protected function cancelCookie(Request $request) $this->logger->debug(sprintf('Clearing remember-me cookie "%s"', $this->options['name'])); } - $request->attributes->set( - self::COOKIE_ATTR_NAME, - new Cookie($this->options['name'], - null, - 1, - $this->options['path'], - $this->options['domain'], - $this->options['secure'], - $this->options['httponly'] - ) - ); + $request->attributes->set(self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], null, 1, $this->options['path'], $this->options['domain'], $this->options['secure'], $this->options['httponly'])); } /** From 5d3d4351e166415d1ae104369ceb82bf0dd4bdad Mon Sep 17 00:00:00 2001 From: Klaas Cuvelier Date: Tue, 6 Oct 2015 15:43:39 +0200 Subject: [PATCH 13/13] Revert default values, as remember-me service has them --- .../PersistentTokenBasedRememberMeServicesTest.php | 7 ------- .../Http/RememberMe/TokenBasedRememberMeServicesTest.php | 7 ------- 2 files changed, 14 deletions(-) diff --git a/src/Symfony/Component/Security/Tests/Http/RememberMe/PersistentTokenBasedRememberMeServicesTest.php b/src/Symfony/Component/Security/Tests/Http/RememberMe/PersistentTokenBasedRememberMeServicesTest.php index fe64abcc71d73..61c3559abf470 100644 --- a/src/Symfony/Component/Security/Tests/Http/RememberMe/PersistentTokenBasedRememberMeServicesTest.php +++ b/src/Symfony/Component/Security/Tests/Http/RememberMe/PersistentTokenBasedRememberMeServicesTest.php @@ -313,13 +313,6 @@ protected function getService($userProvider = null, $options = array(), $logger $userProvider = $this->getProvider(); } - if (!isset($options['secure'])) { - $options['secure'] = false; - } - if (!isset($options['httponly'])) { - $options['httponly'] = true; - } - return new PersistentTokenBasedRememberMeServices(array($userProvider), 'fookey', 'fookey', $options, $logger, new SecureRandom(sys_get_temp_dir().'/_sf2.seed')); } diff --git a/src/Symfony/Component/Security/Tests/Http/RememberMe/TokenBasedRememberMeServicesTest.php b/src/Symfony/Component/Security/Tests/Http/RememberMe/TokenBasedRememberMeServicesTest.php index 929680dfa2d4a..b988c7dc0f4a9 100644 --- a/src/Symfony/Component/Security/Tests/Http/RememberMe/TokenBasedRememberMeServicesTest.php +++ b/src/Symfony/Component/Security/Tests/Http/RememberMe/TokenBasedRememberMeServicesTest.php @@ -266,13 +266,6 @@ protected function getService($userProvider = null, $options = array(), $logger $userProvider = $this->getProvider(); } - if (!isset($options['secure'])) { - $options['secure'] = false; - } - if (!isset($options['httponly'])) { - $options['httponly'] = true; - } - $service = new TokenBasedRememberMeServices(array($userProvider), 'fookey', 'fookey', $options, $logger); return $service;