From 7e7e2bd006e802337ab56e47f4f4a6dda366c8fb Mon Sep 17 00:00:00 2001
From: Kevin van Sonsbeek <kevin_787@msn.com>
Date: Thu, 14 Jul 2022 22:04:00 +0200
Subject: [PATCH] [Validator] : Fix "PHP Warning: Undefined array key 1" in
 NotCompromisedPasswordValidator

---
 .../NotCompromisedPasswordValidator.php       |  4 +++
 .../NotCompromisedPasswordValidatorTest.php   | 31 +++++++++++++++++--
 2 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/src/Symfony/Component/Validator/Constraints/NotCompromisedPasswordValidator.php b/src/Symfony/Component/Validator/Constraints/NotCompromisedPasswordValidator.php
index efc770f001654..148253dd81f5e 100644
--- a/src/Symfony/Component/Validator/Constraints/NotCompromisedPasswordValidator.php
+++ b/src/Symfony/Component/Validator/Constraints/NotCompromisedPasswordValidator.php
@@ -91,6 +91,10 @@ public function validate($value, Constraint $constraint)
         }
 
         foreach (explode("\r\n", $result) as $line) {
+            if (!str_contains($line, ':')) {
+                continue;
+            }
+
             [$hashSuffix, $count] = explode(':', $line);
 
             if ($hashPrefix.$hashSuffix === $hash && $constraint->threshold <= (int) $count) {
diff --git a/src/Symfony/Component/Validator/Tests/Constraints/NotCompromisedPasswordValidatorTest.php b/src/Symfony/Component/Validator/Tests/Constraints/NotCompromisedPasswordValidatorTest.php
index bdc650beb7699..4209c45c771ec 100644
--- a/src/Symfony/Component/Validator/Tests/Constraints/NotCompromisedPasswordValidatorTest.php
+++ b/src/Symfony/Component/Validator/Tests/Constraints/NotCompromisedPasswordValidatorTest.php
@@ -165,6 +165,31 @@ public function testInvalidPasswordCustomEndpoint()
             ->assertRaised();
     }
 
+    public function testEndpointWithInvalidValueInReturn()
+    {
+        $returnValue = implode(
+            "\r\n",
+            [
+                '36039744C253F9B2A4E90CBEDB02EBFB82D:5',
+                'This should not break the validator',
+                '3686792BBC66A72D40D928ED15621124CFE:7',
+                '36EEC709091B810AA240179A44317ED415C:2',
+                '',
+            ]
+        );
+
+        $validator = new NotCompromisedPasswordValidator(
+            $this->createHttpClientStub($returnValue),
+            'UTF-8',
+            true,
+            'https://password-check.internal.example.com/range/%s'
+        );
+
+        $validator->validate(self::PASSWORD_NOT_LEAKED, new NotCompromisedPassword());
+
+        $this->assertNoViolation();
+    }
+
     public function testInvalidConstraint()
     {
         $this->expectException(UnexpectedTypeException::class);
@@ -202,11 +227,11 @@ public function provideErrorSkippingConstraints(): iterable
         }
     }
 
-    private function createHttpClientStub(): HttpClientInterface
+    private function createHttpClientStub(?string $returnValue = null): HttpClientInterface
     {
         $httpClientStub = $this->createMock(HttpClientInterface::class);
         $httpClientStub->method('request')->willReturnCallback(
-            function (string $method, string $url): ResponseInterface {
+            function (string $method, string $url) use ($returnValue): ResponseInterface {
                 if (self::PASSWORD_TRIGGERING_AN_ERROR_RANGE_URL === $url) {
                     throw new class('Problem contacting the Have I been Pwned API.') extends \Exception implements ServerExceptionInterface {
                         public function getResponse(): ResponseInterface
@@ -219,7 +244,7 @@ public function getResponse(): ResponseInterface
                 $responseStub = $this->createMock(ResponseInterface::class);
                 $responseStub
                     ->method('getContent')
-                    ->willReturn(implode("\r\n", self::RETURN));
+                    ->willReturn($returnValue ?? implode("\r\n", self::RETURN));
 
                 return $responseStub;
             }