8000 [Security] Fix valid remember-me token exposure to the second consequent request by zerkms · Pull Request #47488 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

[Security] Fix valid remember-me token exposure to the second consequent request #47488

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Sep 8, 2022
Merged

[Security] Fix valid remember-me token exposure to the second consequent request #47488

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files. 8000
Loading
Diff view
Diff view
Bug #42343 [Security] Fix valid remember-me token exposure to the sec… 
…ond consequent request

Close #42343
Fix #46760
8000
  • Loading branch information
Ivan Kurnosov committed Sep 5, 2022
commit 62ceded47ca4a581eefbe00c85387c6915a1f8e2
5 changes: 2 additions & 3 deletions src/Symfony/Component/Security/Http/RememberMe/PersistentRememberMeHandler.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,6 @@ public function processRememberMe(RememberMeDetails $rememberMeDetails, UserInte

if ($this->tokenVerifier) {
$isTokenValid = $this->tokenVerifier->verifyToken($persistentToken, $tokenValue);
$tokenValue = $persistentToken->getTokenValue();
} else {
$isTokenValid = hash_equals($persistentToken->getTokenValue(), $tokenValue);
}
Expand All @@ -96,9 +95,9 @@ public function processRememberMe(RememberMeDetails $rememberMeDetails, UserInte
$this->tokenVerifier->updateExistingToken($persistentToken, $tokenValue, $tokenLastUsed);
}
$this->tokenProvider->updateToken($series, $tokenValue, $tokenLastUsed);
}

$this->createCookie($rememberMeDetails->withValue($series.':'.$tokenValue));
$this->createCookie($rememberMeDetails->withValue($series.':'.$tokenValue));
}
}

/**
Expand Down
13 changes: 1 addition & 12 deletions src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentRememberMeHandlerTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,18 +125,7 @@ public function testConsumeRememberMeCookieValidByValidatorWithoutUpdate()
$rememberMeDetails = new RememberMeDetails(InMemoryUser::class, 'wouter', 360, 'series1:oldTokenValue');
$handler->consumeRememberMeCookie($rememberMeDetails);

// assert that the cookie has been updated with a new base64 encoded token value
$this->assertTrue($this->request->attributes->has(ResponseListener::COOKIE_ATTR_NAME));

/** @var Cookie $cookie */
$cookie = $this->request->attributes->get(ResponseListener::COOKIE_ATTR_NAME);

$cookieParts = explode(':', base64_decode($cookie->getValue()), 4);

$this->assertSame(InMemoryUser::class, $cookieParts[0]); // class
$this->assertSame(base64_encode('wouter'), $cookieParts[1]); // identifier
$this->assertSame('360', $cookieParts[2]); // expire
$this->assertSame('series1:tokenvalue', $cookieParts[3]); // value
$this->assertFalse($this->request->attributes->has(ResponseListener::COOKIE_ATTR_NAME));
}

public function testConsumeRememberMeCookieInvalidToken()
Expand Down
0