merged branch fabpot/avoid-session-creation (PR #6964)

fabpot · fabpot · commit 3e2ff71b7c24 · 2013-02-04T19:15:54.000+01:00
This PR was merged into the 2.1 branch. Commits ------- 8ca00c5 [Security] fixed session creation when none is needed (closes #6917) Discussion ---------- [Security] fixed session creation when none is needed (closes #6917) | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #6917 | License | MIT | Doc PR | n/a --------------------------------------------------------------------------- by drak at 2013-02-04T16:24:49Z That looks good. Maybe we need a test for this logic to prevent any regression in the future? --------------------------------------------------------------------------- by bendavies at 2013-02-04T16:30:38Z Yep, this was exactly what i tried locally, but really wasn't familiar enough with it to be confident enough to submit it as a fix. Works for me! --------------------------------------------------------------------------- by bendavies at 2013-02-04T17:19:32Z A few test failures which were added by the breaking PR #2414 in the first place. --------------------------------------------------------------------------- by fabpot at 2013-02-04T18:00:31Z I've fixed the tests which now really test that the session is not started.
diff --git a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
@@ -70,7 +70,6 @@ public function handle(GetResponseEvent $event)
         }
 
         $request = $event->getRequest();
-
         $session = $request->hasPreviousSession() ? $request->getSession() : null;
 
         if (null === $session || null === $token = $session->get('_security_'.$this->contextKey)) {
@@ -117,7 +116,10 @@ public function onKernelResponse(FilterResponseEvent $event)
             $this->logger->debug('Write SecurityContext in the session');
         }
 
-        if (null === $session = $event->getRequest()->getSession()) {
+        $request = $event->getRequest();
+        $session = $request->hasPreviousSession() ? $request->getSession() : null;
+
+        if (null === $session) {
             return;
         }
 
diff --git a/src/Symfony/Component/Security/Tests/Http/Firewall/ContextListenerTest.php b/src/Symfony/Component/Security/Tests/Http/Firewall/ContextListenerTest.php
@@ -82,36 +82,12 @@ public function testOnKernelResponseWillRemoveSession()
         $this->assertFalse($session->has('_security_session'));
     }
 
-    protected function runSessionOnKernelResponse($newToken, $original = null)
-    {
-        $session = new Session(new MockArraySessionStorage());
-
-        if ($original !== null) {
-            $session->set('_security_session', $original);
-        }
-
-        $this->securityContext->setToken($newToken);
-
-        $request = new Request();
-        $request->setSession($session);
-
-        $event = new FilterResponseEvent(
-            $this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface'),
-            $request,
-            HttpKernelInterface::MASTER_REQUEST,
-            new Response()
-        );
-
-        $listener = new ContextListener($this->securityContext, array(), 'session');
-        $listener->onKernelResponse($event);
-
-        return $session;
-    }
-
     public function testOnKernelResponseWithoutSession()
     {
         $this->securityContext->setToken(new UsernamePasswordToken('test1', 'pass1', 'phpunit'));
         $request = new Request();
+        $session = new Session(new MockArraySessionStorage());
+        $request->setSession($session);
 
         $event = new FilterResponseEvent(
             $this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface'),
@@ -123,7 +99,7 @@ public function testOnKernelResponseWithoutSession()
         $listener = new ContextListener($this->securityContext, array(), 'session');
         $listener->onKernelResponse($event);
 
-        $this->assertFalse($request->hasSession());
+        $this->assertFalse($session->isStarted());
     }
 
     /**
@@ -168,4 +144,30 @@ public function provideInvalidToken()
             array(null),
         );
     }
-}
+
+    protected function runSessionOnKernelResponse($newToken, $original = null)
+    {
+        $session = new Session(new MockArraySessionStorage());
+
+        if ($original !== null) {
+            $session->set('_security_session', $original);
+        }
+
+        $this->securityContext->setToken($newToken);
+
+        $request = new Request();
+        $request->setSession($session);
+        $request->cookies->set('MOCKSESSID', true);
+
+        $event = new FilterResponseEvent(
+            $this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface'),
+            $request,
+            HttpKernelInterface::MASTER_REQUEST,
+            new Response()
+        );
+
+        $listener = new ContextListener($this->securityContext, array(), 'session');
+        $listener->onKernelResponse($event);
+
+        return $session;
+    }}

Original file line number	Diff line number	Diff line change
`@@ -70,7 +70,6 @@ public function handle(GetResponseEvent $event)`
`70`	`70`	`}`
`71`	`71`
`72`	`72`	`$request = $event->getRequest();`
`73`		`-`
`74`	`73`	`$session = $request->hasPreviousSession() ? $request->getSession() : null;`
`75`	`74`
`76`	`75`	`if (null === $session \|\| null === $token = $session->get('_security_'.$this->contextKey)) {`
`@@ -117,7 +116,10 @@ public function onKernelResponse(FilterResponseEvent $event)`
`117`	`116`	`$this->logger->debug('Write SecurityContext in the session');`
`118`	`117`	`}`
`119`	`118`
`120`		`- if (null === $session = $event->getRequest()->getSession()) {`
	`119`	`+ $request = $event->getRequest();`
	`120`	`+ $session = $request->hasPreviousSession() ? $request->getSession() : null;`
	`121`	`+`
	`122`	`+ if (null === $session) {`
`121`	`123`	`return;`
`122`	`124`	`}`
`123`	`125`