Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit aa3637d

Browse files
chalasrchalasr
committed
bug #35792 [Security] Prevent TypeError in case RememberMetoken has no attached user (nikophil)
This PR was merged into the 3.4 branch. Discussion ---------- [Security] Prevent TypeError in case RememberMetoken has no attached user | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #33472 | License | MIT Commits ------- 3515793 fix remember me
2 parents 212841b + 3515793 commit aa3637d

File tree

2 files changed

+21
-0
lines changed

2 files changed

+21
-0
lines changed

src/Symfony/Component/Security/Core/Authentication/Provider/RememberMeAuthenticationProvider.php

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,9 @@
1515
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
1616
use Symfony\Component\Security\Core\Exception\AuthenticationException;
1717
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
18+
use Symfony\Component\Security\Core\Exception\LogicException;
1819
use Symfony\Component\Security\Core\User\UserCheckerInterface;
20+
use Symfony\Component\Security\Core\User\UserInterface;
1921

2022
class RememberMeAuthenticationProvider implements AuthenticationProviderInterface
2123
{
@@ -49,6 +51,11 @@ public function authenticate(TokenInterface $token)
4951
}
5052

5153
$user = $token->getUser();
54+
55+
if (!$token->getUser() instanceof UserInterface) {
56+
throw new LogicException(sprintf('Method "%s::getUser()" must return a "%s" instance, "%s" returned.', \get_class($token), UserInterface::class, \is_object($user) ? \get_class($user) : \gettype($user)));
57+
}
58+
5259
$this->userChecker->checkPreAuth($user);
5360
$this->userChecker->checkPostAuth($user);
5461

src/Symfony/Component/Security/Core/Tests/Authentication/Provider/RememberMeAuthenticationProviderTest.php

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,8 +13,10 @@
1313

1414
use PHPUnit\Framework\TestCase;
1515
use Symfony\Component\Security\Core\Authentication\Provider\RememberMeAuthenticationProvider;
16+
use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
1617
use Symfony\Component\Security\Core\Exception\DisabledException;
1718
use Symfony\Component\Security\Core\Role\Role;
19+
use Symfony\Component\Security\Core\User\User;
1820

1921
class RememberMeAuthenticationProviderTest extends TestCase
2022
{
@@ -24,6 +26,7 @@ public function testSupports()
2426

2527
$this->assertTrue($provider->supports($this->getSupportedToken()));
2628
$this->assertFalse($provider->supports($this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock()));
29+
$this->assertFalse($provider->supports($this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\RememberMeToken')->disableOriginalConstructor()->getMock()));
2730
}
2831

2932
public function testAuthenticateWhenTokenIsNotSupported()
@@ -45,6 +48,17 @@ public function testAuthenticateWhenSecretsDoNotMatch()
4548
$provider->authenticate($token);
4649
}
4750

51+
public function testAuthenticateThrowsOnNonUserInterfaceInstance()
52+
{
53+
$this->expectException('Symfony\Component\Security\Core\Exception\LogicException');
54+
$this->expectExceptionMessage('Method "Symfony\Component\Security\Core\Authentication\Token\RememberMeToken::getUser()" must return a "Symfony\Component\Security\Core\User\UserInterface" instance, "string" returned.');
55+
56+
$provider = $this->getProvider();
57+
$token = new RememberMeToken(new User('dummyuser', null), 'foo', 'test');
58+
$token->setUser('stringish-user');
59+
$provider->authenticate($token);
60+
}
61+
4862
public function testAuthenticateWhenPreChecksFails()
4963
{
5064
$this->expectException('Symfony\Component\Security\Core\Exception\DisabledException');

0 commit comments

Comments
 (0)