[Security] Check for request's session before attempting writes.

dpb587 · dpb587 · commit ab9caa0a6186 · 2011-10-25T14:19:34.000-04:00
diff --git a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
@@ -97,7 +97,9 @@ public function onKernelResponse(FilterResponseEvent $event)
             $this->logger->debug('Write SecurityContext in the session');
         }
 
-        $session = $event->getRequest()->getSession();
+        if (null === $session = $event->getRequest()->getSession()) {
+            return;
+        }
 
         if ((null === $token = $this->context->getToken()) || ($token instanceof AnonymousToken)) {
             $session->remove('_security_'.$this->contextKey);
diff --git a/tests/Symfony/Tests/Component/Security/Http/Firewall/ContextListenerTest.php b/tests/Symfony/Tests/Component/Security/Http/Firewall/ContextListenerTest.php
@@ -14,6 +14,19 @@
 
 class ContextListenerTest extends \PHPUnit_Framework_TestCase
 {
+    protected function setUp()
+    {
+        $this->securityContext = new SecurityContext(
+            $this->getMock('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface'),
+            $this->getMock('Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface')
+        );
+    }
+
+    protected function tearDown()
+    {
+        unset($this->securityContext);
+    }
+
     public function testOnKernelResponseWillAddSession()
     {
         $session = $this->runSessionOnKernelResponse(
@@ -56,12 +69,7 @@ protected function runSessionOnKernelResponse($newToken, $original = null)
             $session->set('_security_session', $original);
         }
 
-
-        $securityContext = new SecurityContext(
-            $this->getMock('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface'),
-            $this->getMock('Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface')
-        );
-        $securityContext->setToken($newToken);
+        $this->securityContext->setToken($newToken);
 
         $request = new Request();
         $request->setSession($session);
@@ -73,9 +81,27 @@ protected function runSessionOnKernelResponse($newToken, $original = null)
             new Response()
         );
 
-        $listener = new ContextListener($securityContext, array(), 'session');
+        $listener = new ContextListener($this->securityContext, array(), 'session');
         $listener->onKernelResponse($event);
 
         return $session;
     }
+
+    public function testOnKernelResponseWithoutSession()
+    {
+        $this->securityContext->setToken(new UsernamePasswordToken('test1', 'pass1', 'phpunit'));
+        $request = new Request();
+
+        $event = new FilterResponseEvent(
+            $this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface'),
+            $request,
+            HttpKernelInterface::MASTER_REQUEST,
+            new Response()
+        );
+
+        $listener = new ContextListener($this->securityContext, array(), 'session');
+        $listener->onKernelResponse($event);
+
+        $this->assertFalse($request->hasSession());
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -97,7 +97,9 @@ public function onKernelResponse(FilterResponseEvent $event)`
`97`	`97`	`$this->logger->debug('Write SecurityContext in the session');`
`98`	`98`	`}`
`99`	`99`
`100`		`- $session = $event->getRequest()->getSession();`
	`100`	`+ if (null === $session = $event->getRequest()->getSession()) {`
	`101`	`+ return;`
	`102`	`+ }`
`101`	`103`
`102`	`104`	`if ((null === $token = $this->context->getToken()) \|\| ($token instanceof AnonymousToken)) {`
`103`	`105`	`$session->remove('_security_'.$this->contextKey);`