Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit b1520c2

Browse files
chalasrchalasr
committed
[Security] Centralize max username length enforcement
1 parent 097cb3c commit b1520c2

File tree

5 files changed

+9
-18
lines changed

5 files changed

+9
-18
lines changed

src/Symfony/Component/Security/Core/Security.php

+1-3
Original file line numberDiff line numberDiff line change
@@ -46,9 +46,7 @@ class Security implements AuthorizationCheckerInterface
4646
public const LAST_USERNAME = '_security.last_username';
4747

4848
/**
49-
* @deprecated since Symfony 6.2, use \Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface::MAX_USERNAME_LENGTH instead
50-
*
51-
* In 7.0, move this constant to the NewSecurityHelper class and make it reference AuthenticatorInterface:MAX_USERNAME_LENGTH.
49+
* @deprecated since Symfony 6.2, use \Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge::MAX_USERNAME_LENGTH instead
5250
*/
5351
public const MAX_USERNAME_LENGTH = 4096;
5452

src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php

-4
Original file line numberDiff line numberDiff line change
@@ -132,10 +132,6 @@ private function getCredentials(Request $request): array
132132

133133
$credentials['username'] = trim($credentials['username']);
134134

135-
if (\strlen($credentials['username']) > self::MAX_USERNAME_LENGTH) {
136-
throw new BadCredentialsException('Invalid username.');
137-
}
138-
139135
$request->getSession()->set(SecurityRequestAttributes::LAST_USERNAME, $credentials['username']);
140136

141137
return $credentials;

src/Symfony/Component/Security/Http/Authenticator/JsonLoginAuthenticator.php

-4
Original file line numberDiff line numberDiff line change
@@ -149,10 +149,6 @@ private function getCredentials(Request $request)
149149
if (!\is_string($credentials['username'])) {
150150
throw new BadRequestHttpException(sprintf('The key "%s" must be a string.', $this->options['username_path']));
151151
}
152-
153-
if (\strlen($credentials['username']) > self::MAX_USERNAME_LENGTH) {
154-
throw new BadCredentialsException('Invalid username.');
155-
}
156152
} catch (AccessException $e) {
157153
throw new BadRequestHttpException(sprintf('The key "%s" must be provided.', $this->options['username_path']), $e);
158154
}

src/Symfony/Component/Security/Http/Tests/Authenticator/FormLoginAuthenticatorTest.php

+4-4
Original file line numberDiff line numberDiff line change
@@ -19,10 +19,10 @@
1919
use Symfony\Component\Security\Core\User\InMemoryUserProvider;
2020
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
2121
use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
22-
use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
2322
use Symfony\Component\Security\Http\Authenticator\FormLoginAuthenticator;
2423
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\CsrfTokenBadge;
2524
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PasswordUpgradeBadge;
25+
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
2626
use Symfony\Component\Security\Http\HttpUtils;
2727
use Symfony\Component\Security\Http\Tests\Authenticator\Fixtures\PasswordUpgraderProvider;
2828

@@ -50,7 +50,7 @@ public function testHandleWhenUsernameLength($username, $ok)
5050
$this->expectNotToPerformAssertions();
5151
} else {
5252
$this->expectException(BadCredentialsException::class);
53-
$this->expectExceptionMessage('Invalid username.');
53+
$this->expectExceptionMessage('Username too long.');
5454
}
5555

5656
$request = Request::create('/login_check', 'POST', ['_username' => $username, '_password' => 's$cr$t']);
@@ -62,8 +62,8 @@ public function testHandleWhenUsernameLength($username, $ok)
6262

6363
public function provideUsernamesForLength()
6464
{
65-
yield [str_repeat('x', AuthenticatorInterface::MAX_USERNAME_LENGTH + 1), false];
66-
yield [str_repeat('x', AuthenticatorInterface::MAX_USERNAME_LENGTH - 1), true];
65+
yield [str_repeat('x', UserBadge::MAX_USERNAME_LENGTH + 1), false];
66+
yield [str_repeat('x', UserBadge::MAX_USERNAME_LENGTH - 1), true];
6767
}
6868

6969
/**

src/Symfony/Component/Security/Http/Tests/Authenticator/JsonLoginAuthenticatorTest.php

+4-3
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919
use Symfony\Component\Security\Core\User\InMemoryUserProvider;
2020
use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
2121
use Symfony\Component\Security\Http\Authenticator\JsonLoginAuthenticator;
22+
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
2223
use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
2324
use Symfony\Component\Security\Http\HttpUtils;
2425
use Symfony\Component\Translation\Loader\ArrayLoader;
@@ -121,9 +122,9 @@ public function provideInvalidAuthenticateData()
121122
$request = new Request([], [], [], [], [], ['HTTP_CONTENT_TYPE' => 'application/json'], '{"username": "dunglas", "password": 1}');
122123
yield [$request, 'The key "password" must be a string.'];
123124

124-
$username = str_repeat('x', AuthenticatorInterface::MAX_USERNAME_LENGTH + 1);
125-
$request = new Request([], [], [], [], [], ['HTTP_CONTENT_TYPE' => 'application/json'], sprintf('{"username": "%s", "password": 1}', $username));
126-
yield [$request, 'Invalid username.', BadCredentialsException::class];
125+
$username = str_repeat('x', UserBadge::MAX_USERNAME_LENGTH + 1);
126+
$request = new Request([], [], [], [], [], ['HTTP_CONTENT_TYPE' => 'application/json'], sprintf('{"username": "%s", "password": "foo"}', $username));
127+
yield [$request, 'Username too long.', BadCredentialsException::class];
127128
}
128129

129130
public function testAuthenticationFailureWithoutTranslator()

0 commit comments

Comments
 (0)