Merge branch '2.7' into 2.8

fabpot · fabpot · commit f971f4f5f2a7 · 2017-03-23T09:08:03.000-07:00
* 2.7: removed test that does not test anything fixed tests #21809 [SecurityBundle] bugfix: if security provider's name contains upper cases then container didn't compile [Validator] fix URL validator to detect non supported chars according to RFC 3986 [Security] Fixed roles serialization on token from user object
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -513,7 +513,7 @@ private function createUserProviders($config, ContainerBuilder $container)
     // Parses a <provider> tag and returns the id for the related user provider service
     private function createUserDaoProvider($name, $provider, ContainerBuilder $container)
     {
-        $name = $this->getUserProviderId(strtolower($name));
+        $name = $this->getUserProviderId($name);
 
         // Doctrine Entity and In-memory DAO provider are managed by factories
         foreach ($this->userProviderFactories as $factory) {
@@ -537,7 +537,7 @@ private function createUserDaoProvider($name, $provider, ContainerBuilder $conta
         if (isset($provider['chain'])) {
             $providers = array();
             foreach ($provider['chain']['providers'] as $providerName) {
-                $providers[] = new Reference($this->getUserProviderId(strtolower($providerName)));
+                $providers[] = new Reference($this->getUserProviderId($providerName));
             }
 
             $container
@@ -552,7 +552,7 @@ private function createUserDaoProvider($name, $provider, ContainerBuilder $conta
 
     private function getUserProviderId($name)
     {
-        return 'security.user.provider.concrete.'.$name;
+        return 'security.user.provider.concrete.'.strtolower($name);
     }
 
     private function createExceptionListener($container, $config, $id, $defaultEntryPoint, $stateless)
diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
@@ -150,7 +150,7 @@ public function serialize()
             array(
                 is_object($this->user) ? clone $this->user : $this->user,
                 $this->authenticated,
-                $this->roles,
+                array_map(function ($role) { return clone $role; }, $this->roles),
                 $this->attributes,
             )
         );
diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/UserAuthenticationProviderTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/UserAuthenticationProviderTest.php
@@ -221,7 +221,7 @@ public function testAuthenticateWithPreservingRoleSwitchUserRole()
         $this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', $authToken);
         $this->assertSame($user, $authToken->getUser());
         $this->assertContains(new Role('ROLE_FOO'), $authToken->getRoles(), '', false, false);
-        $this->assertContains($switchUserRole, $authToken->getRoles());
+        $this->assertContains($switchUserRole, $authToken->getRoles(), '', false, false);
         $this->assertEquals('foo', $authToken->getCredentials());
         $this->assertEquals(array('foo' => 'bar'), $authToken->getAttributes(), '->authenticate() copies token attributes');
     }
diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php
@@ -15,6 +15,7 @@
 use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
 use Symfony\Component\Security\Core\Role\Role;
 use Symfony\Component\Security\Core\Role\SwitchUserRole;
+use Symfony\Component\Security\Core\User\User;
 
 class TestUser
 {
@@ -89,7 +90,7 @@ public function testEraseCredentials()
 
     public function testSerialize()
     {
-        $token = $this->getToken(array('ROLE_FOO'));
+        $token = $this->getToken(array('ROLE_FOO', new Role('ROLE_BAR')));
         $token->setAttributes(array('foo' => 'bar'));
 
         $uToken = unserialize(serialize($token));
@@ -98,6 +99,19 @@ public function testSerialize()
         $this->assertEquals($token->getAttributes(), $uToken->getAttributes());
     }
 
+    public function testSerializeWithRoleObjects()
+    {
+        $user = new User('name', 'password', array(new Role('ROLE_FOO'), new Role('ROLE_BAR')));
+        $token = new ConcreteToken($user, $user->getRoles());
+
+        $serialized = serialize($token);
+        $unserialized = unserialize($serialized);
+
+        $roles = $unserialized->getRoles();
+
+        $this->assertEquals($roles, $user->getRoles());
+    }
+
     public function testSerializeParent()
     {
         $user = new TestUser('fabien');
diff --git a/src/Symfony/Component/Validator/Constraints/UrlValidator.php b/src/Symfony/Component/Validator/Constraints/UrlValidator.php
@@ -34,7 +34,9 @@ class UrlValidator extends ConstraintValidator
                 \]  # an IPv6 address
             )
             (:[0-9]+)?                              # a port (optional)
-            (/?|/\S+|\?\S*|\#\S*)                   # a /, nothing, a / with something, a query or a fragment
+            (?:/ (?:[\pL\pN\-._\~!$&\'()*+,;=:@]|%%[0-9A-Fa-f]{2})* )*      # a path
+            (?:\? (?:[\pL\pN\-._\~!$&\'()*+,;=:@/?]|%%[0-9A-Fa-f]{2})* )?   # a query (optional)
+            (?:\# (?:[\pL\pN\-._\~!$&\'()*+,;=:@/?]|%%[0-9A-Fa-f]{2})* )?   # a fragment (optional)
         $~ixu';
 
     /**
diff --git a/src/Symfony/Component/Validator/Tests/Constraints/UrlValidatorTest.php b/src/Symfony/Component/Validator/Tests/Constraints/UrlValidatorTest.php
@@ -128,6 +128,7 @@ public function getValidUrls()
             array('http://symfony.com#'),
             array('http://symfony.com#fragment'),
             array('http://symfony.com/#fragment'),
+            array('http://symfony.com/#one_more%20test'),
         );
     }
 
@@ -168,6 +169,9 @@ public function getInvalidUrls()
             array('http://:password@@symfony.com'),
             array('http://username:passwordsymfony.com'),
             array('http://usern@me:password@symfony.com'),
+            array('http://example.com/exploit.html?<script>alert(1);</script>'),
+            array('http://example.com/exploit.html?hel lo'),
+            array('http://example.com/exploit.html?not_a%hex'),
         );
     }
 

Original file line number	Diff line number	Diff line change
`@@ -513,7 +513,7 @@ private function createUserProviders($config, ContainerBuilder $container)`
`513`	`513`	`// Parses a <provider> tag and returns the id for the related user provider service`
`514`	`514`	`private function createUserDaoProvider($name, $provider, ContainerBuilder $container)`
`515`	`515`	`{`
`516`		`- $name = $this->getUserProviderId(strtolower($name));`
	`516`	`+ $name = $this->getUserProviderId($name);`
`517`	`517`
`518`	`518`	`// Doctrine Entity and In-memory DAO provider are managed by factories`
`519`	`519`	`foreach ($this->userProviderFactories as $factory) {`
`@@ -537,7 +537,7 @@ private function createUserDaoProvider($name, $provider, ContainerBuilder $conta`
`537`	`537`	`if (isset($provider['chain'])) {`
`538`	`538`	`$providers = array();`
`539`	`539`	`foreach ($provider['chain']['providers'] as $providerName) {`
`540`		`- $providers[] = new Reference($this->getUserProviderId(strtolower($providerName)));`
	`540`	`+ $providers[] = new Reference($this->getUserProviderId($providerName));`
`541`	`541`	`}`
`542`	`542`
`543`	`543`	`$container`
`@@ -552,7 +552,7 @@ private function createUserDaoProvider($name, $provider, ContainerBuilder $conta`
`552`	`552`
`553`	`553`	`private function getUserProviderId($name)`
`554`	`554`	`{`
`555`		`- return 'security.user.provider.concrete.'.$name;`
	`555`	`+ return 'security.user.provider.concrete.'.strtolower($name);`
`556`	`556`	`}`
`557`	`557`
`558`	`558`	`private function createExceptionListener($container, $config, $id, $defaultEntryPoint, $stateless)`
Original file line number	Diff line number	Diff line change
`@@ -150,7 +150,7 @@ public function serialize()`
`150`	`150`	`array(`
`151`	`151`	`is_object($this->user) ? clone $this->user : $this->user,`
`152`	`152`	`$this->authenticated,`
`153`		`- $this->roles,`
	`153`	`+ array_map(function ($role) { return clone $role; }, $this->roles),`
`154`	`154`	`$this->attributes,`
`155`	`155`	`)`
`156`	`156`	`);`
Original file line number	Diff line number	Diff line change
`@@ -221,7 +221,7 @@ public function testAuthenticateWithPreservingRoleSwitchUserRole()`
`221`	`221`	`$this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', $authToken);`
`222`	`222`	`$this->assertSame($user, $authToken->getUser());`
`223`	`223`	`$this->assertContains(new Role('ROLE_FOO'), $authToken->getRoles(), '', false, false);`
`224`		`- $this->assertContains($switchUserRole, $authToken->getRoles());`
	`224`	`+ $this->assertContains($switchUserRole, $authToken->getRoles(), '', false, false);`
`225`	`225`	`$this->assertEquals('foo', $authToken->getCredentials());`
`226`	`226`	`$this->assertEquals(array('foo' => 'bar'), $authToken->getAttributes(), '->authenticate() copies token attributes');`
`227`	`227`	`}`