Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Security] FormLoginAuthenticator fails when password is an array #51441

New issue
New issue
Closed
Closed
[Security] FormLoginAuthenticator fails when password is an array#51441
Labels
BugSecurityStatus: Needs Review
@dmaicher

Description

@dmaicher
dmaicher
opened on Aug 21, 2023

Symfony version(s) affected

5.4+

Description

Symfony\\Component\\Security\\Http\\Authenticator\\Passport\\Credentials\\PasswordCredentials::__construct(): Argument #1 ($password) must be of type string, array given, called in /var/www/app/vendor/symfony/security-http/Authenticator/FormLoginAuthenticator.php on line 85

How to reproduce

Post array data for the password to a form login

curl -X POST --data '_username=foo&_password[]=bar' http://app.dev/login_check

Possible Solution

I saw that for the username there is a check in place:

symfony/src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php

Line 126 in 6126caf

if (!\is_string($credentials['username']) && !$credentials['username'] instanceof \Stringable) {

Maybe we can do the same for the password? Happy to contribute this if it makes sense

Additional Context

Actually in dev mode there is another issue with the data collector:

TypeError:
rawurlencode(): Argument #1 ($string) must be of type string, array given

  at /var/www/app/vendor/symfony/http-kernel/DataCollector/RequestDataCollector.php:127

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugSecurityStatus: Needs Review

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions