From 3515793cb353cb30a260ac76b720288e23a1fefe Mon Sep 17 00:00:00 2001 From: Nicolas PHILIPPE Date: Wed, 19 Feb 2020 20:56:03 +0100 Subject: [PATCH] fix remember me --- .../Provider/RememberMeAuthenticationProvider.php | 7 +++++++ .../RememberMeAuthenticationProviderTest.php | 14 ++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/RememberMeAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/RememberMeAuthenticationProvider.php index d9a6883cf9a9..e1a22b79a8b3 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Provider/RememberMeAuthenticationProvider.php +++ b/src/Symfony/Component/Security/Core/Authentication/Provider/RememberMeAuthenticationProvider.php @@ -15,7 +15,9 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Exception\BadCredentialsException; +use Symfony\Component\Security\Core\Exception\LogicException; use Symfony\Component\Security\Core\User\UserCheckerInterface; +use Symfony\Component\Security\Core\User\UserInterface; class RememberMeAuthenticationProvider implements AuthenticationProviderInterface { @@ -49,6 +51,11 @@ public function authenticate(TokenInterface $token) } $user = $token->getUser(); + + if (!$token->getUser() instanceof UserInterface) { + throw new LogicException(sprintf('Method "%s::getUser()" must return a "%s" instance, "%s" returned.', \get_class($token), UserInterface::class, \is_object($user) ? \get_class($user) : \gettype($user))); + } + $this->userChecker->checkPreAuth($user); $this->userChecker->checkPostAuth($user); diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/RememberMeAuthenticationProviderTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/RememberMeAuthenticationProviderTest.php index 418cd77df4fc..ce0502269e01 100644 --- a/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/RememberMeAuthenticationProviderTest.php +++ b/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/RememberMeAuthenticationProviderTest.php @@ -13,8 +13,10 @@ use PHPUnit\Framework\TestCase; use Symfony\Component\Security\Core\Authentication\Provider\RememberMeAuthenticationProvider; +use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken; use Symfony\Component\Security\Core\Exception\DisabledException; use Symfony\Component\Security\Core\Role\Role; +use Symfony\Component\Security\Core\User\User; class RememberMeAuthenticationProviderTest extends TestCase { @@ -24,6 +26,7 @@ public function testSupports() $this->assertTrue($provider->supports($this->getSupportedToken())); $this->assertFalse($provider->supports($this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock())); + $this->assertFalse($provider->supports($this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\RememberMeToken')->disableOriginalConstructor()->getMock())); } public function testAuthenticateWhenTokenIsNotSupported() @@ -45,6 +48,17 @@ public function testAuthenticateWhenSecretsDoNotMatch() $provider->authenticate($token); } + public function testAuthenticateThrowsOnNonUserInterfaceInstance() + { + $this->expectException('Symfony\Component\Security\Core\Exception\LogicException'); + $this->expectExceptionMessage('Method "Symfony\Component\Security\Core\Authentication\Token\RememberMeToken::getUser()" must return a "Symfony\Component\Security\Core\User\UserInterface" instance, "string" returned.'); + + $provider = $this->getProvider(); + $token = new RememberMeToken(new User('dummyuser', null), 'foo', 'test'); + $token->setUser('stringish-user'); + $provider->authenticate($token); + } + public function testAuthenticateWhenPreChecksFails() { $this->expectException('Symfony\Component\Security\Core\Exception\DisabledException');