[Security] Fix AuthenticationUtils::getLastUsername() returning null

alexandre-daubois · Alexandre Daubois · commit 2e52b06810a2 · 2024-01-17T17:00:23.000+01:00
diff --git a/src/Symfony/Component/Security/Http/Authentication/AuthenticationUtils.php b/src/Symfony/Component/Security/Http/Authentication/AuthenticationUtils.php
@@ -59,10 +59,10 @@ public function getLastUsername()
         $request = $this->getRequest();
 
         if ($request->attributes->has(Security::LAST_USERNAME)) {
-            return $request->attributes->get(Security::LAST_USERNAME, '');
+            return $request->attributes->get(Security::LAST_USERNAME) ?? '';
         }
 
-        return $request->hasSession() ? $request->getSession()->get(Security::LAST_USERNAME, '') : '';
+        return $request->hasSession() ? ($request->getSession()->get(Security::LAST_USERNAME) ?? '') : '';
     }
 
     /**
diff --git a/src/Symfony/Component/Security/Http/Tests/Authentication/AuthenticationUtilsTest.php b/src/Symfony/Component/Security/Http/Tests/Authentication/AuthenticationUtilsTest.php
@@ -0,0 +1,121 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Http\Tests\Authentication;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\RequestStack;
+use Symfony\Component\HttpFoundation\Session\Session;
+use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage;
+use Symfony\Component\Security\Core\Security;
+use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
+
+class AuthenticationUtilsTest extends TestCase
+{
+    public function testLastAuthenticationErrorWhenRequestHasAttribute()
+    {
+        $request = Request::create('/');
+        $request->attributes->set(Security::AUTHENTICATION_ERROR, 'my error');
+
+        $requestStack = new RequestStack();
+        $requestStack->push($request);
+
+        $utils = new AuthenticationUtils($requestStack);
+        $this->assertSame('my error', $utils->getLastAuthenticationError());
+    }
+
+    public function testLastAuthenticationErrorInSession()
+    {
+        $request = Request::create('/');
+
+        $session = new Session(new MockArraySessionStorage());
+        $session->set(Security::AUTHENTICATION_ERROR, 'session error');
+        $request->setSession($session);
+
+        $requestStack = new RequestStack();
+        $requestStack->push($request);
+
+        $utils = new AuthenticationUtils($requestStack);
+        $this->assertSame('session error', $utils->getLastAuthenticationError());
+        $this->assertFalse($session->has(Security::AUTHENTICATION_ERROR));
+    }
+
+    public function testLastAuthenticationErrorInSessionWithoutClearing()
+    {
+        $request = Request::create('/');
+
+        $session = new Session(new MockArraySessionStorage());
+        $session->set(Security::AUTHENTICATION_ERROR, 'session error');
+        $request->setSession($session);
+
+        $requestStack = new RequestStack();
+        $requestStack->push($request);
+
+        $utils = new AuthenticationUtils($requestStack);
+        $this->assertSame('session error', $utils->getLastAuthenticationError(false));
+        $this->assertTrue($session->has(Security::AUTHENTICATION_ERROR));
+    }
+
+    public function testLastUserNameIsDefinedButNull()
+    {
+        $request = Request::create('/');
+        $request->attributes->set(Security::LAST_USERNAME, null);
+
+        $requestStack = new RequestStack();
+        $requestStack->push($request);
+
+        $utils = new AuthenticationUtils($requestStack);
+        $this->assertSame('', $utils->getLastUsername());
+    }
+
+    public function testLastUserNameIsDefined()
+    {
+        $request = Request::create('/');
+        $request->attributes->set(Security::LAST_USERNAME, 'user');
+
+        $requestStack = new RequestStack();
+        $requestStack->push($request);
+
+        $utils = new AuthenticationUtils($requestStack);
+        $this->assertSame('user', $utils->getLastUsername());
+    }
+
+    public function testLastUserNameIsDefinedInSessionButNull()
+    {
+        $request = Request::create('/');
+
+        $session = new Session(new MockArraySessionStorage());
+        $session->set(Security::LAST_USERNAME, null);
+        $request->setSession($session);
+
+        $requestStack = new RequestStack();
+        $requestStack->push($request);
+
+        $utils = new AuthenticationUtils($requestStack);
+        $this->assertSame('', $utils->getLastUsername());
+    }
+
+    public function testLastUserNameIsDefinedInSession()
+    {
+        $request = Request::create('/');
+
+        $session = new Session(new MockArraySessionStorage());
+        $session->set(Security::LAST_USERNAME, 'user');
+        $request->setSession($session);
+
+        $requestStack = new RequestStack();
+        $requestStack->push($request);
+
+        $utils = new AuthenticationUtils($requestStack);
+        $this->assertSame('user', $utils->getLastUsername());
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -59,10 +59,10 @@ public function getLastUsername()`
`59`	`59`	`$request = $this->getRequest();`
`60`	`60`
`61`	`61`	`if ($request->attributes->has(Security::LAST_USERNAME)) {`
`62`		`- return $request->attributes->get(Security::LAST_USERNAME, '');`
	`62`	`+ return $request->attributes->get(Security::LAST_USERNAME) ?? '';`
`63`	`63`	`}`
`64`	`64`
`65`		`- return $request->hasSession() ? $request->getSession()->get(Security::LAST_USERNAME, '') : '';`
	`65`	`+ return $request->hasSession() ? ($request->getSession()->get(Security::LAST_USERNAME) ?? '') : '';`
`66`	`66`	`}`
`67`	`67`
`68`	`68`	`/**`