Skip to content

Commit 4460eb4

Browse files
chalasrchalasr
committed
bug #53509 [Security] Fix AuthenticationUtils::getLastUsername() returning null (alexandre-daubois)
This PR was merged into the 5.4 branch. Discussion ---------- [Security] Fix `AuthenticationUtils::getLastUsername()` returning null | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | Fix #53503 | License | MIT This can happen when the attribute is actually set with `null`. Covered the class while at it. Commits ------- 2e52b06 [Security] Fix `AuthenticationUtils::getLastUsername()` returning null
2 parents 766676f + 2e52b06 commit 4460eb4

File tree

2 files changed

+123
-2
lines changed

2 files changed

+123
-2
lines changed

src/Symfony/Component/Security/Http/Authentication/AuthenticationUtils.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -59,10 +59,10 @@ public function getLastUsername()
5959
$request = $this->getRequest();
6060

6161
if ($request->attributes->has(Security::LAST_USERNAME)) {
62-
return $request->attributes->get(Security::LAST_USERNAME, '');
62+
return $request->attributes->get(Security::LAST_USERNAME) ?? '';
6363
}
6464

65-
return $request->hasSession() ? $request->getSession()->get(Security::LAST_USERNAME, '') : '';
65+
return $request->hasSession() ? ($request->getSession()->get(Security::LAST_USERNAME) ?? '') : '';
6666
}
6767

6868
/**

src/Symfony/Component/Security/Http/Tests/Authentication/AuthenticationUtilsTest.php

Lines changed: 121 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,121 @@
1+
<?php
2+
3+
/*
4+
* This file is part of the Symfony package.
5+
*
6+
* (c) Fabien Potencier <fabien@symfony.com>
7+
*
8+
* For the full copyright and license information, please view the LICENSE
9+
* file that was distributed with this source code.
10+
*/
11+
12+
namespace Symfony\Component\Security\Http\Tests\Authentication;
13+
14+
use PHPUnit\Framework\TestCase;
15+
use Symfony\Component\HttpFoundation\Request;
16+
use Symfony\Component\HttpFoundation\RequestStack;
17+
use Symfony\Component\HttpFoundation\Session\Session;
18+
use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage;
19+
use Symfony\Component\Security\Core\Security;
20+
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
21+
22+
class AuthenticationUtilsTest extends TestCase
23+
{
24+
public function testLastAuthenticationErrorWhenRequestHasAttribute()
25+
{
26+
$request = Request::create('/');
27+
$request->attributes->set(Security::AUTHENTICATION_ERROR, 'my error');
28+
29+
$requestStack = new RequestStack();
30+
$requestStack->push($request);
31+
32+
$utils = new AuthenticationUtils($requestStack);
33+
$this->assertSame('my error', $utils->getLastAuthenticationError());
34+
}
35+
36+
public function testLastAuthenticationErrorInSession()
37+
{
38+
$request = Request::create('/');
39+
40+
$session = new Session(new MockArraySessionStorage());
41+
$session->set(Security::AUTHENTICATION_ERROR, 'session error');
42+
$request->setSession($session);
43+
44+
$requestStack = new RequestStack();
45+
$requestStack->push($request);
46+
47+
$utils = new AuthenticationUtils($requestStack);
48+
$this->assertSame('session error', $utils->getLastAuthenticationError());
49+
$this->assertFalse($session->has(Security::AUTHENTICATION_ERROR));
50+
}
51+
52+
public function testLastAuthenticationErrorInSessionWithoutClearing()
53+
{
54+
$request = Request::create('/');
55+
56+
$session = new Session(new MockArraySessionStorage());
57+
$session->set(Security::AUTHENTICATION_ERROR, 'session error');
58+
$request->setSession($session);
59+
60+
$requestStack = new RequestStack();
61+
$requestStack->push($request);
62+
63+
$utils = new AuthenticationUtils($requestStack);
64+
$this->assertSame('session error', $utils->getLastAuthenticationError(false));
65+
$this->assertTrue($session->has(Security::AUTHENTICATION_ERROR));
66+
}
67+
68+
public function testLastUserNameIsDefinedButNull()
69+
{
70+
$request = Request::create('/');
71+
$request->attributes->set(Security::LAST_USERNAME, null);
72+
73+
$requestStack = new RequestStack();
74+
$requestStack->push($request);
75+
76+
$utils = new AuthenticationUtils($requestStack);
77+
$this->assertSame('', $utils->getLastUsername());
78+
}
79+
80+
public function testLastUserNameIsDefined()
81+
{
82+
$request = Request::create('/');
83+
$request->attributes->set(Security::LAST_USERNAME, 'user');
84+
85+
$requestStack = new RequestStack();
86+
$requestStack->push($request);
87+
88+
$utils = new AuthenticationUtils($requestStack);
89+
$this->assertSame('user', $utils->getLastUsername());
90+
}
91+
92+
public function testLastUserNameIsDefinedInSessionButNull()
93+
{
94+
$request = Request::create('/');
95+
96+
$session = new Session(new MockArraySessionStorage());
97+
$session->set(Security::LAST_USERNAME, null);
98+
$request->setSession($session);
99+
100+
$requestStack = new RequestStack();
101+
$requestStack->push($request);
102+
103+
$utils = new AuthenticationUtils($requestStack);
104+
$this->assertSame('', $utils->getLastUsername());
105+
}
106+
107+
public function testLastUserNameIsDefinedInSession()
108+
{
109+
$request = Request::create('/');
110+
111+
$session = new Session(new MockArraySessionStorage());
112+
$session->set(Security::LAST_USERNAME, 'user');
113+
$request->setSession($session);
114+
115+
$requestStack = new RequestStack();
116+
$requestStack->push($request);
117+
118+
$utils = new AuthenticationUtils($requestStack);
119+
$this->assertSame('user', $utils->getLastUsername());
120+
}
121+
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy