Skip to content

Commit 9eca550

Browse files
chalasrchalasr
committed
bug #46948 [Validator] : Fix "PHP Warning: Undefined array key 1" in NotCompromisedPasswordValidator (KevinVanSonsbeek)
This PR was squashed before being merged into the 5.4 branch. Discussion ---------- [Validator] : Fix "PHP Warning: Undefined array key 1" in NotCompromisedPasswordValidator | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #46935 | License | MIT This PR is made based on #46935. With this approach the validator will still work if it ends up on a line that does not contain the exploding operator `:`. So other cases than just an empty string are caught with this. Commits ------- 7e7e2bd [Validator] : Fix "PHP Warning: Undefined array key 1" in NotCompromisedPasswordValidator
2 parents 550e4cc + 7e7e2bd commit 9eca550

File tree

2 files changed

+32
-3
lines changed

2 files changed

+32
-3
lines changed

src/Symfony/Component/Validator/Constraints/NotCompromisedPasswordValidator.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,10 @@ public function validate($value, Constraint $constraint)
9191
}
9292

9393
foreach (explode("\r\n", $result) as $line) {
94+
if (!str_contains($line, ':')) {
95+
continue;
96+
}
97+
9498
[$hashSuffix, $count] = explode(':', $line);
9599

96100
if ($hashPrefix.$hashSuffix === $hash && $constraint->threshold <= (int) $count) {

src/Symfony/Component/Validator/Tests/Constraints/NotCompromisedPasswordValidatorTest.php

Lines changed: 28 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -165,6 +165,31 @@ public function testInvalidPasswordCustomEndpoint()
165165
->assertRaised();
166166
}
167167

168+
public function testEndpointWithInvalidValueInReturn()
169+
{
170+
$returnValue = implode(
171+
"\r\n",
172+
[
173+
'36039744C253F9B2A4E90CBEDB02EBFB82D:5',
174+
'This should not break the validator',
175+
'3686792BBC66A72D40D928ED15621124CFE:7',
176+
'36EEC709091B810AA240179A44317ED415C:2',
177+
'',
178+
]
179+
);
180+
181+
$validator = new NotCompromisedPasswordValidator(
182+
$this->createHttpClientStub($returnValue),
183+
'UTF-8',
184+
true,
185+
'https://password-check.internal.example.com/range/%s'
186+
);
187+
188+
$validator->validate(self::PASSWORD_NOT_LEAKED, new NotCompromisedPassword());
189+
190+
$this->assertNoViolation();
191+
}
192+
168193
public function testInvalidConstraint()
169194
{
170195
$this->expectException(UnexpectedTypeException::class);
@@ -202,11 +227,11 @@ public function provideErrorSkippingConstraints(): iterable
202227
}
203228
}
204229

205-
private function createHttpClientStub(): HttpClientInterface
230+
private function createHttpClientStub(?string $returnValue = null): HttpClientInterface
206231
{
207232
$httpClientStub = $this->createMock(HttpClientInterface::class);
208233
$httpClientStub->method('request')->willReturnCallback(
209-
function (string $method, string $url): ResponseInterface {
234+
function (string $method, string $url) use ($returnValue): ResponseInterface {
210235
if (self::PASSWORD_TRIGGERING_AN_ERROR_RANGE_URL === $url) {
211236
throw new class('Problem contacting the Have I been Pwned API.') extends \Exception implements ServerExceptionInterface {
212237
public function getResponse(): ResponseInterface
@@ -219,7 +244,7 @@ public function getResponse(): ResponseInterface
219244
$responseStub = $this->createMock(ResponseInterface::class);
220245
$responseStub
221246
->method('getContent')
222-
->willReturn(implode("\r\n", self::RETURN));
247+
->willReturn($returnValue ?? implode("\r\n", self::RETURN));
223248

224249
return $responseStub;
225250
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy