Fix the previously broken test

be-heiglandreas · be-heiglandreas · commit ab816ccf9d56 · 2022-06-24T09:53:59.000+02:00
This commit adds a fix to the test that was introduced before and that
broke the build.

When a custom TokenVerifier is used, the provided token might not be
the same as the expected token. But the provided token will later be
added to the Cookie which results in a broken cookie.

By replacing the provided token with the actually expected one from the
persistence layer this is fixed.

This will still not solve concurrency issues where two parallel
requests with any token will currently result in two different tokens
being created for the same family but that is something else that needs
to be discussed first.
diff --git a/src/Symfony/Component/Security/Http/RememberMe/PersistentRememberMeHandler.php b/src/Symfony/Component/Security/Http/RememberMe/PersistentRememberMeHandler.php
@@ -75,6 +75,7 @@ public function processRememberMe(RememberMeDetails $rememberMeDetails, UserInte
 
         if ($this->tokenVerifier) {
             $isTokenValid = $this->tokenVerifier->verifyToken($persistentToken, $tokenValue);
+            $tokenValue = $persistentToken->getTokenValue();
         } else {
             $isTokenValid = hash_equals($persistentToken->getTokenValue(), $tokenValue);
         }

Original file line number	Diff line number	Diff line change
`@@ -75,6 +75,7 @@ public function processRememberMe(RememberMeDetails $rememberMeDetails, UserInte`
`75`	`75`
`76`	`76`	`if ($this->tokenVerifier) {`
`77`	`77`	`$isTokenValid = $this->tokenVerifier->verifyToken($persistentToken, $tokenValue);`
	`78`	`+ $tokenValue = $persistentToken->getTokenValue();`
`78`	`79`	`} else {`
`79`	`80`	`$isTokenValid = hash_equals($persistentToken->getTokenValue(), $tokenValue);`
`80`	`81`	`}`