From a978c54d3e26a18c449b15b8df66e71055587e36 Mon Sep 17 00:00:00 2001 From: Laurent VOULLEMIER Date: Tue, 16 Jun 2020 23:14:19 +0200 Subject: [PATCH] [Security] Fix infinite loop when token storage has no token --- .../Security/Http/Firewall/AccessListener.php | 8 +-- .../Tests/Firewall/AccessListenerTest.php | 62 ++++++++++++++----- 2 files changed, 52 insertions(+), 18 deletions(-) diff --git a/src/Symfony/Component/Security/Http/Firewall/AccessListener.php b/src/Symfony/Component/Security/Http/Firewall/AccessListener.php index e285a249f3713..28062c5581c9e 100644 --- a/src/Symfony/Component/Security/Http/Firewall/AccessListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/AccessListener.php @@ -47,10 +47,6 @@ public function __construct(TokenStorageInterface $tokenStorage, AccessDecisionM */ public function handle(GetResponseEvent $event) { - if (null === $token = $this->tokenStorage->getToken()) { - throw new AuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.'); - } - $request = $event->getRequest(); list($attributes) = $this->map->getPatterns($request); @@ -59,6 +55,10 @@ public function handle(GetResponseEvent $event) return; } + if (null === $token = $this->tokenStorage->getToken()) { + throw new AuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.'); + } + if (!$token->isAuthenticated()) { $token = $this->authManager->authenticate($token); $this->tokenStorage->setToken($token); diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/AccessListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/AccessListenerTest.php index c7f939e4c68e0..510f497f92b25 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/AccessListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/AccessListenerTest.php @@ -12,6 +12,14 @@ namespace Symfony\Component\Security\Http\Tests\Firewall; use PHPUnit\Framework\TestCase; +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\RequestMatcher; +use Symfony\Component\HttpKernel\Event\GetResponseEvent; +use Symfony\Component\HttpKernel\KernelInterface; +use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; +use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage; +use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface; +use Symfony\Component\Security\Http\AccessMap; use Symfony\Component\Security\Http\Firewall\AccessListener; class AccessListenerTest extends TestCase @@ -181,25 +189,51 @@ public function testHandleWhenThereIsNoAccessMapEntryMatchingTheRequest() $listener->handle($event); } - public function testHandleWhenTheSecurityTokenStorageHasNoToken() + public function testHandleWhenTheSecurityTokenStorageHasNoTokenAndOnAnAccessControlledPathShouldThrowException() { $this->expectException('Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException'); - $tokenStorage = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')->getMock(); - $tokenStorage - ->expects($this->any()) - ->method('getToken') - ->willReturn(null) - ; + $accessMap = new AccessMap(); + $accessMap->add(new RequestMatcher('/private'), ['ROLE_USER']); - $listener = new AccessListener( - $tokenStorage, - $this->getMockBuilder('Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface')->getMock(), - $this->getMockBuilder('Symfony\Component\Security\Http\AccessMapInterface')->getMock(), - $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface')->getMock() + $accessListener = new AccessListener( + $tokenStorage = new TokenStorage(), + $this->createMock(AccessDecisionManagerInterface::class), + $accessMap, + $this->createMock(AuthenticationManagerInterface::class) ); - $event = $this->getMockBuilder('Symfony\Component\HttpKernel\Event\GetResponseEvent')->disableOriginalConstructor()->getMock(); + $request = Request::create('/private/profile'); + $requestEvent = new GetResponseEvent( + $this->createMock(KernelInterface::class), + $request, + KernelInterface::MASTER_REQUEST + ); - $listener->handle($event); + $accessListener->handle($requestEvent); + } + + /** + * @doesNotPerformAssertions + */ + public function testHandleWhenTheSecurityTokenStorageHasNoTokenButOutOfAnAccessControlledPathShouldNotThrowException() + { + $accessMap = new AccessMap(); + $accessMap->add(new RequestMatcher('/private'), ['ROLE_USER']); + + $accessListener = new AccessListener( + $tokenStorage = new TokenStorage(), + $this->createMock(AccessDecisionManagerInterface::class), + $accessMap, + $this->createMock(AuthenticationManagerInterface::class) + ); + + $request = Request::create('/login'); + $requestEvent = new GetResponseEvent( + $this->createMock(KernelInterface::class), + $request, + KernelInterface::MASTER_REQUEST + ); + + $accessListener->handle($requestEvent); } } pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy