From a412f30e7786bc00cd0353800bd80824a772e010 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Deruss=C3=A9?= Date: Fri, 11 Mar 2022 09:39:49 +0100 Subject: [PATCH] [SecurityBundle] Use config's secret in remember-me signatures --- .../Security/Factory/RememberMeFactory.php | 7 ++- .../SecurityExtensionTest.php | 43 ++++++++++++++++++- 2 files changed, 48 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php index 0ecc6df4ef25..735b08744a0a 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php @@ -128,6 +128,7 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal $tokenVerifier = $this->createTokenVerifier($container, $firewallName, $config['token_verifier'] ?? null); $container->setDefinition($rememberMeHandlerId, new ChildDefinition('security.authenticator.persistent_remember_me_handler')) ->replaceArgument(0, new Reference($tokenProviderId)) + ->replaceArgument(1, $config['secret']) ->replaceArgument(2, new Reference($userProviderId)) ->replaceArgument(4, $config) ->replaceArgument(6, $tokenVerifier) @@ -136,6 +137,7 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal $signatureHasherId = 'security.authenticator.remember_me_signature_hasher.'.$firewallName; $container->setDefinition($signatureHasherId, new ChildDefinition('security.authenticator.remember_me_signature_hasher')) ->replaceArgument(1, $config['signature_properties']) + ->replaceArgument(2, $config['secret']) ; $container->setDefinition($rememberMeHandlerId, new ChildDefinition('security.authenticator.signature_remember_me_handler')) @@ -205,7 +207,10 @@ public function addConfiguration(NodeDefinition $node) ; $builder - ->scalarNode('secret')->isRequired()->cannotBeEmpty()->end() + ->scalarNode('secret') + ->cannotBeEmpty() + ->defaultValue('%kernel.secret%') + ->end() ->scalarNode('service')->end() ->arrayNode('user_providers') ->beforeNormalization() diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php index 3b69d2a91fe8..684e43e28a50 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php @@ -419,7 +419,7 @@ public function testRememberMeCookieInheritFrameworkSessionCookie($config, $same 'firewalls' => [ 'default' => [ 'form_login' => null, - 'remember_me' => ['secret' => 'baz'], + 'remember_me' => [], ], ], ]); @@ -433,6 +433,7 @@ public function testRememberMeCookieInheritFrameworkSessionCookie($config, $same $this->assertEquals($samesite, $definition->getArgument(3)['samesite']); $this->assertEquals($secure, $definition->getArgument(3)['secure']); + $this->assertSame('%kernel.secret%', $definition->getArgument(1)); } /** @@ -484,6 +485,46 @@ public function testCustomRememberMeHandler() $this->assertEquals([['firewall' => 'default']], $handler->getTag('security.remember_me_handler')); } + public function testSecretRememberMeHasher() + { + $container = $this->getRawContainer(); + + $container->register('custom_remember_me', \stdClass::class); + $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, + 'firewalls' => [ + 'default' => [ + 'remember_me' => ['secret' => 'very'], + ], + ], + ]); + + $container->compile(); + + $handler = $container->getDefinition('security.authenticator.remember_me_signature_hasher.default'); + $this->assertSame('very', $handler->getArgument(2)); + } + + public function testSecretRememberMeHandler() + { + $container = $this->getRawContainer(); + + $container->register('custom_remember_me', \stdClass::class); + $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, + 'firewalls' => [ + 'default' => [ + 'remember_me' => ['secret' => 'very', 'token_provider' => 'token_provider_id'], + ], + ], + ]); + + $container->compile(); + + $handler = $container->getDefinition('security.authenticator.remember_me_handler.default'); + $this->assertSame('very', $handler->getArgument(1)); + } + public function sessionConfigurationProvider() { return [ pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy