diff options
| author | Maxime STEINHAUSSER <maxime.steinhausser@elao.com> | 2016-07-07 09:10:40 +0200 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2016-07-08 11:55:21 +0200 |
| commit | 759ca4ca47c440efe2771359e5449c886ca1955a (patch) | |
| tree | b666f04c30743357c6475bae83ee434b678cff50 | |
| parent | 6f72bc79990abf02dc7fe9792d6909c1ef333998 (diff) | |
| download | symfony-security-759ca4ca47c440efe2771359e5449c886ca1955a.zip symfony-security-759ca4ca47c440efe2771359e5449c886ca1955a.tar.gz symfony-security-759ca4ca47c440efe2771359e5449c886ca1955a.tar.bz2 | |
[Security] Fix deprecated usage of DigestAuthenticationEntryPoint::getKey() in DigestAuthenticationListener
| -rw-r--r-- | Http/Firewall/DigestAuthenticationListener.php | 2 | ||||
| -rw-r--r-- | Http/Tests/Firewall/DigestAuthenticationListenerTest.php | 79 |
2 files changed, 80 insertions, 1 deletions
diff --git a/Http/Firewall/DigestAuthenticationListener.php b/Http/Firewall/DigestAuthenticationListener.php index d8d71fb..71bdf6c 100644 --- a/Http/Firewall/DigestAuthenticationListener.php +++ b/Http/Firewall/DigestAuthenticationListener.php @@ -78,7 +78,7 @@ class DigestAuthenticationListener implements ListenerInterface } try { - $digestAuth->validateAndDecode($this->authenticationEntryPoint->getKey(), $this->authenticationEntryPoint->getRealmName()); + $digestAuth->validateAndDecode($this->authenticationEntryPoint->getSecret(), $this->authenticationEntryPoint->getRealmName()); } catch (BadCredentialsException $e) { $this->fail($event, $request, $e); diff --git a/Http/Tests/Firewall/DigestAuthenticationListenerTest.php b/Http/Tests/Firewall/DigestAuthenticationListenerTest.php new file mode 100644 index 0000000..80b2dc4 --- /dev/null +++ b/Http/Tests/Firewall/DigestAuthenticationListenerTest.php @@ -0,0 +1,79 @@ +<?php + +namespace Symfony\Component\Security\Http\Tests\Firewall; + +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; +use Symfony\Component\Security\Http\EntryPoint\DigestAuthenticationEntryPoint; +use Symfony\Component\Security\Http\Firewall\DigestAuthenticationListener; + +class DigestAuthenticationListenerTest extends \PHPUnit_Framework_TestCase +{ + public function testHandleWithValidDigest() + { + $time = microtime(true) + 1000; + $secret = 'ThisIsASecret'; + $nonce = base64_encode($time.':'.md5($time.':'.$secret)); + $username = 'user'; + $password = 'password'; + $realm = 'Welcome, robot!'; + $cnonce = 'MDIwODkz'; + $nc = '00000001'; + $qop = 'auth'; + $uri = '/path/info?p1=5&p2=5'; + + $serverDigest = $this->calculateServerDigest($username, $realm, $password, $nc, $nonce, $cnonce, $qop, 'GET', $uri); + + $digestData = + 'username="'.$username.'", realm="'.$realm.'", nonce="'.$nonce.'", '. + 'uri="'.$uri.'", cnonce="'.$cnonce.'", nc='.$nc.', qop="'.$qop.'", '. + 'response="'.$serverDigest.'"' + ; + + $request = new Request(array(), array(), array(), array(), array(), array('PHP_AUTH_DIGEST' => $digestData)); + + $entryPoint = new DigestAuthenticationEntryPoint($realm, $secret); + + $user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); + $user->method('getPassword')->willReturn($password); + + $providerKey = 'TheProviderKey'; + + $tokenStorage = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface'); + $tokenStorage + ->expects($this->once()) + ->method('getToken') + ->will($this->returnValue(null)) + ; + $tokenStorage + ->expects($this->once()) + ->method('setToken') + ->with($this->equalTo(new UsernamePasswordToken($user, $password, $providerKey))) + ; + + $userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface'); + $userProvider->method('loadUserByUsername')->willReturn($user); + + $listener = new DigestAuthenticationListener($tokenStorage, $userProvider, $providerKey, $entryPoint); + + $event = $this->getMock('Symfony\Component\HttpKernel\Event\GetResponseEvent', array(), array(), '', false); + $event + ->expects($this->any()) + ->method('getRequest') + ->will($this->returnValue($request)) + ; + + $listener->handle($event); + } + + private function calculateServerDigest($username, $realm, $password, $nc, $nonce, $cnonce, $qop, $method, $uri) + { + $response = md5( + md5($username.':'.$realm.':'.$password).':'.$nonce.':'.$nc.':'.$cnonce.':'.$qop.':'.md5($method.':'.$uri) + ); + + return sprintf('username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=%s, qop="%s", response="%s"', + $username, $realm, $nonce, $uri, $cnonce, $nc, $qop, $response + ); + } +} |