diff options
| author | Sergey Novikov <snov@snov.me> | 2015-10-04 15:22:52 +0200 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2015-10-16 13:32:26 +0200 |
| commit | f4a3959fc209d020abcf5c4d774ee309589bd047 (patch) | |
| tree | 9e7e22400703336620f80b238b69d88037d39046 | |
| parent | 299eb573f3d41d26eab46fcc164e7934fbd5d653 (diff) | |
| download | symfony-security-f4a3959fc209d020abcf5c4d774ee309589bd047.zip symfony-security-f4a3959fc209d020abcf5c4d774ee309589bd047.tar.gz symfony-security-f4a3959fc209d020abcf5c4d774ee309589bd047.tar.bz2 | |
[Security] Use SessionAuthenticationStrategy on RememberMe login
Regenerate session ID with default session strategy
| -rw-r--r-- | Http/Firewall/RememberMeListener.php | 21 | ||||
| -rw-r--r-- | Http/Tests/Firewall/RememberMeListenerTest.php | 77 |
2 files changed, 88 insertions, 10 deletions
diff --git a/Http/Firewall/RememberMeListener.php b/Http/Firewall/RememberMeListener.php index f5ec8c7..ccadf94 100644 --- a/Http/Firewall/RememberMeListener.php +++ b/Http/Firewall/RememberMeListener.php @@ -20,6 +20,7 @@ use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; use Symfony\Component\Security\Http\Event\InteractiveLoginEvent; use Symfony\Component\Security\Http\SecurityEvents; use Symfony\Component\EventDispatcher\EventDispatcherInterface; +use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface; /** * RememberMeListener implements authentication capabilities via a cookie. @@ -34,18 +35,20 @@ class RememberMeListener implements ListenerInterface private $logger; private $dispatcher; private $catchExceptions = true; + private $sessionStrategy; /** * Constructor. * - * @param TokenStorageInterface $tokenStorage - * @param RememberMeServicesInterface $rememberMeServices - * @param AuthenticationManagerInterface $authenticationManager - * @param LoggerInterface $logger - * @param EventDispatcherInterface $dispatcher - * @param bool $catchExceptions + * @param TokenStorageInterface $tokenStorage + * @param RememberMeServicesInterface $rememberMeServices + * @param AuthenticationManagerInterface $authenticationManager + * @param LoggerInterface $logger + * @param EventDispatcherInterface $dispatcher + * @param bool $catchExceptions + * @param SessionAuthenticationStrategyInterface $sessionStrategy */ - public function __construct(TokenStorageInterface $tokenStorage, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $catchExceptions = true) + public function __construct(TokenStorageInterface $tokenStorage, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $catchExceptions = true, SessionAuthenticationStrategyInterface $sessionStrategy = null) { $this->tokenStorage = $tokenStorage; $this->rememberMeServices = $rememberMeServices; @@ -53,6 +56,7 @@ class RememberMeListener implements ListenerInterface $this->logger = $logger; $this->dispatcher = $dispatcher; $this->catchExceptions = $catchExceptions; + $this->sessionStrategy = $sessionStrategy; } /** @@ -73,6 +77,9 @@ class RememberMeListener implements ListenerInterface try { $token = $this->authenticationManager->authenticate($token); + if (null !== $this->sessionStrategy && $request->hasSession() && $request->getSession()->isStarted()) { + $this->sessionStrategy->onAuthentication($request, $token); + } $this->tokenStorage->setToken($token); if (null !== $this->dispatcher) { diff --git a/Http/Tests/Firewall/RememberMeListenerTest.php b/Http/Tests/Firewall/RememberMeListenerTest.php index e348355..b16d55b 100644 --- a/Http/Tests/Firewall/RememberMeListenerTest.php +++ b/Http/Tests/Firewall/RememberMeListenerTest.php @@ -181,6 +181,71 @@ class RememberMeListenerTest extends \PHPUnit_Framework_TestCase $listener->handle($event); } + public function testSessionStrategy() + { + list($listener, $tokenStorage, $service, $manager, , $dispatcher, $sessionStrategy) = $this->getListener(false, true, true); + + $tokenStorage + ->expects($this->once()) + ->method('getToken') + ->will($this->returnValue(null)) + ; + + $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface'); + $service + ->expects($this->once()) + ->method('autoLogin') + ->will($this->returnValue($token)) + ; + + $tokenStorage + ->expects($this->once()) + ->method('setToken') + ->with($this->equalTo($token)) + ; + + $manager + ->expects($this->once()) + ->method('authenticate') + ->will($this->returnValue($token)) + ; + + $session = $this->getMock('\Symfony\Component\HttpFoundation\Session\SessionInterface'); + $session + ->expects($this->once()) + ->method('isStarted') + ->will($this->returnValue(true)) + ; + + $request = $this->getMock('\Symfony\Component\HttpFoundation\Request'); + $request + ->expects($this->once()) + ->method('hasSession') + ->will($this->returnValue(true)) + ; + + $request + ->expects($this->once()) + ->method('getSession') + ->will($this->returnValue($session)) + ; + + $event = $this->getGetResponseEvent(); + $event + ->expects($this->once()) + ->method('getRequest') + ->will($this->returnValue($request)) + ; + + $sessionStrategy + ->expects($this->once()) + ->method('onAuthentication') + ->will($this->returnValue(null)) + ; + + $listener->handle($event); + } + public function testOnCoreSecurityInteractiveLoginEventIsDispatchedIfDispatcherIsPresent() { list($listener, $tokenStorage, $service, $manager, , $dispatcher) = $this->getListener(true); @@ -240,7 +305,7 @@ class RememberMeListenerTest extends \PHPUnit_Framework_TestCase return $this->getMock('Symfony\Component\HttpKernel\Event\FilterResponseEvent', array(), array(), '', false); } - protected function getListener($withDispatcher = false, $catchExceptions = true) + protected function getListener($withDispatcher = false, $catchExceptions = true, $withSessionStrategy = false) { $listener = new RememberMeListener( $tokenStorage = $this->getTokenStorage(), @@ -248,10 +313,11 @@ class RememberMeListenerTest extends \PHPUnit_Framework_TestCase $manager = $this->getManager(), $logger = $this->getLogger(), $dispatcher = ($withDispatcher ? $this->getDispatcher() : null), - $catchExceptions + $catchExceptions, + $sessionStrategy = ($withSessionStrategy ? $this->getSessionStrategy() : null) ); - return array($listener, $tokenStorage, $service, $manager, $logger, $dispatcher); + return array($listener, $tokenStorage, $service, $manager, $logger, $dispatcher, $sessionStrategy); } protected function getLogger() @@ -278,4 +344,9 @@ class RememberMeListenerTest extends \PHPUnit_Framework_TestCase { return $this->getMock('Symfony\Component\EventDispatcher\EventDispatcherInterface'); } + + private function getSessionStrategy() + { + return $this->getMock('\Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface'); + } } |