Merge branch '2.7' into 2.8

* 2.7: [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1] [ci] Use current PHP_BINARY when running ./phpunit Fixed typos [UPGRADE-3.0] fix bullet indentation Fix PropertyAccessor modifying array in object when array key does not exist [Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
author: Fabien Potencier <fabien.potencier@gmail.com> 2015-10-05 17:19:10 +0200
committer: Fabien Potencier <fabien.potencier@gmail.com> 2015-10-05 17:19:10 +0200
commit: 99d73ecb12dedf5c772aab7f00e7d39b60c5f4ed (patch)
tree: 1173b67020a5f5cee99d930f43ad6a593fb4d0f4 /Http/Tests
parent: 88ef04f5d4cc2f895c7d74f6e5ba89255df9dc01 (diff)
parent: 427c50c174f7ae307d61a722da4ab53e87819041 (diff)
download: symfony-security-99d73ecb12dedf5c772aab7f00e7d39b60c5f4ed.zip
symfony-security-99d73ecb12dedf5c772aab7f00e7d39b60c5f4ed.tar.gz
symfony-security-99d73ecb12dedf5c772aab7f00e7d39b60c5f4ed.tar.bz2
3 files changed, 49 insertions, 5 deletions
diff --git a/Http/Tests/RememberMe/AbstractRememberMeServicesTest.php b/Http/Tests/RememberMe/AbstractRememberMeServicesTest.php
index d3daa35..4ea4f5d 100644
--- a/Http/Tests/RememberMe/AbstractRememberMeServicesTest.php
+++ b/Http/Tests/RememberMe/AbstractRememberMeServicesTest.php
@@ -82,16 +82,35 @@ class AbstractRememberMeServicesTest extends \PHPUnit_Framework_TestCase
         $this->assertSame('fookey', $returnedToken->getProviderKey());
     }
 
-    public function testLogout()
+    /**
+     * @dataProvider provideOptionsForLogout
+     */
+    public function testLogout(array $options)
     {
-        $service = $this->getService(null, array('name' => 'foo', 'path' => null, 'domain' => null));
+        $service = $this->getService(null, $options);
         $request = new Request();
         $response = new Response();
         $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
 
         $service->logout($request, $response, $token);
 
-        $this->assertTrue($request->attributes->get(RememberMeServicesInterface::COOKIE_ATTR_NAME)->isCleared());
+        $cookie = $request->attributes->get(RememberMeServicesInterface::COOKIE_ATTR_NAME);
+
+        $this->assertInstanceOf('Symfony\Component\HttpFoundation\Cookie', $cookie);
+        $this->assertTrue($cookie->isCleared());
+        $this->assertSame($options['name'], $cookie->getName());
+        $this->assertSame($options['path'], $cookie->getPath());
+        $this->assertSame($options['domain'], $cookie->getDomain());
+        $this->assertSame($options['secure'], $cookie->isSecure());
+        $this->assertSame($options['httponly'], $cookie->isHttpOnly());
+    }
+
+    public function provideOptionsForLogout()
+    {
+        return array(
+            array(array('name' => 'foo', 'path' => '/', 'domain' => null, 'secure' => false, 'httponly' => true)),
+            array(array('name' => 'foo', 'path' => '/bar', 'domain' => 'baz.com', 'secure' => true, 'httponly' => false)),
+        );
     }
 
     public function testLoginFail()
@@ -267,6 +286,13 @@ class AbstractRememberMeServicesTest extends \PHPUnit_Framework_TestCase
             $userProvider = $this->getProvider();
         }
 
+        if (!isset($options['secure'])) {
+            $options['secure'] = false;
+        }
+        if (!isset($options['httponly'])) {
+            $options['httponly'] = true;
+        }
+
         return $this->getMockForAbstractClass('Symfony\Component\Security\Http\RememberMe\AbstractRememberMeServices', array(
             array($userProvider), 'foosecret', 'fookey', $options, $logger,
         ));
diff --git a/Http/Tests/RememberMe/PersistentTokenBasedRememberMeServicesTest.php b/Http/Tests/RememberMe/PersistentTokenBasedRememberMeServicesTest.php
index 889211c..43aaf92 100644
--- a/Http/Tests/RememberMe/PersistentTokenBasedRememberMeServicesTest.php
+++ b/Http/Tests/RememberMe/PersistentTokenBasedRememberMeServicesTest.php
@@ -180,7 +180,7 @@ class PersistentTokenBasedRememberMeServicesTest extends \PHPUnit_Framework_Test
 
     public function testLogout()
     {
-        $service = $this->getService(null, array('name' => 'foo', 'path' => '/foo', 'domain' => 'foodomain.foo'));
+        $service = $this->getService(null, array('name' => 'foo', 'path' => '/foo', 'domain' => 'foodomain.foo', 'secure' => true, 'httponly' => false));
         $request = new Request();
         $request->cookies->set('foo', $this->encodeCookie(array('fooseries', 'foovalue')));
         $response = new Response();
@@ -201,6 +201,8 @@ class PersistentTokenBasedRememberMeServicesTest extends \PHPUnit_Framework_Test
         $this->assertTrue($cookie->isCleared());
         $this->assertEquals('/foo', $cookie->getPath());
         $this->assertEquals('foodomain.foo', $cookie->getDomain());
+        $this->assertTrue($cookie->isSecure());
+        $this->assertFalse($cookie->isHttpOnly());
     }
 
     public function testLogoutSimplyIgnoresNonSetRequestCookie()
@@ -311,6 +313,13 @@ class PersistentTokenBasedRememberMeServicesTest extends \PHPUnit_Framework_Test
             $userProvider = $this->getProvider();
         }
 
+        if (!isset($options['secure'])) {
+            $options['secure'] = false;
+        }
+        if (!isset($options['httponly'])) {
+            $options['httponly'] = true;
+        }
+
         return new PersistentTokenBasedRememberMeServices(array($userProvider), 'foosecret', 'fookey', $options, $logger, new SecureRandom(sys_get_temp_dir().'/_sf2.seed'));
     }
 
diff --git a/Http/Tests/RememberMe/TokenBasedRememberMeServicesTest.php b/Http/Tests/RememberMe/TokenBasedRememberMeServicesTest.php
index 2a892c3..dab811b 100644
--- a/Http/Tests/RememberMe/TokenBasedRememberMeServicesTest.php
+++ b/Http/Tests/RememberMe/TokenBasedRememberMeServicesTest.php
@@ -153,7 +153,7 @@ class TokenBasedRememberMeServicesTest extends \PHPUnit_Framework_TestCase
 
     public function testLogout()
     {
-        $service = $this->getService(null, array('name' => 'foo', 'path' => null, 'domain' => null));
+        $service = $this->getService(null, array('name' => 'foo', 'path' => null, 'domain' => null, 'secure' => true, 'httponly' => false));
         $request = new Request();
         $response = new Response();
         $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
@@ -164,6 +164,8 @@ class TokenBasedRememberMeServicesTest extends \PHPUnit_Framework_TestCase
         $this->assertTrue($cookie->isCleared());
         $this->assertEquals('/', $cookie->getPath());
         $this->assertNull($cookie->getDomain());
+        $this->assertTrue($cookie->isSecure());
+        $this->assertFalse($cookie->isHttpOnly());
     }
 
     public function testLoginFail()
@@ -264,6 +266,13 @@ class TokenBasedRememberMeServicesTest extends \PHPUnit_Framework_TestCase
             $userProvider = $this->getProvider();
         }
 
+        if (!isset($options['secure'])) {
+            $options['secure'] = false;
+        }
+        if (!isset($options['httponly'])) {
+            $options['httponly'] = true;
+        }
+
         $service = new TokenBasedRememberMeServices(array($userProvider), 'foosecret', 'fookey', $options, $logger);
 
         return $service;
author	Fabien Potencier <fabien.potencier@gmail.com>	2015-10-05 17:19:10 +0200
committer	Fabien Potencier <fabien.potencier@gmail.com>	2015-10-05 17:19:10 +0200
commit	99d73ecb12dedf5c772aab7f00e7d39b60c5f4ed (patch)
tree	1173b67020a5f5cee99d930f43ad6a593fb4d0f4 /Http/Tests
parent	88ef04f5d4cc2f895c7d74f6e5ba89255df9dc01 (diff)
parent	427c50c174f7ae307d61a722da4ab53e87819041 (diff)
download	symfony-security-99d73ecb12dedf5c772aab7f00e7d39b60c5f4ed.zip symfony-security-99d73ecb12dedf5c772aab7f00e7d39b60c5f4ed.tar.gz symfony-security-99d73ecb12dedf5c772aab7f00e7d39b60c5f4ed.tar.bz2