Merge branch '2.7' into 2.8

* 2.7: fixed tests migrate session after remember me authentication prevent timing attacks in digest auth listener mitigate CSRF timing attack vulnerability fix potential timing attack issue
author: Fabien Potencier <fabien.potencier@gmail.com> 2015-11-23 11:34:41 +0100
committer: Fabien Potencier <fabien.potencier@gmail.com> 2015-11-23 11:34:41 +0100
commit: 31c5b697c06a1f254ec337c1921b9f6b25b8f32f (patch)
tree: 81e2b2874e38c82011088123feb623549e91be84 /Http/Tests
parent: 4e473f4aa100d293f68dae683464f23407b0058e (diff)
parent: 4cbe9221d4fa99fba7aa4b21254a228758cb710d (diff)
download: symfony-security-31c5b697c06a1f254ec337c1921b9f6b25b8f32f.zip
symfony-security-31c5b697c06a1f254ec337c1921b9f6b25b8f32f.tar.gz
symfony-security-31c5b697c06a1f254ec337c1921b9f6b25b8f32f.tar.bz2
1 files changed, 63 insertions, 0 deletions
diff --git a/Http/Tests/Firewall/RememberMeListenerTest.php b/Http/Tests/Firewall/RememberMeListenerTest.php
index b16d55b..7309042 100644
--- a/Http/Tests/Firewall/RememberMeListenerTest.php
+++ b/Http/Tests/Firewall/RememberMeListenerTest.php
@@ -246,6 +246,69 @@ class RememberMeListenerTest extends \PHPUnit_Framework_TestCase
         $listener->handle($event);
     }
 
+    public function testSessionIsMigratedByDefault()
+    {
+        list($listener, $tokenStorage, $service, $manager, , $dispatcher, $sessionStrategy) = $this->getListener(false, true, false);
+
+        $tokenStorage
+            ->expects($this->once())
+            ->method('getToken')
+            ->will($this->returnValue(null))
+        ;
+
+        $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
+        $service
+            ->expects($this->once())
+            ->method('autoLogin')
+            ->will($this->returnValue($token))
+        ;
+
+        $tokenStorage
+            ->expects($this->once())
+            ->method('setToken')
+            ->with($this->equalTo($token))
+        ;
+
+        $manager
+            ->expects($this->once())
+            ->method('authenticate')
+            ->will($this->returnValue($token))
+        ;
+
+        $session = $this->getMock('\Symfony\Component\HttpFoundation\Session\SessionInterface');
+        $session
+            ->expects($this->once())
+            ->method('isStarted')
+            ->will($this->returnValue(true))
+        ;
+        $session
+            ->expects($this->once())
+            ->method('migrate')
+        ;
+
+        $request = $this->getMock('\Symfony\Component\HttpFoundation\Request');
+        $request
+            ->expects($this->any())
+            ->method('hasSession')
+            ->will($this->returnValue(true))
+        ;
+
+        $request
+            ->expects($this->any())
+            ->method('getSession')
+            ->will($this->returnValue($session))
+        ;
+
+        $event = $this->getGetResponseEvent();
+        $event
+            ->expects($this->once())
+            ->method('getRequest')
+            ->will($this->returnValue($request))
+        ;
+
+        $listener->handle($event);
+    }
+
     public function testOnCoreSecurityInteractiveLoginEventIsDispatchedIfDispatcherIsPresent()
     {
         list($listener, $tokenStorage, $service, $manager, , $dispatcher) = $this->getListener(true);
author	Fabien Potencier <fabien.potencier@gmail.com>	2015-11-23 11:34:41 +0100
committer	Fabien Potencier <fabien.potencier@gmail.com>	2015-11-23 11:34:41 +0100
commit	31c5b697c06a1f254ec337c1921b9f6b25b8f32f (patch)
tree	81e2b2874e38c82011088123feb623549e91be84 /Http/Tests
parent	4e473f4aa100d293f68dae683464f23407b0058e (diff)
parent	4cbe9221d4fa99fba7aa4b21254a228758cb710d (diff)
download	symfony-security-31c5b697c06a1f254ec337c1921b9f6b25b8f32f.zip symfony-security-31c5b697c06a1f254ec337c1921b9f6b25b8f32f.tar.gz symfony-security-31c5b697c06a1f254ec337c1921b9f6b25b8f32f.tar.bz2