diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2015-11-23 11:34:14 +0100 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2015-11-23 11:34:14 +0100 |
| commit | 4cbe9221d4fa99fba7aa4b21254a228758cb710d (patch) | |
| tree | cfa8b51607a798afa64cfacfac97992be41dab09 /Http/Tests | |
| parent | 7260a65641af0c1896d3fe431cee16efe956fcbe (diff) | |
| parent | 1500a2ceb20b1bcf908f07ee2104225b3e35ee65 (diff) | |
| download | symfony-security-4cbe9221d4fa99fba7aa4b21254a228758cb710d.zip symfony-security-4cbe9221d4fa99fba7aa4b21254a228758cb710d.tar.gz symfony-security-4cbe9221d4fa99fba7aa4b21254a228758cb710d.tar.bz2 | |
Merge branch '2.3' into 2.7v2.7.7
* 2.3:
migrate session after remember me authentication
prevent timing attacks in digest auth listener
mitigate CSRF timing attack vulnerability
fix potential timing attack issue
Diffstat (limited to 'Http/Tests')
| -rw-r--r-- | Http/Tests/Firewall/RememberMeListenerTest.php | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/Http/Tests/Firewall/RememberMeListenerTest.php b/Http/Tests/Firewall/RememberMeListenerTest.php index b16d55b..7309042 100644 --- a/Http/Tests/Firewall/RememberMeListenerTest.php +++ b/Http/Tests/Firewall/RememberMeListenerTest.php @@ -246,6 +246,69 @@ class RememberMeListenerTest extends \PHPUnit_Framework_TestCase $listener->handle($event); } + public function testSessionIsMigratedByDefault() + { + list($listener, $tokenStorage, $service, $manager, , $dispatcher, $sessionStrategy) = $this->getListener(false, true, false); + + $tokenStorage + ->expects($this->once()) + ->method('getToken') + ->will($this->returnValue(null)) + ; + + $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface'); + $service + ->expects($this->once()) + ->method('autoLogin') + ->will($this->returnValue($token)) + ; + + $tokenStorage + ->expects($this->once()) + ->method('setToken') + ->with($this->equalTo($token)) + ; + + $manager + ->expects($this->once()) + ->method('authenticate') + ->will($this->returnValue($token)) + ; + + $session = $this->getMock('\Symfony\Component\HttpFoundation\Session\SessionInterface'); + $session + ->expects($this->once()) + ->method('isStarted') + ->will($this->returnValue(true)) + ; + $session + ->expects($this->once()) + ->method('migrate') + ; + + $request = $this->getMock('\Symfony\Component\HttpFoundation\Request'); + $request + ->expects($this->any()) + ->method('hasSession') + ->will($this->returnValue(true)) + ; + + $request + ->expects($this->any()) + ->method('getSession') + ->will($this->returnValue($session)) + ; + + $event = $this->getGetResponseEvent(); + $event + ->expects($this->once()) + ->method('getRequest') + ->will($this->returnValue($request)) + ; + + $listener->handle($event); + } + public function testOnCoreSecurityInteractiveLoginEventIsDispatchedIfDispatcherIsPresent() { list($listener, $tokenStorage, $service, $manager, , $dispatcher) = $this->getListener(true); |