diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2015-05-21 06:28:27 +0200 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2015-05-21 06:28:27 +0200 |
| commit | a3fffdc56ce7a29745d3dea4800058de1a4edd84 (patch) | |
| tree | af7292249208a220c30f0ee8cacd8ddf989085ae /Tests/Http | |
| parent | a9a1d5007c7157828e2f833964e7c54fd0b779a6 (diff) | |
| parent | 51f245f2684a0a819dcaff815f401494e63a582d (diff) | |
| download | symfony-security-a3fffdc56ce7a29745d3dea4800058de1a4edd84.zip symfony-security-a3fffdc56ce7a29745d3dea4800058de1a4edd84.tar.gz symfony-security-a3fffdc56ce7a29745d3dea4800058de1a4edd84.tar.bz2 | |
bug #14678 [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts (MacDada)
This PR was squashed before being merged into the 2.3 branch (closes #14678).
Discussion
----------
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14577
| License | MIT
| Doc PR | no
`AbstractRememberMeServices::encodeCookie()` guards against `COOKIE_DELIMITER` in `$cookieParts`.
* it would make `AbstractRememberMeServices::cookieDecode()` broken
* all current extending classes do it anyway (see #14670 )
* added tests – it's not a public method, but it is expected to be used by user implementations – as such, it's good to know that it works properly
Commits
-------
464c39a [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
Diffstat (limited to 'Tests/Http')
| -rw-r--r-- | Tests/Http/RememberMe/AbstractRememberMeServicesTest.php | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/Tests/Http/RememberMe/AbstractRememberMeServicesTest.php b/Tests/Http/RememberMe/AbstractRememberMeServicesTest.php index 0f64730..70ff6a0 100644 --- a/Tests/Http/RememberMe/AbstractRememberMeServicesTest.php +++ b/Tests/Http/RememberMe/AbstractRememberMeServicesTest.php @@ -14,6 +14,7 @@ namespace Symfony\Component\Security\Tests\Http\RememberMe; use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\Security\Http\RememberMe\AbstractRememberMeServices; class AbstractRememberMeServicesTest extends \PHPUnit_Framework_TestCase { @@ -236,6 +237,30 @@ class AbstractRememberMeServicesTest extends \PHPUnit_Framework_TestCase ); } + public function testEncodeCookieAndDecodeCookieAreInvertible() + { + $cookieParts = array('aa', 'bb', 'cc'); + $service = $this->getService(); + + $encoded = $this->callProtected($service, 'encodeCookie', array($cookieParts)); + $this->assertInternalType('string', $encoded); + + $decoded = $this->callProtected($service, 'decodeCookie', array($encoded)); + $this->assertSame($cookieParts, $decoded); + } + + /** + * @expectedException InvalidArgumentException + * @expectedExceptionMessage cookie delimiter + */ + public function testThereShouldBeNoCookieDelimiterInCookieParts() + { + $cookieParts = array('aa', 'b'.AbstractRememberMeServices::COOKIE_DELIMITER.'b', 'cc'); + $service = $this->getService(); + + $this->callProtected($service, 'encodeCookie', array($cookieParts)); + } + protected function getService($userProvider = null, $options = array(), $logger = null) { if (null === $userProvider) { @@ -258,4 +283,13 @@ class AbstractRememberMeServicesTest extends \PHPUnit_Framework_TestCase return $provider; } + + private function callProtected($object, $method, array $args) + { + $reflection = new \ReflectionClass(get_class($object)); + $reflectionMethod = $reflection->getMethod($method); + $reflectionMethod->setAccessible(true); + + return $reflectionMethod->invokeArgs($object, $args); + } } |