summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Http/RememberMe/AbstractRememberMeServices.php3
-rw-r--r--Http/RememberMe/PersistentTokenBasedRememberMeServices.php9
-rw-r--r--Tests/Http/RememberMe/AbstractRememberMeServicesTest.php16
-rw-r--r--Tests/Http/RememberMe/TokenBasedRememberMeServicesTest.php2
4 files changed, 17 insertions, 13 deletions
diff --git a/Http/RememberMe/AbstractRememberMeServices.php b/Http/RememberMe/AbstractRememberMeServices.php
index 4f7c5b9..e7a78ce 100644
--- a/Http/RememberMe/AbstractRememberMeServices.php
+++ b/Http/RememberMe/AbstractRememberMeServices.php
@@ -172,6 +172,9 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface
*/
final public function loginSuccess(Request $request, Response $response, TokenInterface $token)
{
+ // Make sure any old remember-me cookies are cancelled
+ $this->cancelCookie($request);
+
if (!$token->getUser() instanceof UserInterface) {
if (null !== $this->logger) {
$this->logger->debug('Remember-me ignores token since it does not contain a UserInterface implementation.');
diff --git a/Http/RememberMe/PersistentTokenBasedRememberMeServices.php b/Http/RememberMe/PersistentTokenBasedRememberMeServices.php
index dbb6429..2ad47f8 100644
--- a/Http/RememberMe/PersistentTokenBasedRememberMeServices.php
+++ b/Http/RememberMe/PersistentTokenBasedRememberMeServices.php
@@ -63,10 +63,12 @@ class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices
/**
* {@inheritDoc}
*/
- public function logout(Request $request, Response $response, TokenInterface $token)
+ protected function cancelCookie(Request $request)
{
- parent::logout($request, $response, $token);
+ // Delete cookie on the client
+ parent::cancelCookie($request);
+ // Delete cookie from the tokenProvider
if (null !== ($cookie = $request->cookies->get($this->options['name']))
&& count($parts = $this->decodeCookie($cookie)) === 2
) {
@@ -88,8 +90,6 @@ class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices
$persistentToken = $this->tokenProvider->loadTokenBySeries($series);
if ($persistentToken->getTokenValue() !== $tokenValue) {
- $this->tokenProvider->deleteTokenBySeries($series);
-
throw new CookieTheftException('This token was already used. The account is possibly compromised.');
}
@@ -133,6 +133,7 @@ class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices
)
);
+ $request->attributes->remove(self::COOKIE_ATTR_NAME);
$response->headers->setCookie(
new Cookie(
$this->options['name'],
diff --git a/Tests/Http/RememberMe/AbstractRememberMeServicesTest.php b/Tests/Http/RememberMe/AbstractRememberMeServicesTest.php
index fc8dffb..8571686 100644
--- a/Tests/Http/RememberMe/AbstractRememberMeServicesTest.php
+++ b/Tests/Http/RememberMe/AbstractRememberMeServicesTest.php
@@ -39,7 +39,7 @@ class AbstractRememberMeServicesTest extends \PHPUnit_Framework_TestCase
public function testAutoLoginReturnsNullWhenNoCookie()
{
- $service = $this->getService(null, array('name' => 'foo'));
+ $service = $this->getService(null, array('name' => 'foo', 'path' => null, 'domain' => null));
$this->assertNull($service->autoLogin(new Request()));
}
@@ -49,7 +49,7 @@ class AbstractRememberMeServicesTest extends \PHPUnit_Framework_TestCase
*/
public function testAutoLoginThrowsExceptionWhenImplementationDoesNotReturnUserInterface()
{
- $service = $this->getService(null, array('name' => 'foo'));
+ $service = $this->getService(null, array('name' => 'foo', 'path' => null, 'domain' => null));
$request = new Request;
$request->cookies->set('foo', 'foo');
@@ -64,7 +64,7 @@ class AbstractRememberMeServicesTest extends \PHPUnit_Framework_TestCase
public function testAutoLogin()
{
- $service = $this->getService(null, array('name' => 'foo'));
+ $service = $this->getService(null, array('name' => 'foo', 'path' => null, 'domain' => null));
$request = new Request();
$request->cookies->set('foo', 'foo');
@@ -112,7 +112,7 @@ class AbstractRememberMeServicesTest extends \PHPUnit_Framework_TestCase
public function testLoginSuccessIsNotProcessedWhenTokenDoesNotContainUserInterfaceImplementation()
{
- $service = $this->getService(null, array('name' => 'foo', 'always_remember_me' => true));
+ $service = $this->getService(null, array('name' => 'foo', 'always_remember_me' => true, 'path' => null, 'domain' => null));
$request = new Request;
$response = new Response;
$account = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
@@ -135,7 +135,7 @@ class AbstractRememberMeServicesTest extends \PHPUnit_Framework_TestCase
public function testLoginSuccessIsNotProcessedWhenRememberMeIsNotRequested()
{
- $service = $this->getService(null, array('name' => 'foo', 'always_remember_me' => false, 'remember_me_parameter' => 'foo'));
+ $service = $this->getService(null, array('name' => 'foo', 'always_remember_me' => false, 'remember_me_parameter' => 'foo', 'path' => null, 'domain' => null));
$request = new Request;
$response = new Response;
$account = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
@@ -159,7 +159,7 @@ class AbstractRememberMeServicesTest extends \PHPUnit_Framework_TestCase
public function testLoginSuccessWhenRememberMeAlwaysIsTrue()
{
- $service = $this->getService(null, array('name' => 'foo', 'always_remember_me' => true));
+ $service = $this->getService(null, array('name' => 'foo', 'always_remember_me' => true, 'path' => null, 'domain' => null));
$request = new Request;
$response = new Response;
$account = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
@@ -184,7 +184,7 @@ class AbstractRememberMeServicesTest extends \PHPUnit_Framework_TestCase
*/
public function testLoginSuccessWhenRememberMeParameterWithPathIsPositive($value)
{
- $service = $this->getService(null, array('name' => 'foo', 'always_remember_me' => false, 'remember_me_parameter' => 'foo[bar]'));
+ $service = $this->getService(null, array('name' => 'foo', 'always_remember_me' => false, 'remember_me_parameter' => 'foo[bar]', 'path' => null, 'domain' => null));
$request = new Request;
$request->request->set('foo', array('bar' => $value));
@@ -211,7 +211,7 @@ class AbstractRememberMeServicesTest extends \PHPUnit_Framework_TestCase
*/
public function testLoginSuccessWhenRememberMeParameterIsPositive($value)
{
- $service = $this->getService(null, array('name' => 'foo', 'always_remember_me' => false, 'remember_me_parameter' => 'foo'));
+ $service = $this->getService(null, array('name' => 'foo', 'always_remember_me' => false, 'remember_me_parameter' => 'foo', 'path' => null, 'domain' => null));
$request = new Request;
$request->request->set('foo', $value);
diff --git a/Tests/Http/RememberMe/TokenBasedRememberMeServicesTest.php b/Tests/Http/RememberMe/TokenBasedRememberMeServicesTest.php
index 407db02..6de69f1 100644
--- a/Tests/Http/RememberMe/TokenBasedRememberMeServicesTest.php
+++ b/Tests/Http/RememberMe/TokenBasedRememberMeServicesTest.php
@@ -179,7 +179,7 @@ class TokenBasedRememberMeServicesTest extends \PHPUnit_Framework_TestCase
public function testLoginSuccessIgnoresTokensWhichDoNotContainAnUserInterfaceImplementation()
{
- $service = $this->getService(null, array('name' => 'foo', 'always_remember_me' => true));
+ $service = $this->getService(null, array('name' => 'foo', 'always_remember_me' => true, 'path' => null, 'domain' => null));
$request = new Request;
$response = new Response;
$token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
generated by cgit v1.1 at 2025-05-28 11:22:51 +0000