Skip to content

Commit

Permalink
add Request type json check in json_login
Browse files Browse the repository at this point in the history
  • Loading branch information
@lsmith77
lsmith77 committed Apr 24, 2017
1 parent 3471b58 commit 045a36b
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 14 deletions.
8 changes: 4 additions & 4 deletions src/Symfony/Bundle/SecurityBundle/Tests/Functional/JsonLoginTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ class JsonLoginTest extends WebTestCase
public function testDefaultJsonLoginSuccess()
{
$client = $this->createClient(array('test_case' => 'JsonLogin', 'root_config' => 'config.yml'));
$client->request('POST', '/chk', array(), array(), array(), '{"user": {"login": "dunglas", "password": "foo"}}');
$client->request('POST', '/chk', array(), array(), array('CONTENT_TYPE' => 'application/json'), '{"user": {"login": "dunglas", "password": "foo"}}');
$response = $client->getResponse();

$this->assertInstanceOf(JsonResponse::class, $response);
Expand All @@ -32,7 +32,7 @@ public function testDefaultJsonLoginSuccess()
public function testDefaultJsonLoginFailure()
{
$client = $this->createClient(array('test_case' => 'JsonLogin', 'root_config' => 'config.yml'));
$client->request('POST', '/chk', array(), array(), array(), '{"user": {"login": "dunglas", "password": "bad"}}');
$client->request('POST', '/chk', array(), array(), array('CONTENT_TYPE' => 'application/json'), '{"user": {"login": "dunglas", "password": "bad"}}');
$response = $client->getResponse();

$this->assertInstanceOf(JsonResponse::class, $response);
Expand All @@ -43,7 +43,7 @@ public function testDefaultJsonLoginFailure()
public function testCustomJsonLoginSuccess()
{
$client = $this->createClient(array('test_case' => 'JsonLogin', 'root_config' => 'custom_handlers.yml'));
$client->request('POST', '/chk', array(), array(), array(), '{"user": {"login": "dunglas", "password": "foo"}}');
$client->request('POST', '/chk', array(), array(), array('CONTENT_TYPE' => 'application/json'), '{"user": {"login": "dunglas", "password": "foo"}}');
$response = $client->getResponse();

$this->assertInstanceOf(JsonResponse::class, $response);
Expand All @@ -54,7 +54,7 @@ public function testCustomJsonLoginSuccess()
public function testCustomJsonLoginFailure()
{
$client = $this->createClient(array('test_case' => 'JsonLogin', 'root_config' => 'custom_handlers.yml'));
$client->request('POST', '/chk', array(), array(), array(), '{"user": {"login": "dunglas", "password": "bad"}}');
$client->request('POST', '/chk', array(), array(), array('CONTENT_TYPE' => 'application/json'), '{"user": {"login": "dunglas", "password": "bad"}}');
$response = $client->getResponse();

$this->assertInstanceOf(JsonResponse::class, $response);
Expand Down
5 changes: 5 additions & 0 deletions src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,11 @@ public function __construct(TokenStorageInterface $tokenStorage, AuthenticationM
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
if (false === strpos($request->getRequestFormat(), 'json')
&& false === strpos($request->getContentType(), 'json')
) {
return;
}

if (isset($this->options['check_path']) && !$this->httpUtils->checkRequestPath($request, $this->options['check_path'])) {
return;
Expand Down
42 changes: 32 additions & 10 deletions ...Component/Security/Http/Tests/Firewall/UsernamePasswordJsonAuthenticationListenerTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,10 +63,21 @@ private function createListener(array $options = array(), $success = true, $matc
$this->listener = new UsernamePasswordJsonAuthenticationListener($tokenStorage, $authenticationManager, $httpUtils, 'providerKey', $authenticationSuccessHandler, $authenticationFailureHandler, $options);
}

public function testHandleSuccess()
public function testHandleSuccessIfRequestContentTypeIsJson()
{
$this->createListener();
$request = new Request(array(), array(), array(), array(), array(), array('HTTP_CONTENT_TYPE' => 'application/json'), '{"username": "dunglas", "password": "foo"}');
$event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST);

$this->listener->handle($event);
$this->assertEquals('ok', $event->getResponse()->getContent());
}

public function testSuccessIfRequestFormatIsJsonLD()
{
$this->createListener();
$request = new Request(array(), array(), array(), array(), array(), array(), '{"username": "dunglas", "password": "foo"}');
$request->setRequestFormat('json-ld');
$event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST);

$this->listener->handle($event);
Expand All @@ -76,7 +87,7 @@ public function testHandleSuccess()
public function testHandleFailure()
{
$this->createListener(array(), false);
$request = new Request(array(), array(), array(), array(), array(), array(), '{"username": "dunglas", "password": "foo"}');
$request = new Request(array(), array(), array(), array(), array(), array('HTTP_CONTENT_TYPE' => 'application/json'), '{"username": "dunglas", "password": "foo"}');
$event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST);

$this->listener->handle($event);
Expand All @@ -86,7 +97,7 @@ public function testHandleFailure()
public function testUsePath()
{
$this->createListener(array('username_path' => 'user.login', 'password_path' => 'user.pwd'));
$request = new Request(array(), array(), array(), array(), array(), array(), '{"user": {"login": "dunglas", "pwd": "foo"}}');
$request = new Request(array(), array(), array(), array(), array(), array('HTTP_CONTENT_TYPE' => 'application/json'), '{"user": {"login": "dunglas", "pwd": "foo"}}');
$event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST);

$this->listener->handle($event);
Expand All @@ -96,7 +107,7 @@ public function testUsePath()
public function testAttemptAuthenticationNoUsername()
{
$this->createListener();
$request = new Request(array(), array(), array(), array(), array(), array(), '{"usr": "dunglas", "password": "foo"}');
$request = new Request(array(), array(), array(), array(), array(), array('HTTP_CONTENT_TYPE' => 'application/json'), '{"usr": "dunglas", "password": "foo"}');
$event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST);

$this->listener->handle($event);
Expand All @@ -106,7 +117,7 @@ public function testAttemptAuthenticationNoUsername()
public function testAttemptAuthenticationNoPassword()
{
$this->createListener();
$request = new Request(array(), array(), array(), array(), array(), array(), '{"username": "dunglas", "pass": "foo"}');
$request = new Request(array(), array(), array(), array(), array(), array('HTTP_CONTENT_TYPE' => 'application/json'), '{"username": "dunglas", "pass": "foo"}');
$event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST);

$this->listener->handle($event);
Expand All @@ -116,7 +127,7 @@ public function testAttemptAuthenticationNoPassword()
public function testAttemptAuthenticationUsernameNotAString()
{
$this->createListener();
$request = new Request(array(), array(), array(), array(), array(), array(), '{"username": 1, "password": "foo"}');
$request = new Request(array(), array(), array(), array(), array(), array('HTTP_CONTENT_TYPE' => 'application/json'), '{"username": 1, "password": "foo"}');
$event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST);

$this->listener->handle($event);
Expand All @@ -126,7 +137,7 @@ public function testAttemptAuthenticationUsernameNotAString()
public function testAttemptAuthenticationPasswordNotAString()
{
$this->createListener();
$request = new Request(array(), array(), array(), array(), array(), array(), '{"username": "dunglas", "password": 1}');
$request = new Request(array(), array(), array(), array(), array(), array('HTTP_CONTENT_TYPE' => 'application/json'), '{"username": "dunglas", "password": 1}');
$event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST);

$this->listener->handle($event);
Expand All @@ -137,7 +148,7 @@ public function testAttemptAuthenticationUsernameTooLong()
{
$this->createListener();
$username = str_repeat('x', Security::MAX_USERNAME_LENGTH + 1);
$request = new Request(array(), array(), array(), array(), array(), array(), sprintf('{"username": "%s", "password": 1}', $username));
$request = new Request(array(), array(), array(), array(), array(), array('HTTP_CONTENT_TYPE' => 'application/json'), sprintf('{"username": "%s", "password": 1}', $username));
$event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST);

$this->listener->handle($event);
Expand All @@ -147,7 +158,18 @@ public function testAttemptAuthenticationUsernameTooLong()
public function testDoesNotAttemptAuthenticationIfRequestPathDoesNotMatchCheckPath()
{
$this->createListener(array('check_path' => '/'), true, false);
$request = new Request();
$request = new Request(array(), array(), array(), array(), array(), array('HTTP_CONTENT_TYPE' => 'application/json'));
$event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST);
$event->setResponse(new Response('original'));

$this->listener->handle($event);
$this->assertSame('original', $event->getResponse()->getContent());
}

public function testDoesNotAttemptAuthenticationIfRequestContentTypeIsNotJson()
{
$this->createListener();
$request = new Request(array(), array(), array(), array(), array(), array(), '{"username": "dunglas", "password": "foo"}');
$event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST);
$event->setResponse(new Response('original'));

Expand All @@ -158,7 +180,7 @@ public function testDoesNotAttemptAuthenticationIfRequestPathDoesNotMatchCheckPa
public function testAttemptAuthenticationIfRequestPathMatchesCheckPath()
{
$this->createListener(array('check_path' => '/'));
$request = new Request(array(), array(), array(), array(), array(), array(), '{"username": "dunglas", "password": "foo"}');
$request = new Request(array(), array(), array(), array(), array(), array('HTTP_CONTENT_TYPE' => 'application/json'), '{"username": "dunglas", "password": "foo"}');
$event = new GetResponseEvent($this->getMockBuilder(KernelInterface::class)->getMock(), $request, KernelInterface::MASTER_REQUEST);

$this->listener->handle($event);
Expand Down

0 comments on commit 045a36b

Please sign in to comment.