Skip to content

Commit b52cbd0

Browse files
Merge branch '6.0' into 6.1
* 6.0: [Notifier] Fix markdown [Security] Fix outdated docblock Update PR template Bump Symfony version to 6.0.17 Update VERSION for 6.0.16 Update CHANGELOG for 6.0.16 Bump Symfony version to 5.4.17 Update VERSION for 5.4.16 Update CHANGELOG for 5.4.16 Update VERSION for 4.4.49 Update CONTRIBUTORS for 4.4.49 Update CHANGELOG for 4.4.49 [Security][LoginLink] Throw InvalidLoginLinkException on missing parameter
2 parents 931b037 + feeeebb commit b52cbd0

File tree

3 files changed

+31
-5
lines changed

3 files changed

+31
-5
lines changed

Authentication/AuthenticationSuccessHandlerInterface.php

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,9 +27,7 @@
2727
interface AuthenticationSuccessHandlerInterface
2828
{
2929
/**
30-
* This is called when an interactive authentication attempt succeeds. This
31-
* is called by authentication listeners inheriting from
32-
* AbstractAuthenticationListener.
30+
* Usually called by AuthenticatorInterface::onAuthenticationSuccess() implementations.
3331
*/
3432
public function onAuthenticationSuccess(Request $request, TokenInterface $token): Response;
3533
}

LoginLink/LoginLinkHandler.php

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -89,8 +89,12 @@ public function consumeLoginLink(Request $request): UserInterface
8989
throw new InvalidLoginLinkException('User not found.', 0, $exception);
9090
}
9191

92-
$hash = $request->get('hash');
93-
$expires = $request->get('expires');
92+
if (!$hash = $request->get('hash')) {
93+
throw new InvalidLoginLinkException('Missing "hash" parameter.');
94+
}
95+
if (!$expires = $request->get('expires')) {
96+
throw new InvalidLoginLinkException('Missing "expires" parameter.');
97+
}
9498

9599
try {
96100
$this->signatureHasher->verifySignatureHash($user, $expires, $hash);

Tests/LoginLink/LoginLinkHandlerTest.php

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -182,6 +182,30 @@ public function testConsumeLoginLinkExceedsMaxUsage()
182182
$linker->consumeLoginLink($request);
183183
}
184184

185+
public function testConsumeLoginLinkWithMissingHash()
186+
{
187+
$user = new TestLoginLinkHandlerUser('weaverryan', '[email protected]', 'pwhash');
188+
$this->userProvider->createUser($user);
189+
190+
$this->expectException(InvalidLoginLinkException::class);
191+
$request = Request::create('/login/verify?user=weaverryan&expires=10000');
192+
193+
$linker = $this->createLinker();
194+
$linker->consumeLoginLink($request);
195+
}
196+
197+
public function testConsumeLoginLinkWithMissingExpiration()
198+
{
199+
$user = new TestLoginLinkHandlerUser('weaverryan', '[email protected]', 'pwhash');
200+
$this->userProvider->createUser($user);
201+
202+
$this->expectException(InvalidLoginLinkException::class);
203+
$request = Request::create('/login/verify?user=weaverryan&hash=thehash');
204+
205+
$linker = $this->createLinker();
206+
$linker->consumeLoginLink($request);
207+
}
208+
185209
private function createSignatureHash(string $username, int $expires, array $extraFields): string
186210
{
187211
$fields = [base64_encode($username), $expires];

0 commit comments

Comments
 (0)