minor #30044 [Security] Fix serialization workaround in CustomUserMes…

…sageAuthenticationException (renanbr) This PR was merged into the 3.4 branch. Discussion ---------- [Security] Fix serialization workaround in CustomUserMessageAuthenticationException | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | m/a Commits ------- 542e9e2 fix serialization workaround in CustomUserMessageAuthenticationException
symfony · Jan 30, 2019 · 11dc73d · 11dc73d
2 parents 46edcee + 542e9e2
commit 11dc73d
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 1 deletion.
diff --git a/src/Symfony/Component/Security/Core/Exception/CustomUserMessageAuthenticationException.php b/src/Symfony/Component/Security/Core/Exception/CustomUserMessageAuthenticationException.php
@@ -60,7 +60,7 @@ public function getMessageData()
      */
     public function serialize()
     {
-        return serialize([parent::serialize(true), $this->messageKey, $this->messageData]);
+        $serialized = [parent::serialize(true), $this->messageKey, $this->messageData];
 
         return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
     }

diff --git a/.../Component/Security/Core/Tests/Exception/CustomUserMessageAuthenticationExceptionTest.php b/.../Component/Security/Core/Tests/Exception/CustomUserMessageAuthenticationExceptionTest.php
@@ -15,6 +15,21 @@
 use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
 use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
 
+class ChildCustomUserMessageAuthenticationException extends CustomUserMessageAuthenticationException
+{
+    public function serialize()
+    {
+        return serialize([$this->childMember, parent::serialize()]);
+    }
+
+    public function unserialize($str)
+    {
+        list($this->childMember, $parentData) = unserialize($str);
+
+        parent::unserialize($parentData);
+    }
+}
+
 class CustomUserMessageAuthenticationExceptionTest extends TestCase
 {
     public function testConstructWithSAfeMessage()
@@ -39,4 +54,18 @@ public function testSharedSerializedData()
         $this->assertEquals($token, $processed->getMessageData()['token']);
         $this->assertSame($processed->getToken(), $processed->getMessageData()['token']);
     }
+
+    public function testSharedSerializedDataFromChild()
+    {
+        $token = new AnonymousToken('foo', 'bar');
+
+        $exception = new ChildCustomUserMessageAuthenticationException();
+        $exception->childMember = $token;
+        $exception->setToken($token);
+
+        $processed = unserialize(serialize($exception));
+        $this->assertEquals($token, $processed->childMember);
+        $this->assertEquals($token, $processed->getToken());
+        $this->assertSame($processed->getToken(), $processed->childMember);
+    }
 }