From 680b83c6d377d4b569bea396af40567cb98740f9 Mon Sep 17 00:00:00 2001 From: Victor Berchet Date: Wed, 20 Jun 2012 20:42:55 +0200 Subject: [PATCH] [Security] Allow "0" as a password --- .../Provider/DaoAuthenticationProvider.php | 2 +- .../DaoAuthenticationProviderTest.php | 94 +++++++++++++------ 2 files changed, 67 insertions(+), 29 deletions(-) diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php index f17eaa4c5bb0..f22045f03dea 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php +++ b/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php @@ -59,7 +59,7 @@ protected function checkAuthentication(UserInterface $user, UsernamePasswordToke throw new BadCredentialsException('The credentials were changed from another session.'); } } else { - if (!$presentedPassword = $token->getCredentials()) { + if ("" === ($presentedPassword = $token->getCredentials())) { throw new BadCredentialsException('The presented password cannot be empty.'); } diff --git a/tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/DaoAuthenticationProviderTest.php b/tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/DaoAuthenticationProviderTest.php index 70336cdfa15c..3d3ddaba3006 100644 --- a/tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/DaoAuthenticationProviderTest.php +++ b/tests/Symfony/Tests/Component/Security/Core/Authentication/Provider/DaoAuthenticationProviderTest.php @@ -35,13 +35,13 @@ public function testRetrieveUserWhenProviderDoesNotReturnAnUserInterface() */ public function testRetrieveUserWhenUsernameIsNotFound() { - $userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface'); + $userProvider = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserProviderInterface'); $userProvider->expects($this->once()) ->method('loadUserByUsername') - ->will($this->throwException($this->getMock('Symfony\Component\Security\Core\Exception\UsernameNotFoundException', null, array(), '', false))) + ->will($this->throwException($this->getMock('Symfony\\Component\\Security\\Core\\Exception\\UsernameNotFoundException', null, array(), '', false))) ; - $provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'), 'key', $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface')); + $provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserCheckerInterface'), 'key', $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\EncoderFactoryInterface')); $method = new \ReflectionMethod($provider, 'retrieveUser'); $method->setAccessible(true); @@ -53,13 +53,13 @@ public function testRetrieveUserWhenUsernameIsNotFound() */ public function testRetrieveUserWhenAnExceptionOccurs() { - $userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface'); + $userProvider = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserProviderInterface'); $userProvider->expects($this->once()) ->method('loadUserByUsername') ->will($this->throwException($this->getMock('RuntimeException', null, array(), '', false))) ; - $provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'), 'key', $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface')); + $provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserCheckerInterface'), 'key', $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\EncoderFactoryInterface')); $method = new \ReflectionMethod($provider, 'retrieveUser'); $method->setAccessible(true); @@ -68,19 +68,19 @@ public function testRetrieveUserWhenAnExceptionOccurs() public function testRetrieveUserReturnsUserFromTokenOnReauthentication() { - $userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface'); + $userProvider = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserProviderInterface'); $userProvider->expects($this->never()) ->method('loadUserByUsername') ; - $user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); + $user = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'); $token = $this->getSupportedToken(); $token->expects($this->once()) ->method('getUser') ->will($this->returnValue($user)) ; - $provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'), 'key', $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface')); + $provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserCheckerInterface'), 'key', $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\EncoderFactoryInterface')); $reflection = new \ReflectionMethod($provider, 'retrieveUser'); $reflection->setAccessible(true); $result = $reflection->invoke($provider, null, $token); @@ -90,15 +90,15 @@ public function testRetrieveUserReturnsUserFromTokenOnReauthentication() public function testRetrieveUser() { - $user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); + $user = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'); - $userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface'); + $userProvider = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserProviderInterface'); $userProvider->expects($this->once()) ->method('loadUserByUsername') ->will($this->returnValue($user)) ; - $provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'), 'key', $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface')); + $provider = new DaoAuthenticationProvider($userProvider, $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserCheckerInterface'), 'key', $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\EncoderFactoryInterface')); $method = new \ReflectionMethod($provider, 'retrieveUser'); $method->setAccessible(true); @@ -110,17 +110,55 @@ public function testRetrieveUser() */ public function testCheckAuthenticationWhenCredentialsAreEmpty() { - $provider = $this->getProvider(); + $encoder = $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\PasswordEncoderInterface'); + $encoder + ->expects($this->never()) + ->method('isPasswordValid') + ; + + $provider = $this->getProvider(false, false, $encoder); $method = new \ReflectionMethod($provider, 'checkAuthentication'); $method->setAccessible(true); $token = $this->getSupportedToken(); - $token->expects($this->once()) - ->method('getCredentials') - ->will($this->returnValue('')) + $token + ->expects($this->once()) + ->method('getCredentials') + ->will($this->returnValue('')) + ; + + $method->invoke( + $provider, + $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'), + $token + ); + } + + public function testCheckAuthenticationWhenCredentialsAre0() + { + $encoder = $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\PasswordEncoderInterface'); + $encoder + ->expects($this->once()) + ->method('isPasswordValid') + ->will($this->returnValue(true)) + ; + + $provider = $this->getProvider(false, false, $encoder); + $method = new \ReflectionMethod($provider, 'checkAuthentication'); + $method->setAccessible(true); + + $token = $this->getSupportedToken(); + $token + ->expects($this->once()) + ->method('getCredentials') + ->will($this->returnValue('0')) ; - $method->invoke($provider, $this->getMock('Symfony\Component\Security\Core\User\UserInterface'), $token); + $method->invoke( + $provider, + $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'), + $token + ); } /** @@ -128,7 +166,7 @@ public function testCheckAuthenticationWhenCredentialsAreEmpty() */ public function testCheckAuthenticationWhenCredentialsAreNotValid() { - $encoder = $this->getMock('Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface'); + $encoder = $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\PasswordEncoderInterface'); $encoder->expects($this->once()) ->method('isPasswordValid') ->will($this->returnValue(false)) @@ -144,7 +182,7 @@ public function testCheckAuthenticationWhenCredentialsAreNotValid() ->will($this->returnValue('foo')) ; - $method->invoke($provider, $this->getMock('Symfony\Component\Security\Core\User\UserInterface'), $token); + $method->invoke($provider, $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'), $token); } /** @@ -152,7 +190,7 @@ public function testCheckAuthenticationWhenCredentialsAreNotValid() */ public function testCheckAuthenticationDoesNotReauthenticateWhenPasswordHasChanged() { - $user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); + $user = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'); $user->expects($this->once()) ->method('getPassword') ->will($this->returnValue('foo')) @@ -163,7 +201,7 @@ public function testCheckAuthenticationDoesNotReauthenticateWhenPasswordHasChang ->method('getUser') ->will($this->returnValue($user)); - $dbUser = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); + $dbUser = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'); $dbUser->expects($this->once()) ->method('getPassword') ->will($this->returnValue('newFoo')) @@ -177,7 +215,7 @@ public function testCheckAuthenticationDoesNotReauthenticateWhenPasswordHasChang public function testCheckAuthenticationWhenTokenNeedsReauthenticationWorksWithoutOriginalCredentials() { - $user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); + $user = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'); $user->expects($this->once()) ->method('getPassword') ->will($this->returnValue('foo')) @@ -188,7 +226,7 @@ public function testCheckAuthenticationWhenTokenNeedsReauthenticationWorksWithou ->method('getUser') ->will($this->returnValue($user)); - $dbUser = $this->getMock('Symfony\Component\Security\Core\User\UserInterface'); + $dbUser = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'); $dbUser->expects($this->once()) ->method('getPassword') ->will($this->returnValue('foo')) @@ -202,7 +240,7 @@ public function testCheckAuthenticationWhenTokenNeedsReauthenticationWorksWithou public function testCheckAuthentication() { - $encoder = $this->getMock('Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface'); + $encoder = $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\PasswordEncoderInterface'); $encoder->expects($this->once()) ->method('isPasswordValid') ->will($this->returnValue(true)) @@ -218,12 +256,12 @@ public function testCheckAuthentication() ->will($this->returnValue('foo')) ; - $method->invoke($provider, $this->getMock('Symfony\Component\Security\Core\User\UserInterface'), $token); + $method->invoke($provider, $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'), $token); } protected function getSupportedToken() { - $mock = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', array('getCredentials', 'getUser', 'getProviderKey'), array(), '', false); + $mock = $this->getMock('Symfony\\Component\\Security\\Core\\Authentication\\Token\\UsernamePasswordToken', array('getCredentials', 'getUser', 'getProviderKey'), array(), '', false); $mock ->expects($this->any()) ->method('getProviderKey') @@ -235,7 +273,7 @@ protected function getSupportedToken() protected function getProvider($user = false, $userChecker = false, $passwordEncoder = null) { - $userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface'); + $userProvider = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserProviderInterface'); if (false !== $user) { $userProvider->expects($this->once()) ->method('loadUserByUsername') @@ -244,14 +282,14 @@ protected function getProvider($user = false, $userChecker = false, $passwordEnc } if (false === $userChecker) { - $userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface'); + $userChecker = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserCheckerInterface'); } if (null === $passwordEncoder) { $passwordEncoder = new PlaintextPasswordEncoder(); } - $encoderFactory = $this->getMock('Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface'); + $encoderFactory = $this->getMock('Symfony\\Component\\Security\\Core\\Encoder\\EncoderFactoryInterface'); $encoderFactory ->expects($this->any()) ->method('getEncoder')