Merge pull request #65 from zerkms/TRUSTED_FILTER_CHECK_CONTEXT_ALLOW…

…S_TRUSTED Additionally check if trusted option is set by context
scheb · Aug 15, 2016 · dd8ea15 · dd8ea15
2 parents e9f3d5e + baaf0ba
commit dd8ea15
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 3 deletions.
diff --git a/Security/TwoFactor/Trusted/TrustedFilter.php b/Security/TwoFactor/Trusted/TrustedFilter.php
@@ -57,13 +57,13 @@ public function beginAuthentication(AuthenticationContextInterface $context)
     {
         $request = $context->getRequest();
         $user = $context->getUser();
+        $context->setUseTrustedOption($this->useTrustedOption);
 
         // Skip two-factor authentication on trusted computers
-        if ($this->useTrustedOption && $this->cookieManager->isTrustedComputer($request, $user)) {
+        if ($context->useTrustedOption() && $this->cookieManager->isTrustedComputer($request, $user)) {
             return;
         }
 
-        $context->setUseTrustedOption($this->useTrustedOption); // Set trusted flag
         $this->authHandler->beginAuthentication($context);
     }
 
@@ -86,7 +86,7 @@ public function requestAuthenticationCode(AuthenticationContextInterface $contex
         if ($response instanceof Response) {
 
             // Set trusted cookie
-            if ($context->isAuthenticated() && $request->get($this->trustedName)) {
+            if ($context->isAuthenticated() && $context->useTrustedOption() && $request->get($this->trustedName)) {
                 $cookie = $this->cookieManager->createTrustedCookie($request, $user);
                 $response->headers->setCookie($cookie);
             }

diff --git a/Tests/Security/TwoFactor/Trusted/TrustedFilterTest.php b/Tests/Security/TwoFactor/Trusted/TrustedFilterTest.php
@@ -114,12 +114,47 @@ public function beginAuthentication_trustedOptionUsed_checkTrustedCookie()
         $user = $this->getUser();
         $context = $this->getAuthenticationContext();
 
+        $context
+            ->expects($this->once())
+            ->method('useTrustedOption')
+            ->will($this->returnValue(true));
+
         //Mock the TrustedCookieManager
         $this->cookieManager
             ->expects($this->once())
             ->method('isTrustedComputer')
             ->with($request, $user);
 
+        $this->authHandler
+            ->expects($this->once())
+            ->method('beginAuthentication');
+
+        $this->trustedFilter->beginAuthentication($context);
+    }
+
+    /**
+     * @test
+     */
+    public function beginAuthentication_trustedOptionUsedOnlyIfContextAllows()
+    {
+        $request = $this->getRequest();
+        $user = $this->getUser();
+        $context = $this->getAuthenticationContext();
+
+        $context
+            ->expects($this->once())
+            ->method('useTrustedOption')
+            ->will($this->returnValue(false));
+
+        $this->cookieManager
+            ->expects($this->never())
+            ->method('isTrustedComputer')
+            ->with($request, $user);
+
+        $this->authHandler
+            ->expects($this->once())
+            ->method('beginAuthentication');
+
         $this->trustedFilter->beginAuthentication($context);
     }
 
@@ -130,6 +165,11 @@ public function beginAuthentication_isTrustedComputer_notCallAuthenticationHandl
     {
         $context = $this->getAuthenticationContext();
 
+        $context
+            ->expects($this->once())
+            ->method('useTrustedOption')
+            ->will($this->returnValue(true));
+
         //Stub the TrustedCookieManager
         $this->cookieManager
             ->expects($this->any())
@@ -331,6 +371,11 @@ public function requestAuthenticationCode_authenticatedAndTrustedChecked_setTrus
             ->method('isAuthenticated')
             ->will($this->returnValue(true));
 
+        $context
+            ->expects($this->once())
+            ->method('useTrustedOption')
+            ->will($this->returnValue(true));
+
         //Stub the authentication handler
         $response = $this->getResponse();
         $this->authHandler
@@ -354,4 +399,34 @@ public function requestAuthenticationCode_authenticatedAndTrustedChecked_setTrus
 
         $this->trustedFilter->requestAuthenticationCode($context);
     }
+
+    /**
+     * @test
+     */
+    public function requestAuthenticationCode_shouldCheckIfTrustedIsAllowedByContext()
+    {
+        $context = $this->getAuthenticationContext();
+
+        $context
+            ->expects($this->once())
+            ->method('isAuthenticated')
+            ->will($this->returnValue(true));
+
+        $context->expects($this->once())
+            ->method('useTrustedOption')
+            ->will($this->returnValue(false));
+
+        $this->authHandler
+            ->expects($this->once())
+            ->method('requestAuthenticationCode')
+            ->with($context)
+            ->will($this->returnValue(new Response('<form></form>')));
+
+        $this->cookieManager
+            ->expects($this->never())
+            ->method('createTrustedCookie');
+
+        $returnValue = $this->trustedFilter->requestAuthenticationCode($context);
+        $this->assertInstanceOf('Symfony\Component\HttpFoundation\Response', $returnValue);
+    }
 }