Skip to content
Permalink
Browse files

minor #30044 [Security] Fix serialization workaround in CustomUserMes…

…sageAuthenticationException (renanbr)

This PR was merged into the 3.4 branch.

Discussion
----------

[Security] Fix serialization workaround in CustomUserMessageAuthenticationException

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | n/a
| License       | MIT
| Doc PR        | m/a

Commits
-------

542e9e2 fix serialization workaround in CustomUserMessageAuthenticationException
  • Loading branch information...
nicolas-grekas committed Jan 30, 2019
2 parents 46edcee + 542e9e2 commit 11dc73d36792baf48c3135e857727c9d07e55bd8
@@ -60,7 +60,7 @@ public function getMessageData()
*/
public function serialize()
{
return serialize([parent::serialize(true), $this->messageKey, $this->messageData]);
$serialized = [parent::serialize(true), $this->messageKey, $this->messageData];
return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
}
@@ -15,6 +15,21 @@
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
class ChildCustomUserMessageAuthenticationException extends CustomUserMessageAuthenticationException
{
public function serialize()
{
return serialize([$this->childMember, parent::serialize()]);
}
public function unserialize($str)
{
list($this->childMember, $parentData) = unserialize($str);
parent::unserialize($parentData);
}
}
class CustomUserMessageAuthenticationExceptionTest extends TestCase
{
public function testConstructWithSAfeMessage()
@@ -39,4 +54,18 @@ public function testSharedSerializedData()
$this->assertEquals($token, $processed->getMessageData()['token']);
$this->assertSame($processed->getToken(), $processed->getMessageData()['token']);
}
public function testSharedSerializedDataFromChild()
{
$token = new AnonymousToken('foo', 'bar');
$exception = new ChildCustomUserMessageAuthenticationException();
$exception->childMember = $token;
$exception->setToken($token);
$processed = unserialize(serialize($exception));
$this->assertEquals($token, $processed->childMember);
$this->assertEquals($token, $processed->getToken());
$this->assertSame($processed->getToken(), $processed->childMember);
}
}

0 comments on commit 11dc73d

Please sign in to comment.
You can’t perform that action at this time.