Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] #15764. Use SessionAuthenticationStrategy on RememberMe login #16108

Closed
wants to merge 1 commit into from
Closed

[Security] #15764. Use SessionAuthenticationStrategy on RememberMe login #16108

wants to merge 1 commit into from

Conversation

s12v
Copy link
Contributor

@s12v s12v commented Oct 4, 2015

Regenerate session ID with default session strategy.

Q A
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets #15764
License MIT
Doc PR -

@xabbuh
Copy link
Member

xabbuh commented Oct 4, 2015

Doesn't this also affect Symfony 2.3?

xabbuh
xabbuh reviewed Oct 4, 2015
View reviewed changes
src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php
*/
public function __construct(TokenStorageInterface $tokenStorage, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $catchExceptions = true)
public function __construct(TokenStorageInterface $tokenStorage, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $catchExceptions = true, SessionAuthenticationStrategyInterface $sessionStrategy)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new argument must be optional (people can use it outside the framework which would break their applications when upgrading).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xabbuh, made it optional

@xabbuh
Copy link
Member

xabbuh commented Oct 4, 2015

Status: Needs work

@fabpot fabpot added the Security label Oct 5, 2015
@s12v
Copy link
Contributor Author

s12v commented Oct 10, 2015

Doesn't this also affect Symfony 2.3?

@xabbuh, looks like it does, would it be better to create a PR for 2.3?

@xabbuh
Copy link
Member

xabbuh commented Oct 10, 2015

@s12v If I did not overlook anything the switch can be done when merging. So there's no need to create a new pull request.

xabbuh
xabbuh reviewed Oct 10, 2015
View reviewed changes
src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php
@@ -53,6 +55,7 @@ public function __construct(TokenStorageInterface $tokenStorage, RememberMeServi
$this->logger = $logger;
$this->dispatcher = $dispatcher;
$this->catchExceptions = $catchExceptions;
$this->sessionStrategy = $sessionStrategy;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You need to add the declaration of this property.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xabbuh, oh, right, thanks!

@s12v
[Security] Use SessionAuthenticationStrategy on RememberMe login
8eeb1d5 
Regenerate session ID with default session strategy
@fabpot
Copy link
Member

fabpot commented Oct 13, 2015

👍 for merge in 2.3.

@xabbuh
Copy link
Member

xabbuh commented Oct 16, 2015

👍

fabpot
fabpot reviewed Oct 16, 2015
View reviewed changes
src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php
*/
public function __construct(TokenStorageInterface $tokenStorage, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $catchExceptions = true)
public function __construct(TokenStorageInterface $tokenStorage, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $catchExceptions = true, SessionAuthenticationStrategyInterface $sessionStrategy = null)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The $catchExceptions argument is not in 2.3, so I'm going to merge this one on 2.7 instead.

@fabpot
Copy link
Member

fabpot commented Oct 16, 2015

Thank you @s12v.

fabpot added a commit that referenced this pull request Oct 16, 2015
@fabpot
bug #16108 [Security] #15764. Use SessionAuthenticationStrategy on Re…
3510e0a 
…memberMe login (s12v)

This PR was submitted for the 2.8 branch but it was merged into the 2.7 branch instead (closes #16108).

Discussion
----------

[Security] #15764. Use SessionAuthenticationStrategy on RememberMe login

Regenerate session ID with default session strategy.

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #15764
| License       | MIT
| Doc PR        | -

Commits
-------

795c8b3 [Security] Use SessionAuthenticationStrategy on RememberMe login
@fabpot fabpot closed this Oct 16, 2015
@fabpot fabpot mentioned this pull request Oct 27, 2015
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Security Status: Needs Work
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@s12v @xabbuh @fabpot @carsonbot