Skip to content

Commit cfc946a

Browse files
author
Mbechezi Nawo
committed
Verifying if the password field is null
1 parent 968bd0f commit cfc946a

File tree

2 files changed

+30
-2
lines changed

2 files changed

+30
-2
lines changed

src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -95,6 +95,10 @@ protected function attemptAuthentication(Request $request)
9595
throw new BadCredentialsException('Invalid username.');
9696
}
9797

98+
if (null === $password) {
99+
throw new \LogicException(sprintf('The key "%s" cannot be null.', $this->options['password_parameter']));
100+
}
101+
98102
$request->getSession()->set(Security::LAST_USERNAME, $username);
99103

100104
return $this->authenticationManager->authenticate(new UsernamePasswordToken($username, $password, $this->providerKey));

src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php

Lines changed: 26 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ class UsernamePasswordFormAuthenticationListenerTest extends TestCase
3232
*/
3333
public function testHandleWhenUsernameLength($username, $ok)
3434
{
35-
$request = Request::create('/login_check', 'POST', ['_username' => $username]);
35+
$request = Request::create('/login_check', 'POST', ['_username' => $username, '_password' => 'symfony']);
3636
$request->setSession($this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock());
3737

3838
$httpUtils = $this->getMockBuilder('Symfony\Component\Security\Http\HttpUtils')->getMock();
@@ -161,7 +161,31 @@ public function testHandleNonStringUsernameWith__toString($postOnly)
161161
->method('__toString')
162162
->willReturn('someUsername');
163163

164-
$request = Request::create('/login_check', 'POST', ['_username' => $usernameClass]);
164+
$request = Request::create('/login_check', 'POST', ['_username' => $usernameClass, '_password' => 'symfony']);
165+
$request->setSession($this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock());
166+
$listener = new UsernamePasswordFormAuthenticationListener(
167+
new TokenStorage(),
168+
$this->getMockBuilder('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface')->getMock(),
169+
new SessionAuthenticationStrategy(SessionAuthenticationStrategy::NONE),
170+
$httpUtils = new HttpUtils(),
171+
'foo',
172+
new DefaultAuthenticationSuccessHandler($httpUtils),
173+
new DefaultAuthenticationFailureHandler($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $httpUtils),
174+
['require_previous_session' => false, 'post_only' => $postOnly]
175+
);
176+
$event = new GetResponseEvent($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $request, HttpKernelInterface::MASTER_REQUEST);
177+
$listener->handle($event);
178+
}
179+
180+
/**
181+
* @dataProvider postOnlyDataProvider
182+
*/
183+
public function testHandleWhenPasswordAreNull($postOnly)
184+
{
185+
$this->expectException('LogicException');
186+
$this->expectExceptionMessage('The key "_password" cannot be null.');
187+
188+
$request = Request::create('/login_check', 'POST', ['_username' => 'symfony', 'password' => 'symfony']);
165189
$request->setSession($this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock());
166190
$listener = new UsernamePasswordFormAuthenticationListener(
167191
new TokenStorage(),

0 commit comments

Comments
 (0)