Merge branch '5.2' into 5.x

nicolas-grekas · nicolas-grekas · commit 120fc176c2d8 · 2021-05-10T16:42:11.000+02:00
* 5.2:
  [Inflector][String] wrong plural form of words ending by "pectus"
  [HttpClient] Don't prepare the request in ScopingHttpClient
  [Console] Fixes for PHP 8.1 deprecations
  Make LoginRateLimiter case insentive
  Fix/Rewrite .gitignore regex builder
  Reset limiters on successful login
  Provide count argument for TooManyLoginAttemptsAuthenticationException to be able to translate in plural way
  [security] NullToken signature
diff --git a/EventListener/LoginThrottlingListener.php b/EventListener/LoginThrottlingListener.php
@@ -18,6 +18,7 @@
 use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
 use Symfony\Component\Security\Http\Event\CheckPassportEvent;
+use Symfony\Component\Security\Http\Event\LoginSuccessEvent;
 
 /**
  * @author Wouter de Jong <wouter@wouterj.nl>
@@ -49,10 +50,16 @@ public function checkPassport(CheckPassportEvent $event): void
         }
     }
 
+    public function onSuccessfulLogin(LoginSuccessEvent $event): void
+    {
+        $this->limiter->reset($event->getRequest());
+    }
+
     public static function getSubscribedEvents(): array
     {
         return [
             CheckPassportEvent::class => ['checkPassport', 2080],
+            LoginSuccessEvent::class => 'onSuccessfulLogin',
         ];
     }
 }
diff --git a/RateLimiter/DefaultLoginRateLimiter.php b/RateLimiter/DefaultLoginRateLimiter.php
@@ -39,7 +39,7 @@ protected function getLimiters(Request $request): array
     {
         return [
             $this->globalFactory->create($request->getClientIp()),
-            $this->localFactory->create($request->attributes->get(Security::LAST_USERNAME).'-'.$request->getClientIp()),
+            $this->localFactory->create(strtolower($request->attributes->get(Security::LAST_USERNAME)).'-'.$request->getClientIp()),
         ];
     }
 }
diff --git a/Tests/EventListener/LoginThrottlingListenerTest.php b/Tests/EventListener/LoginThrottlingListenerTest.php
@@ -63,10 +63,31 @@ public function testPreventsLoginWhenOverLocalThreshold()
             $this->listener->checkPassport($this->createCheckPassportEvent($passport));
         }
 
+        $this->listener->onSuccessfulLogin($this->createLoginSuccessfulEvent($passport));
+
+        for ($i = 0; $i < 3; ++$i) {
+            $this->listener->checkPassport($this->createCheckPassportEvent($passport));
+        }
+
         $this->expectException(TooManyLoginAttemptsAuthenticationException::class);
         $this->listener->checkPassport($this->createCheckPassportEvent($passport));
     }
 
+    public function testPreventsLoginWithMultipleCase()
+    {
+        $request = $this->createRequest();
+        $passports = [$this->createPassport('wouter'), $this->createPassport('Wouter'), $this->createPassport('wOuter')];
+
+        $this->requestStack->push($request);
+
+        for ($i = 0; $i < 3; ++$i) {
+            $this->listener->checkPassport($this->createCheckPassportEvent($passports[$i % 3]));
+        }
+
+        $this->expectException(TooManyLoginAttemptsAuthenticationException::class);
+        $this->listener->checkPassport($this->createCheckPassportEvent($passports[0]));
+    }
+
     public function testPreventsLoginWhenOverGlobalThreshold()
     {
         $request = $this->createRequest();
@@ -87,12 +108,9 @@ private function createPassport($username)
         return new SelfValidatingPassport(new UserBadge($username));
     }
 
-    private function createLoginSuccessfulEvent($passport, $username = 'wouter')
+    private function createLoginSuccessfulEvent($passport)
     {
-        $token = $this->createMock(TokenInterface::class);
-        $token->expects($this->any())->method('getUserIdentifier')->willReturn($username);
-
-        return new LoginSuccessEvent($this->createMock(AuthenticatorInterface::class), $passport, $token, $this->requestStack->getCurrentRequest(), null, 'main');
+        return new LoginSuccessEvent($this->createMock(AuthenticatorInterface::class), $passport, $this->createMock(TokenInterface::class), $this->requestStack->getCurrentRequest(), null, 'main');
     }
 
     private function createCheckPassportEvent($passport)

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,7 @@`
`18`	`18`	`use Symfony\Component\Security\Core\Security;`
`19`	`19`	`use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;`
`20`	`20`	`use Symfony\Component\Security\Http\Event\CheckPassportEvent;`
	`21`	`+use Symfony\Component\Security\Http\Event\LoginSuccessEvent;`
`21`	`22`
`22`	`23`	`/**`
`23`	`24`	`* @author Wouter de Jong <[email protected]>`
`@@ -49,10 +50,16 @@ public function checkPassport(CheckPassportEvent $event): void`
`49`	`50`	`}`
`50`	`51`	`}`
`51`	`52`
	`53`	`+ public function onSuccessfulLogin(LoginSuccessEvent $event): void`
	`54`	`+ {`
	`55`	`+ $this->limiter->reset($event->getRequest());`
	`56`	`+ }`
	`57`	`+`
`52`	`58`	`public static function getSubscribedEvents(): array`
`53`	`59`	`{`
`54`	`60`	`return [`
`55`	`61`	`CheckPassportEvent::class => ['checkPassport', 2080],`
	`62`	`+ LoginSuccessEvent::class => 'onSuccessfulLogin',`
`56`	`63`	`];`
`57`	`64`	`}`
`58`	`65`	`}`
Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,7 @@ protected function getLimiters(Request $request): array`
`39`	`39`	`{`
`40`	`40`	`return [`
`41`	`41`	`$this->globalFactory->create($request->getClientIp()),`
`42`		`- $this->localFactory->create($request->attributes->get(Security::LAST_USERNAME).'-'.$request->getClientIp()),`
	`42`	`+ $this->localFactory->create(strtolower($request->attributes->get(Security::LAST_USERNAME)).'-'.$request->getClientIp()),`
`43`	`43`	`];`
`44`	`44`	`}`
`45`	`45`	`}`