[Security/Http] fix parsing X509 emailAddress

nicolas-grekas · nicolas-grekas · commit 5fd4bc1cf48c · 2019-09-30T14:24:32.000+02:00
diff --git a/Firewall/X509AuthenticationListener.php b/Firewall/X509AuthenticationListener.php
@@ -46,7 +46,7 @@ protected function getPreAuthenticatedData(Request $request)
             $user = $request->server->get($this->userKey);
         } elseif (
             $request->server->has($this->credentialKey)
-            && preg_match('#emailAddress=(.+\@.+\.[^,/]+)($|,|/)#', $request->server->get($this->credentialKey), $matches)
+            && preg_match('#emailAddress=([^,/@]++@[^,/]++)#', $request->server->get($this->credentialKey), $matches)
         ) {
             $user = $matches[1];
         }
diff --git a/Tests/Firewall/X509AuthenticationListenerTest.php b/Tests/Firewall/X509AuthenticationListenerTest.php
@@ -81,6 +81,7 @@ public static function dataProviderGetPreAuthenticatedDataNoUser()
         yield ['cert+something@example.com', 'CN=Sample certificate DN,emailAddress=cert+something@example.com'];
         yield ['cert+something@example.com', 'emailAddress=cert+something@example.com,CN=Sample certificate DN'];
         yield ['cert+something@example.com', 'emailAddress=cert+something@example.com'];
+        yield ['firstname.lastname@mycompany.co.uk', 'emailAddress=firstname.lastname@mycompany.co.uk,CN=Firstname.Lastname,OU=london,OU=company design and engineering,OU=Issuer London,OU=Roaming,OU=Interactive,OU=Users,OU=Standard,OU=Business,DC=england,DC=core,DC=company,DC=co,DC=uk'];
     }
 
     public function testGetPreAuthenticatedDataNoData()

Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@ protected function getPreAuthenticatedData(Request $request)`
`46`	`46`	`$user = $request->server->get($this->userKey);`
`47`	`47`	`} elseif (`
`48`	`48`	`$request->server->has($this->credentialKey)`
`49`		`- && preg_match('#emailAddress=(.+\@.+\.[^,/]+)($\|,\|/)#', $request->server->get($this->credentialKey), $matches)`
	`49`	`+ && preg_match('#emailAddress=([^,/@]++@[^,/]++)#', $request->server->get($this->credentialKey), $matches)`
`50`	`50`	`) {`
`51`	`51`	`$user = $matches[1];`
`52`	`52`	`}`
Original file line number	Diff line number	Diff line change
`@@ -81,6 +81,7 @@ public static function dataProviderGetPreAuthenticatedDataNoUser()`
`81`	`81`	`yield ['[email protected]', 'CN=Sample certificate DN,[email protected]'];`
`82`	`82`	`yield ['[email protected]', '[email protected],CN=Sample certificate DN'];`
`83`	`83`	`yield ['[email protected]', '[email protected]'];`
	`84`	`+ yield ['[email protected]', '[email protected],CN=Firstname.Lastname,OU=london,OU=company design and engineering,OU=Issuer London,OU=Roaming,OU=Interactive,OU=Users,OU=Standard,OU=Business,DC=england,DC=core,DC=company,DC=co,DC=uk'];`
`84`	`85`	`}`
`85`	`86`
`86`	`87`	`public function testGetPreAuthenticatedDataNoData()`