Merge branch '4.4' into 5.0

nicolas-grekas · nicolas-grekas · commit c7c8110bcd8e · 2020-03-18T09:00:37.000+01:00
* 4.4:
  [DI] Fix CheckTypeDeclarationPass
  [Security/Http] don't require the session to be started when tracking its id
  [DI] fix preloading script generation
diff --git a/Firewall/AnonymousAuthenticationListener.php b/Firewall/AnonymousAuthenticationListener.php
@@ -19,6 +19,9 @@
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 
+// Help opcache.preload discover always-needed symbols
+class_exists(AnonymousToken::class);
+
 /**
  * AnonymousAuthenticationListener automatically adds a Token if none is
  * already present.
diff --git a/Firewall/ContextListener.php b/Firewall/ContextListener.php
@@ -100,10 +100,10 @@ public function authenticate(RequestEvent $event)
 
         if (null !== $session) {
             $usageIndexValue = $session instanceof Session ? $usageIndexReference = &$session->getUsageIndex() : 0;
-            $sessionId = $session->getId();
+            $sessionId = $request->cookies->get($session->getName());
             $token = $session->get($this->sessionKey);
 
-            if ($this->sessionTrackerEnabler && $session->getId() === $sessionId) {
+            if ($this->sessionTrackerEnabler && \in_array($sessionId, [true, $session->getId()], true)) {
                 $usageIndexReference = $usageIndexValue;
             }
         }
diff --git a/Tests/Firewall/ContextListenerTest.php b/Tests/Firewall/ContextListenerTest.php
@@ -344,6 +344,23 @@ public function testDeauthenticatedEvent()
         $this->assertNull($tokenStorage->getToken());
     }
 
+    public function testWithPreviousNotStartedSession()
+    {
+        $session = new Session(new MockArraySessionStorage());
+
+        $request = new Request();
+        $request->setSession($session);
+        $request->cookies->set('MOCKSESSID', true);
+
+        $usageIndex = $session->getUsageIndex();
+
+        $tokenStorage = new TokenStorage();
+        $listener = new ContextListener($tokenStorage, [], 'context_key', null, null, null, [$tokenStorage, 'getToken']);
+        $listener(new RequestEvent($this->getMockBuilder(HttpKernelInterface::class)->getMock(), $request, HttpKernelInterface::MASTER_REQUEST));
+
+        $this->assertSame($usageIndex, $session->getUsageIndex());
+    }
+
     protected function runSessionOnKernelResponse($newToken, $original = null)
     {
         $session = new Session(new MockArraySessionStorage());

Original file line number	Diff line number	Diff line change
`@@ -100,10 +100,10 @@ public function authenticate(RequestEvent $event)`
`100`	`100`
`101`	`101`	`if (null !== $session) {`
`102`	`102`	`$usageIndexValue = $session instanceof Session ? $usageIndexReference = &$session->getUsageIndex() : 0;`
`103`		`- $sessionId = $session->getId();`
	`103`	`+ $sessionId = $request->cookies->get($session->getName());`
`104`	`104`	`$token = $session->get($this->sessionKey);`
`105`	`105`
`106`		`- if ($this->sessionTrackerEnabler && $session->getId() === $sessionId) {`
	`106`	`+ if ($this->sessionTrackerEnabler && \in_array($sessionId, [true, $session->getId()], true)) {`
`107`	`107`	`$usageIndexReference = $usageIndexValue;`
`108`	`108`	`}`
`109`	`109`	`}`