Merge branch '3.4' into 4.4

nicolas-grekas · nicolas-grekas · commit 962860f9a8ac · 2020-03-23T13:37:11.000+01:00
* 3.4:
  [Http Foundation] Fix clear cookie samesite
  [Security] Check if firewall is stateless before checking for session/previous session
  [Form] Support customized intl php.ini settings
  [Security] Remember me: allow to set the samesite cookie flag
  [Debug] fix for PHP 7.3.16+/7.4.4+
  [Validator] Backport translations
  Prevent warning in proc_open()
diff --git a/Guard/GuardAuthenticatorHandler.php b/Guard/GuardAuthenticatorHandler.php
@@ -127,7 +127,7 @@ public function setSessionAuthenticationStrategy(SessionAuthenticationStrategyIn
 
     private function migrateSession(Request $request, TokenInterface $token, ?string $providerKey)
     {
-        if (!$this->sessionStrategy || !$request->hasSession() || !$request->hasPreviousSession() || \in_array($providerKey, $this->statelessProviderKeys, true)) {
+        if (\in_array($providerKey, $this->statelessProviderKeys, true) || !$this->sessionStrategy || !$request->hasSession() || !$request->hasPreviousSession()) {
             return;
         }
 
diff --git a/Guard/Tests/GuardAuthenticatorHandlerTest.php b/Guard/Tests/GuardAuthenticatorHandlerTest.php
@@ -153,6 +153,25 @@ public function testSessionStrategyIsNotCalledWhenStateless()
         $handler->authenticateWithToken($this->token, $this->request, 'some_provider_key');
     }
 
+    /**
+     * @requires function \Symfony\Component\HttpFoundation\Request::setSessionFactory
+     */
+    public function testSessionIsNotInstantiatedOnStatelessFirewall()
+    {
+        $sessionFactory = $this->getMockBuilder(\stdClass::class)
+            ->setMethods(['__invoke'])
+            ->getMock();
+
+        $sessionFactory->expects($this->never())
+            ->method('__invoke');
+
+        $this->request->setSessionFactory($sessionFactory);
+
+        $handler = new GuardAuthenticatorHandler($this->tokenStorage, $this->dispatcher, ['stateless_provider_key']);
+        $handler->setSessionAuthenticationStrategy($this->sessionStrategy);
+        $handler->authenticateWithToken($this->token, $this->request, 'stateless_provider_key');
+    }
+
     protected function setUp(): void
     {
         $this->tokenStorage = $this->getMockBuilder(TokenStorageInterface::class)->getMock();
diff --git a/Http/RememberMe/AbstractRememberMeServices.php b/Http/RememberMe/AbstractRememberMeServices.php
@@ -39,6 +39,7 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface
     protected $options = [
         'secure' => false,
         'httponly' => true,
+        'samesite' => null,
     ];
     private $providerKey;
     private $secret;
@@ -276,7 +277,7 @@ protected function cancelCookie(Request $request)
             $this->logger->debug('Clearing remember-me cookie.', ['name' => $this->options['name']]);
         }
 
-        $request->attributes->set(self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], null, 1, $this->options['path'], $this->options['domain'], $this->options['secure'] ?? $request->isSecure(), $this->options['httponly'], false, $this->options['samesite'] ?? null));
+        $request->attributes->set(self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], null, 1, $this->options['path'], $this->options['domain'], $this->options['secure'] ?? $request->isSecure(), $this->options['httponly'], false, $this->options['samesite']));
     }
 
     /**
diff --git a/Http/RememberMe/PersistentTokenBasedRememberMeServices.php b/Http/RememberMe/PersistentTokenBasedRememberMeServices.php
@@ -86,7 +86,7 @@ protected function processAutoLoginCookie(array $cookieParts, Request $request)
                 $this->options['secure'] ?? $request->isSecure(),
                 $this->options['httponly'],
                 false,
-                $this->options['samesite'] ?? null
+                $this->options['samesite']
             )
         );
 
@@ -121,7 +121,7 @@ protected function onLoginSuccess(Request $request, Response $response, TokenInt
                 $this->options['secure'] ?? $request->isSecure(),
                 $this->options['httponly'],
                 false,
-                $this->options['samesite'] ?? null
+                $this->options['samesite']
             )
         );
     }
diff --git a/Http/RememberMe/TokenBasedRememberMeServices.php b/Http/RememberMe/TokenBasedRememberMeServices.php
@@ -83,7 +83,7 @@ protected function onLoginSuccess(Request $request, Response $response, TokenInt
                 $this->options['secure'] ?? $request->isSecure(),
                 $this->options['httponly'],
                 false,
-                $this->options['samesite'] ?? null
+                $this->options['samesite']
             )
         );
     }

Original file line number	Diff line number	Diff line change
`@@ -127,7 +127,7 @@ public function setSessionAuthenticationStrategy(SessionAuthenticationStrategyIn`
`127`	`127`
`128`	`128`	`private function migrateSession(Request $request, TokenInterface $token, ?string $providerKey)`
`129`	`129`	`{`
`130`		`- if (!$this->sessionStrategy \|\| !$request->hasSession() \|\| !$request->hasPreviousSession() \|\| \in_array($providerKey, $this->statelessProviderKeys, true)) {`
	`130`	`+ if (\in_array($providerKey, $this->statelessProviderKeys, true) \|\| !$this->sessionStrategy \|\| !$request->hasSession() \|\| !$request->hasPreviousSession()) {`
`131`	`131`	`return;`
`132`	`132`	`}`
`133`	`133`
Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,7 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface`
`39`	`39`	`protected $options = [`
`40`	`40`	`'secure' => false,`
`41`	`41`	`'httponly' => true,`
	`42`	`+ 'samesite' => null,`
`42`	`43`	`];`
`43`	`44`	`private $providerKey;`
`44`	`45`	`private $secret;`
`@@ -276,7 +277,7 @@ protected function cancelCookie(Request $request)`
`276`	`277`	`$this->logger->debug('Clearing remember-me cookie.', ['name' => $this->options['name']]);`
`277`	`278`	`}`
`278`	`279`
`279`		`- $request->attributes->set(self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], null, 1, $this->options['path'], $this->options['domain'], $this->options['secure'] ?? $request->isSecure(), $this->options['httponly'], false, $this->options['samesite'] ?? null));`
	`280`	`+ $request->attributes->set(self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], null, 1, $this->options['path'], $this->options['domain'], $this->options['secure'] ?? $request->isSecure(), $this->options['httponly'], false, $this->options['samesite']));`
`280`	`281`	`}`
`281`	`282`
`282`	`283`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -86,7 +86,7 @@ protected function processAutoLoginCookie(array $cookieParts, Request $request)`
`86`	`86`	`$this->options['secure'] ?? $request->isSecure(),`
`87`	`87`	`$this->options['httponly'],`
`88`	`88`	`false,`
`89`		`- $this->options['samesite'] ?? null`
	`89`	`+ $this->options['samesite']`
`90`	`90`	`)`
`91`	`91`	`);`
`92`	`92`
`@@ -121,7 +121,7 @@ protected function onLoginSuccess(Request $request, Response $response, TokenInt`
`121`	`121`	`$this->options['secure'] ?? $request->isSecure(),`
`122`	`122`	`$this->options['httponly'],`
`123`	`123`	`false,`
`124`		`- $this->options['samesite'] ?? null`
	`124`	`+ $this->options['samesite']`
`125`	`125`	`)`
`126`	`126`	`);`
`127`	`127`	`}`
Original file line number	Diff line number	Diff line change
`@@ -83,7 +83,7 @@ protected function onLoginSuccess(Request $request, Response $response, TokenInt`
`83`	`83`	`$this->options['secure'] ?? $request->isSecure(),`
`84`	`84`	`$this->options['httponly'],`
`85`	`85`	`false,`
`86`		`- $this->options['samesite'] ?? null`
	`86`	`+ $this->options['samesite']`
`87`	`87`	`)`
`88`	`88`	`);`
`89`	`89`	`}`