Merge branch '3.4' into 4.2

* 3.4: Fix json-encoding when JSON_THROW_ON_ERROR is used [HttpFoundation] work around PHP 7.3 bug related to json_encode() [Security] added support for updated \"distinguished name\" format in x509 authentication
symfony · Jun 5, 2019 · 3e4b6fd · 3e4b6fd
2 parents 3e37499 + 01e21da
commit 3e4b6fd
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 7 deletions.
diff --git a/Firewall/X509AuthenticationListener.php b/Firewall/X509AuthenticationListener.php
@@ -44,7 +44,10 @@ protected function getPreAuthenticatedData(Request $request)
         $user = null;
         if ($request->server->has($this->userKey)) {
             $user = $request->server->get($this->userKey);
-        } elseif ($request->server->has($this->credentialKey) && preg_match('#/emailAddress=(.+\@.+\..+)(/|$)#', $request->server->get($this->credentialKey), $matches)) {
+        } elseif (
+            $request->server->has($this->credentialKey)
+            && preg_match('#emailAddress=(.+\@.+\.[^,/]+)($|,|/)#', $request->server->get($this->credentialKey), $matches)
+        ) {
             $user = $matches[1];
         }
 

diff --git a/Tests/Firewall/X509AuthenticationListenerTest.php b/Tests/Firewall/X509AuthenticationListenerTest.php
@@ -56,9 +56,8 @@ public static function dataProviderGetPreAuthenticatedData()
     /**
      * @dataProvider dataProviderGetPreAuthenticatedDataNoUser
      */
-    public function testGetPreAuthenticatedDataNoUser($emailAddress)
+    public function testGetPreAuthenticatedDataNoUser($emailAddress, $credentials)
     {
-        $credentials = 'CN=Sample certificate DN/emailAddress='.$emailAddress;
         $request = new Request([], [], [], [], [], ['SSL_CLIENT_S_DN' => $credentials]);
 
         $tokenStorage = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')->getMock();
@@ -76,10 +75,12 @@ public function testGetPreAuthenticatedDataNoUser($emailAddress)
 
     public static function dataProviderGetPreAuthenticatedDataNoUser()
     {
-        return [
-            'basicEmailAddress' => ['[email protected]'],
-            'emailAddressWithPlusSign' => ['[email protected]'],
-        ];
+        yield ['[email protected]', 'CN=Sample certificate DN/[email protected]'];
+        yield ['[email protected]', 'CN=Sample certificate DN/[email protected]'];
+        yield ['[email protected]', 'CN=Sample certificate DN,[email protected]'];
+        yield ['[email protected]', 'CN=Sample certificate DN,[email protected]'];
+        yield ['[email protected]', '[email protected],CN=Sample certificate DN'];
+        yield ['[email protected]', '[email protected]'];
     }
 
     /**