Merge branch '6.0' into 6.1

nicolas-grekas · nicolas-grekas · commit 748f09d717c2 · 2022-01-27T11:12:23.000+01:00
* 6.0: (27 commits)
  [DoctrineBridge] fix tests
  [HttpKernel] Fix session test cases for symfony
  [FrameworkBundle] Fix missing arguments when a serialization default context is bound
  [Runtime] Fix --env and --no-debug with dotenv_overload
  [Cache] fix merge
  cs fix
  [Finder] Fix finding VCS re-included files in excluded directory
  [Yaml] Improve the deprecation warnings for octal numbers to suggest migrating
  Fix Choice constraint with associative choices array
  [Form] UrlType should not add protocol to emails
  [Dotenv] Fix bootEnv() override with .env.local.php when the env key already exists
  Silence isatty warnings during tty detection
  [Serializer] Fix AbstractObjectNormalizer not considering pseudo type false
  [Notifier] Fix encoding of messages with FreeMobileTransport
  [Cache] workaround PHP crash
  [Console] Fix PHP 8.1 deprecation in ChoiceQuestion
  [HttpKernel] Fix compatibility with php bridge and already started php sessions
  [Notifier] smsapi-notifier - correct encoding
  Replaced full CoC text with link to documentation
  Making the parser stateless
  ...
diff --git a/EventListener/AbstractSessionListener.php b/EventListener/AbstractSessionListener.php
@@ -73,10 +73,12 @@ public function onKernelRequest(RequestEvent $event)
                 }
 
                 /*
-                 * For supporting sessions in php runtime with runners like roadrunner or swoole the session
-                 * cookie need read from the cookie bag and set on the session storage.
+                 * For supporting sessions in php runtime with runners like roadrunner or swoole, the session
+                 * cookie needs to be read from the cookie bag and set on the session storage.
+                 *
+                 * Do not set it when a native php session is active.
                  */
-                if ($sess && !$sess->isStarted()) {
+                if ($sess && !$sess->isStarted() && \PHP_SESSION_ACTIVE !== session_status()) {
                     $sessionId = $request->cookies->get($sess->getName(), '');
                     $sess->setId($sessionId);
                 }
@@ -147,7 +149,8 @@ public function onKernelResponse(ResponseEvent $event)
             $request = $event->getRequest();
             $requestSessionCookieId = $request->cookies->get($sessionName);
 
-            if ($requestSessionCookieId && ($session instanceof Session ? $session->isEmpty() : empty($session->all()))) {
+            $isSessionEmpty = ($session instanceof Session ? $session->isEmpty() : empty($session->all())) && empty($_SESSION); // checking $_SESSION to keep compatibility with native sessions
+            if ($requestSessionCookieId && $isSessionEmpty) {
                 $response->headers->clearCookie(
                     $sessionName,
                     $sessionCookiePath,
@@ -156,7 +159,7 @@ public function onKernelResponse(ResponseEvent $event)
                     $sessionCookieHttpOnly,
                     $sessionCookieSameSite
                 );
-            } elseif ($sessionId !== $requestSessionCookieId) {
+            } elseif ($sessionId !== $requestSessionCookieId && !$isSessionEmpty) {
                 $expire = 0;
                 $lifetime = $sessionOptions['cookie_lifetime'] ?? null;
                 if ($lifetime) {
diff --git a/Tests/EventListener/SessionListenerTest.php b/Tests/EventListener/SessionListenerTest.php
@@ -22,6 +22,9 @@
 use Symfony\Component\HttpFoundation\Session\Session;
 use Symfony\Component\HttpFoundation\Session\SessionFactory;
 use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;
+use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorageFactory;
+use Symfony\Component\HttpFoundation\Session\Storage\PhpBridgeSessionStorageFactory;
+use Symfony\Component\HttpFoundation\Session\Storage\SessionStorageFactoryInterface;
 use Symfony\Component\HttpKernel\DataCollector\RequestDataCollector;
 use Symfony\Component\HttpKernel\Event\RequestEvent;
 use Symfony\Component\HttpKernel\Event\ResponseEvent;
@@ -124,6 +127,167 @@ public function provideSessionOptions(): \Generator
         ];
     }
 
+    /**
+     * @runInSeparateProcess
+     */
+    public function testPhpBridgeAlreadyStartedSession()
+    {
+        session_start();
+        $sessionId = session_id();
+
+        $request = new Request();
+        $listener = $this->createListener($request, new PhpBridgeSessionStorageFactory());
+
+        $event = new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST);
+
+        $listener->onKernelRequest($event);
+
+        $this->assertTrue($request->hasSession());
+        $this->assertSame($sessionId, $request->getSession()->getId());
+    }
+
+    /**
+     * @runInSeparateProcess
+     */
+    public function testSessionCookieWrittenNoCookieGiven()
+    {
+        $request = new Request();
+        $listener = $this->createListener($request, new NativeSessionStorageFactory());
+
+        $kernel = $this->createMock(HttpKernelInterface::class);
+
+        $listener->onKernelRequest(new RequestEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST));
+        $session = $request->getSession();
+        $session->set('hello', 'world');
+
+        $response = new Response();
+        $listener->onKernelResponse(new ResponseEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST, $response));
+
+        $cookies = $response->headers->getCookies();
+        $this->assertCount(1, $cookies);
+        $sessionCookie = $cookies[0];
+
+        $this->assertSame('PHPSESSID', $sessionCookie->getName());
+        $this->assertNotEmpty($sessionCookie->getValue());
+        $this->assertFalse($sessionCookie->isCleared());
+    }
+
+    /**
+     * @runInSeparateProcess
+     */
+    public function testSessionCookieNotWrittenCookieGiven()
+    {
+        $sessionId = $this->createValidSessionId();
+
+        $this->assertNotEmpty($sessionId);
+
+        $request = new Request();
+        $request->cookies->set('PHPSESSID', $sessionId);
+
+        $listener = $this->createListener($request, new NativeSessionStorageFactory());
+
+        $kernel = $this->createMock(HttpKernelInterface::class);
+        $listener->onKernelRequest(new RequestEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST));
+
+        $session = $request->getSession();
+        $this->assertSame($sessionId, $session->getId());
+        $session->set('hello', 'world');
+
+        $response = new Response();
+        $listener->onKernelResponse(new ResponseEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST, $response));
+        $this->assertSame($sessionId, $session->getId());
+
+        $cookies = $response->headers->getCookies();
+        $this->assertCount(0, $cookies);
+    }
+
+    /**
+     * @runInSeparateProcess
+     */
+    public function testSessionCookieClearedWhenInvalidated()
+    {
+        $sessionId = $this->createValidSessionId();
+        $request = new Request();
+        $request->cookies->set('PHPSESSID', $sessionId);
+        $listener = $this->createListener($request, new NativeSessionStorageFactory());
+        $kernel = $this->createMock(HttpKernelInterface::class);
+
+        $listener->onKernelRequest(new RequestEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST));
+
+        $session = $request->getSession();
+        $session->start();
+        $sessionId = $session->getId();
+        $this->assertNotEmpty($sessionId);
+        $_SESSION['hello'] = 'world'; // check compatibility to php session bridge
+
+        $session->invalidate();
+
+        $response = new Response();
+        $listener->onKernelResponse(new ResponseEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST, $response));
+
+        $cookies = $response->headers->getCookies();
+        $this->assertCount(1, $cookies);
+        $sessionCookie = $cookies[0];
+
+        $this->assertSame('PHPSESSID', $sessionCookie->getName());
+        $this->assertTrue($sessionCookie->isCleared());
+    }
+
+    /**
+     * @runInSeparateProcess
+     */
+    public function testSessionCookieNotClearedWhenOtherVariablesSet()
+    {
+        $sessionId = $this->createValidSessionId();
+        $request = new Request();
+        $request->cookies->set('PHPSESSID', $sessionId);
+        $listener = $this->createListener($request, new NativeSessionStorageFactory());
+        $kernel = $this->createMock(HttpKernelInterface::class);
+
+        $listener->onKernelRequest(new RequestEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST));
+
+        $session = $request->getSession();
+        $session->start();
+        $sessionId = $session->getId();
+        $this->assertNotEmpty($sessionId);
+        $_SESSION['hello'] = 'world';
+
+        $response = new Response();
+        $listener->onKernelResponse(new ResponseEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST, $response));
+
+        $cookies = $response->headers->getCookies();
+        $this->assertCount(0, $cookies);
+    }
+
+    /**
+     * @runInSeparateProcess
+     */
+    public function testSessionCookieSetWhenOtherNativeVariablesSet()
+    {
+        $request = new Request();
+        $listener = $this->createListener($request, new NativeSessionStorageFactory());
+        $kernel = $this->createMock(HttpKernelInterface::class);
+
+        $listener->onKernelRequest(new RequestEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST));
+
+        $session = $request->getSession();
+        $session->start();
+        $sessionId = $session->getId();
+        $this->assertNotEmpty($sessionId);
+        $_SESSION['hello'] = 'world';
+
+        $response = new Response();
+        $listener->onKernelResponse(new ResponseEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST, $response));
+
+        $cookies = $response->headers->getCookies();
+        $this->assertCount(1, $cookies);
+        $sessionCookie = $cookies[0];
+
+        $this->assertSame('PHPSESSID', $sessionCookie->getName());
+        $this->assertNotEmpty($sessionCookie->getValue());
+        $this->assertFalse($sessionCookie->isCleared());
+    }
+
     public function testOnlyTriggeredOnMainRequest()
     {
         $listener = $this->getMockForAbstractClass(AbstractSessionListener::class);
@@ -599,4 +763,36 @@ public function testResetUnclosedSession()
         $this->assertEmpty(session_id());
         $this->assertSame(\PHP_SESSION_NONE, session_status());
     }
+
+    private function createListener(Request $request, SessionStorageFactoryInterface $sessionFactory)
+    {
+        $requestStack = new RequestStack();
+        $request = new Request();
+        $requestStack->push($request);
+
+        $sessionFactory = new SessionFactory(
+            $requestStack,
+            $sessionFactory,
+        );
+
+        $container = new Container();
+        $container->set('request_stack', $requestStack);
+        $container->set('session_factory', $sessionFactory);
+
+        $listener = new SessionListener($container);
+
+        return new SessionListener($container);
+    }
+
+    private function createValidSessionId(): string
+    {
+        session_start();
+        $sessionId = session_id();
+        $_SESSION['some'] = 'value';
+        session_write_close();
+        $_SESSION = [];
+        session_abort();
+
+        return $sessionId;
+    }
 }
