Skip to content

Commit 0f0a6d5

Browse files
fabpotfabpot
committed
Merge branch '2.7' into 2.8
* 2.7: limited the maximum length of a submitted username
2 parents dea146b + b559c5f commit 0f0a6d5

File tree

2 files changed

+10
-0
lines changed

2 files changed

+10
-0
lines changed

Firewall/SimpleFormAuthenticationListener.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
2525
use Symfony\Component\Security\Core\Authentication\SimpleFormAuthenticatorInterface;
2626
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
27+
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
2728
use Symfony\Component\Security\Core\Security;
2829
use Symfony\Component\Security\Http\HttpUtils;
2930
use Symfony\Component\Security\Http\ParameterBagUtils;
@@ -127,6 +128,10 @@ protected function attemptAuthentication(Request $request)
127128
$password = ParameterBagUtils::getRequestParameterValue($request, $this->options['password_parameter']);
128129
}
129130

131+
if (strlen($username) > Security::MAX_USERNAME_LENGTH) {
132+
throw new BadCredentialsException('Invalid username.');
133+
}
134+
130135
$request->getSession()->set(Security::LAST_USERNAME, $username);
131136

132137
$token = $this->simpleAuthenticator->createToken($request, $username, $password, $this->providerKey);

Firewall/UsernamePasswordFormAuthenticationListener.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@
2525
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
2626
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
2727
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
28+
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
2829
use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
2930
use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
3031
use Symfony\Component\Security\Core\Security;
@@ -102,6 +103,10 @@ protected function attemptAuthentication(Request $request)
102103
$password = ParameterBagUtils::getRequestParameterValue($request, $this->options['password_parameter']);
103104
}
104105

106+
if (strlen($username) > Security::MAX_USERNAME_LENGTH) {
107+
throw new BadCredentialsException('Invalid username.');
108+
}
109+
105110
$request->getSession()->set(Security::LAST_USERNAME, $username);
106111

107112
return $this->authenticationManager->authenticate(new UsernamePasswordToken($username, $password, $this->providerKey));

0 commit comments

Comments
 (0)