bug #13466 [Security] Remove ContextListener's onKernelResponse listener as it is used (davedevelopment)

fabpot · fabpot · commit 94c2e3078ed9 · 2015-02-05T11:02:25.000+01:00
This PR was squashed before being merged into the 2.3 branch (closes #13466).

Discussion
----------

[Security] Remove ContextListener's onKernelResponse listener as it is used

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets |
| License       | MIT
| Doc PR        |

The context listeners are specific to a particular firewall, and as such, should not be applied if the current request doesn't match that context listener. To avoid this, the context listener can remove itself from the dispatcher as it is called.

This comes in to affect when two or more firewalls are setup and using the same kernel for multiple requests.  Assuming there are two firewalls 'site' and 'admin'

- Request comes in matching 'site' firewall, 'site' ContextListener adds it's onKernelResponse method to the dispatcher
- Succesful auth for 'site'
- ContextListener writes token to session
- Request comes in matching 'admin' firewall, 'admin' ContextListener can't find anything in the session, so nulls the token in the security context
- 'site' ContextListener listens for response, can't find a token in the security context so removes the 'site' token from the session

Commits
-------

380d805 [Security] Remove ContextListener's onKernelResponse listener as it is used
diff --git a/Http/Firewall/ContextListener.php b/Http/Firewall/ContextListener.php
@@ -114,6 +114,9 @@ public function onKernelResponse(FilterResponseEvent $event)
             return;
         }
 
+        $this->dispatcher->removeListener(KernelEvents::RESPONSE, array($this, 'onKernelResponse'));
+        $this->registered = false;
+
         if (null !== $this->logger) {
             $this->logger->debug('Write SecurityContext in the session');
         }
diff --git a/Tests/Http/Firewall/ContextListenerTest.php b/Tests/Http/Firewall/ContextListenerTest.php
@@ -21,6 +21,7 @@
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\SecurityContext;
 use Symfony\Component\Security\Http\Firewall\ContextListener;
+use Symfony\Component\EventDispatcher\EventDispatcher;
 
 class ContextListenerTest extends \PHPUnit_Framework_TestCase
 {
@@ -111,7 +112,7 @@ public function testOnKernelResponseWithoutSession()
             new Response()
         );
 
-        $listener = new ContextListener($this->securityContext, array(), 'session');
+        $listener = new ContextListener($this->securityContext, array(), 'session', null, new EventDispatcher());
         $listener->onKernelResponse($event);
 
         $this->assertTrue($session->isStarted());
@@ -130,7 +131,7 @@ public function testOnKernelResponseWithoutSessionNorToken()
             new Response()
         );
 
-        $listener = new ContextListener($this->securityContext, array(), 'session');
+        $listener = new ContextListener($this->securityContext, array(), 'session', null, new EventDispatcher());
         $listener->onKernelResponse($event);
 
         $this->assertFalse($session->isStarted());
@@ -202,6 +203,35 @@ public function testHandleAddsKernelResponseListener()
         $listener->handle($event);
     }
 
+    public function testOnKernelResponseListenerRemovesItself()
+    {
+        $context = $this->getMock('Symfony\Component\Security\Core\SecurityContextInterface');
+        $dispatcher = $this->getMock('Symfony\Component\EventDispatcher\EventDispatcherInterface');
+        $event = $this->getMockBuilder('Symfony\Component\HttpKernel\Event\FilterResponseEvent')
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        $listener = new ContextListener($context, array(), 'key123', null, $dispatcher);
+
+        $request = $this->getMock('Symfony\Component\HttpFoundation\Request');
+        $request->expects($this->any())
+            ->method('hasSession')
+            ->will($this->returnValue(true));
+
+        $event->expects($this->any())
+            ->method('getRequestType')
+            ->will($this->returnValue(HttpKernelInterface::MASTER_REQUEST));
+        $event->expects($this->any())
+            ->method('getRequest')
+            ->will($this->returnValue($request));
+
+        $dispatcher->expects($this->once())
+            ->method('removeListener')
+            ->with(KernelEvents::RESPONSE, array($listener, 'onKernelResponse'));
+
+        $listener->onKernelResponse($event);
+    }
+
     public function testHandleRemovesTokenIfNoPreviousSessionWasFound()
     {
         $request = $this->getMock('Symfony\Component\HttpFoundation\Request');
@@ -240,7 +270,7 @@ protected function runSessionOnKernelResponse($newToken, $original = null)
             new Response()
         );
 
-        $listener = new ContextListener($this->securityContext, array(), 'session');
+        $listener = new ContextListener($this->securityContext, array(), 'session', null, new EventDispatcher());
         $listener->onKernelResponse($event);
 
         return $session;

Original file line number	Diff line number	Diff line change
`@@ -114,6 +114,9 @@ public function onKernelResponse(FilterResponseEvent $event)`
`114`	`114`	`return;`
`115`	`115`	`}`
`116`	`116`
	`117`	`+ $this->dispatcher->removeListener(KernelEvents::RESPONSE, array($this, 'onKernelResponse'));`
	`118`	`+ $this->registered = false;`
	`119`	`+`
`117`	`120`	`if (null !== $this->logger) {`
`118`	`121`	`$this->logger->debug('Write SecurityContext in the session');`
`119`	`122`	`}`