StringUtils::equals() arguments in RememberMe Cookie based implementation are confused

zerkms · fabpot · commit ee7e5319d0a1 · 2015-03-25T09:38:46.000+01:00
It must be the other way around
diff --git a/Http/RememberMe/TokenBasedRememberMeServices.php b/Http/RememberMe/TokenBasedRememberMeServices.php
@@ -54,7 +54,7 @@ protected function processAutoLoginCookie(array $cookieParts, Request $request)
             throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user)));
         }
 
-        if (true !== StringUtils::equals($hash, $this->generateCookieHash($class, $username, $expires, $user->getPassword()))) {
+        if (true !== StringUtils::equals($this->generateCookieHash($class, $username, $expires, $user->getPassword()), $hash)) {
             throw new AuthenticationException('The cookie\'s hash is invalid.');
         }
 

Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ protected function processAutoLoginCookie(array $cookieParts, Request $request)`
`54`	`54`	`throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user)));`
`55`	`55`	`}`
`56`	`56`
`57`		`- if (true !== StringUtils::equals($hash, $this->generateCookieHash($class, $username, $expires, $user->getPassword()))) {`
	`57`	`+ if (true !== StringUtils::equals($this->generateCookieHash($class, $username, $expires, $user->getPassword()), $hash)) {`
`58`	`58`	`throw new AuthenticationException('The cookie\'s hash is invalid.');`
`59`	`59`	`}`
`60`	`60`