Skip to content

Commit 01e21da

Browse files
Robert Koperafabpot
Robert Kopera
authored and
fabpot
committed
[Security] added support for updated \"distinguished name\" format in x509 authentication
1 parent 8e80d4e commit 01e21da

File tree

2 files changed

+11
-7
lines changed

2 files changed

+11
-7
lines changed

Firewall/X509AuthenticationListener.php

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,10 @@ protected function getPreAuthenticatedData(Request $request)
4444
$user = null;
4545
if ($request->server->has($this->userKey)) {
4646
$user = $request->server->get($this->userKey);
47-
} elseif ($request->server->has($this->credentialKey) && preg_match('#/emailAddress=(.+\@.+\..+)(/|$)#', $request->server->get($this->credentialKey), $matches)) {
47+
} elseif (
48+
$request->server->has($this->credentialKey)
49+
&& preg_match('#emailAddress=(.+\@.+\.[^,/]+)($|,|/)#', $request->server->get($this->credentialKey), $matches)
50+
) {
4851
$user = $matches[1];
4952
}
5053

Tests/Firewall/X509AuthenticationListenerTest.php

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -56,9 +56,8 @@ public static function dataProviderGetPreAuthenticatedData()
5656
/**
5757
* @dataProvider dataProviderGetPreAuthenticatedDataNoUser
5858
*/
59-
public function testGetPreAuthenticatedDataNoUser($emailAddress)
59+
public function testGetPreAuthenticatedDataNoUser($emailAddress, $credentials)
6060
{
61-
$credentials = 'CN=Sample certificate DN/emailAddress='.$emailAddress;
6261
$request = new Request([], [], [], [], [], ['SSL_CLIENT_S_DN' => $credentials]);
6362

6463
$tokenStorage = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')->getMock();
@@ -76,10 +75,12 @@ public function testGetPreAuthenticatedDataNoUser($emailAddress)
7675

7776
public static function dataProviderGetPreAuthenticatedDataNoUser()
7877
{
79-
return [
80-
'basicEmailAddress' => ['cert@example.com'],
81-
'emailAddressWithPlusSign' => ['cert+something@example.com'],
82-
];
78+
yield ['cert@example.com', 'CN=Sample certificate DN/emailAddress=cert@example.com'];
79+
yield ['cert+something@example.com', 'CN=Sample certificate DN/emailAddress=cert+something@example.com'];
80+
yield ['cert@example.com', 'CN=Sample certificate DN,emailAddress=cert@example.com'];
81+
yield ['cert+something@example.com', 'CN=Sample certificate DN,emailAddress=cert+something@example.com'];
82+
yield ['cert+something@example.com', 'emailAddress=cert+something@example.com,CN=Sample certificate DN'];
83+
yield ['cert+something@example.com', 'emailAddress=cert+something@example.com'];
8384
}
8485

8586
/**

0 commit comments

Comments
 (0)