Skip to content

Commit

Permalink
[Security] added support for updated "distinguished name" format in x…
Browse files Browse the repository at this point in the history 
…509 authentication

RFC 2253 (https://tools.ietf.org/html/rfc2253)
issue: #31406
  • Loading branch information
Robert Kopera committed May 17, 2019
1 parent 519ba3c commit cd900b6
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 7 deletions.
5 changes: 4 additions & 1 deletion src/Symfony/Component/Security/Http/Firewall/X509AuthenticationListener.php
View file
Expand Up @@ -44,7 +44,10 @@ protected function getPreAuthenticatedData(Request $request)
$user = null;
if ($request->server->has($this->userKey)) {
$user = $request->server->get($this->userKey);
} elseif ($request->server->has($this->credentialKey) && preg_match('#/emailAddress=(.+\@.+\..+)(/|$)#', $request->server->get($this->credentialKey), $matches)) {
} elseif ($request->server->has($this->credentialKey) && (
preg_match('#/emailAddress=(.+\@.+\..+)(/|$)#', $request->server->get($this->credentialKey), $matches)
|| preg_match('/emailAddress=(.+\@.+\.[^,]*)/', $request->server->get($this->credentialKey), $matches)
)) {
$user = $matches[1];
}

Expand Down
13 changes: 7 additions & 6 deletions src/Symfony/Component/Security/Http/Tests/Firewall/X509AuthenticationListenerTest.php
View file
Expand Up @@ -56,9 +56,8 @@ public static function dataProviderGetPreAuthenticatedData()
/**
* @dataProvider dataProviderGetPreAuthenticatedDataNoUser
*/
public function testGetPreAuthenticatedDataNoUser($emailAddress)
public function testGetPreAuthenticatedDataNoUser($emailAddress, $credentials)
{
$credentials = 'CN=Sample certificate DN/emailAddress='.$emailAddress;
$request = new Request([], [], [], [], [], ['SSL_CLIENT_S_DN' => $credentials]);

$tokenStorage = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')->getMock();
Expand All @@ -76,10 +75,12 @@ public function testGetPreAuthenticatedDataNoUser($emailAddress)

public static function dataProviderGetPreAuthenticatedDataNoUser()
{
return [
'basicEmailAddress' => ['cert@example.com'],
'emailAddressWithPlusSign' => ['cert+something@example.com'],
];
yield ['cert@example.com', 'CN=Sample certificate DN/emailAddress=cert@example.com'];
yield ['cert+something@example.com', 'CN=Sample certificate DN/emailAddress=cert+something@example.com'];
yield ['cert@example.com', 'CN=Sample certificate DN,emailAddress=cert@example.com'];
yield ['cert+something@example.com', 'CN=Sample certificate DN,emailAddress=cert+something@example.com'];
yield ['cert+something@example.com', 'emailAddress=cert+something@example.com,CN=Sample certificate DN'];
yield ['cert+something@example.com', 'emailAddress=cert+something@example.com'];
}

/**
Expand Down

0 comments on commit cd900b6

Please sign in to comment.