Skip to content

Commit 8188709

Browse files
nicolas-grekasnicolas-grekas
committed
Merge branch '3.4' into 4.4
* 3.4: [Security][Guard] Prevent user enumeration via response content
2 parents b02e7d7 + 7e1a526 commit 8188709

File tree

2 files changed

+5
-4
lines changed

2 files changed

+5
-4
lines changed

Authentication/Provider/UserAuthenticationProvider.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@
1414
use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
1515
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
1616
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
17+
use Symfony\Component\Security\Core\Exception\AccountStatusException;
1718
use Symfony\Component\Security\Core\Exception\AuthenticationException;
1819
use Symfony\Component\Security\Core\Exception\AuthenticationServiceException;
1920
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
@@ -80,7 +81,7 @@ public function authenticate(TokenInterface $token)
8081
$this->userChecker->checkPreAuth($user);
8182
$this->checkAuthentication($user, $token);
8283
$this->userChecker->checkPostAuth($user);
83-
} catch (BadCredentialsException $e) {
84+
} catch (AccountStatusException $e) {
8485
if ($this->hideUserNotFoundExceptions) {
8586
throw new BadCredentialsException('Bad credentials.', 0, $e);
8687
}

Tests/Authentication/Provider/UserAuthenticationProviderTest.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,7 @@ public function testAuthenticateWhenProviderDoesNotReturnAnUserInterface()
8383

8484
public function testAuthenticateWhenPreChecksFails()
8585
{
86-
$this->expectException(CredentialsExpiredException::class);
86+
$this->expectException(BadCredentialsException::class);
8787
$userChecker = $this->createMock(UserCheckerInterface::class);
8888
$userChecker->expects($this->once())
8989
->method('checkPreAuth')
@@ -101,7 +101,7 @@ public function testAuthenticateWhenPreChecksFails()
101101

102102
public function testAuthenticateWhenPostChecksFails()
103103
{
104-
$this->expectException(AccountExpiredException::class);
104+
$this->expectException(BadCredentialsException::class);
105105
$userChecker = $this->createMock(UserCheckerInterface::class);
106106
$userChecker->expects($this->once())
107107
->method('checkPostAuth')
@@ -128,7 +128,7 @@ public function testAuthenticateWhenPostCheckAuthenticationFails()
128128
;
129129
$provider->expects($this->once())
130130
->method('checkAuthentication')
131-
->willThrowException(new BadCredentialsException())
131+
->willThrowException(new CredentialsExpiredException())
132132
;
133133

134134
$provider->authenticate($this->getSupportedToken());

0 commit comments

Comments
 (0)