Merge branch '3.4' into 4.4

nicolas-grekas · nicolas-grekas · commit ab96e60fd34d · 2020-03-30T13:41:10.000+02:00
* 3.4:
  Fix versions
  [Security/Http] Allow setting cookie security settings for delete_cookies
  [FrameworkBundle] revert to legacy wiring of the session when circular refs are detected
  bumped Symfony version to 3.4.40
  updated VERSION for 3.4.39
  update CONTRIBUTORS for 3.4.39
  updated CHANGELOG for 3.4.39
  update Italian translation
  [Validator] Add missing Hungarian translations
  [Validator] Add the missing translations for the Arabic (ar) locale
  [Validator] Add missing vietnamese translations
  [Console] Fix OutputStream for PHP 7.4
  add German translations
  bug #36157 [Validator] Assert Valid with many groups
  [Validator] Add missing Lithuanian translations
  Fixed some typos
  Add french "at least" constraint translations
diff --git a/Logout/CookieClearingLogoutHandler.php b/Logout/CookieClearingLogoutHandler.php
@@ -38,7 +38,7 @@ public function __construct(array $cookies)
     public function logout(Request $request, Response $response, TokenInterface $token)
     {
         foreach ($this->cookies as $cookieName => $cookieData) {
-            $response->headers->clearCookie($cookieName, $cookieData['path'], $cookieData['domain']);
+            $response->headers->clearCookie($cookieName, $cookieData['path'], $cookieData['domain'], isset($cookieData['secure']) ? $cookieData['secure'] : false, true, isset($cookieData['samesite']) ? $cookieData['samesite'] : null);
         }
     }
 }
diff --git a/Tests/Firewall/SwitchUserListenerTest.php b/Tests/Firewall/SwitchUserListenerTest.php
@@ -372,7 +372,7 @@ public function testSwitchUserWithReplacedToken()
         $this->assertSame($replacedToken, $this->tokenStorage->getToken());
     }
 
-    public function testSwitchtUserThrowsAuthenticationExceptionIfNoCurrentToken()
+    public function testSwitchUserThrowsAuthenticationExceptionIfNoCurrentToken()
     {
         $this->expectException('Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException');
         $this->tokenStorage->setToken(null);
diff --git a/Tests/Logout/CookieClearingLogoutHandlerTest.php b/Tests/Logout/CookieClearingLogoutHandlerTest.php
@@ -12,6 +12,7 @@
 namespace Symfony\Component\Security\Http\Tests\Logout;
 
 use PHPUnit\Framework\TestCase;
+use Symfony\Component\HttpFoundation\Cookie;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpFoundation\ResponseHeaderBag;
@@ -25,7 +26,7 @@ public function testLogout()
         $response = new Response();
         $token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock();
 
-        $handler = new CookieClearingLogoutHandler(['foo' => ['path' => '/foo', 'domain' => 'foo.foo'], 'foo2' => ['path' => null, 'domain' => null]]);
+        $handler = new CookieClearingLogoutHandler(['foo' => ['path' => '/foo', 'domain' => 'foo.foo', 'secure' => true, 'samesite' => Cookie::SAMESITE_STRICT], 'foo2' => ['path' => null, 'domain' => null]]);
 
         $cookies = $response->headers->getCookies();
         $this->assertCount(0, $cookies);
@@ -39,12 +40,16 @@ public function testLogout()
         $this->assertEquals('foo', $cookie->getName());
         $this->assertEquals('/foo', $cookie->getPath());
         $this->assertEquals('foo.foo', $cookie->getDomain());
+        $this->assertEquals(Cookie::SAMESITE_STRICT, $cookie->getSameSite());
+        $this->assertTrue($cookie->isSecure());
         $this->assertTrue($cookie->isCleared());
 
         $cookie = $cookies['']['/']['foo2'];
         $this->assertStringStartsWith('foo2', $cookie->getName());
         $this->assertEquals('/', $cookie->getPath());
         $this->assertNull($cookie->getDomain());
+        $this->assertNull($cookie->getSameSite());
+        $this->assertFalse($cookie->isSecure());
         $this->assertTrue($cookie->isCleared());
     }
 }
diff --git a/composer.json b/composer.json
@@ -18,7 +18,7 @@
     "require": {
         "php": "^7.1.3",
         "symfony/security-core": "^4.4",
-        "symfony/http-foundation": "^3.4|^4.0|^5.0",
+        "symfony/http-foundation": "^3.4.40|^4.4.7|^5.0.7",
         "symfony/http-kernel": "^4.4",
         "symfony/property-access": "^3.4|^4.0|^5.0"
     },

Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ public function __construct(array $cookies)`
`38`	`38`	`public function logout(Request $request, Response $response, TokenInterface $token)`
`39`	`39`	`{`
`40`	`40`	`foreach ($this->cookies as $cookieName => $cookieData) {`
`41`		`- $response->headers->clearCookie($cookieName, $cookieData['path'], $cookieData['domain']);`
	`41`	`+ $response->headers->clearCookie($cookieName, $cookieData['path'], $cookieData['domain'], isset($cookieData['secure']) ? $cookieData['secure'] : false, true, isset($cookieData['samesite']) ? $cookieData['samesite'] : null);`
`42`	`42`	`}`
`43`	`43`	`}`
`44`	`44`	`}`
Original file line number	Diff line number	Diff line change
`@@ -372,7 +372,7 @@ public function testSwitchUserWithReplacedToken()`
`372`	`372`	`$this->assertSame($replacedToken, $this->tokenStorage->getToken());`
`373`	`373`	`}`
`374`	`374`
`375`		`- public function testSwitchtUserThrowsAuthenticationExceptionIfNoCurrentToken()`
	`375`	`+ public function testSwitchUserThrowsAuthenticationExceptionIfNoCurrentToken()`
`376`	`376`	`{`
`377`	`377`	`$this->expectException('Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException');`
`378`	`378`	`$this->tokenStorage->setToken(null);`