Allow null and DateTime objects to be used as signatureProperties

wouterj · wouterj · commit 0f947b2e843e · 2020-10-10T15:09:30.000+02:00
Returning DateTime objects seems like a common use-case to automatically expire
all login links when one is used or to only allow the login link to be used
once.
diff --git a/src/Symfony/Component/Security/Http/LoginLink/LoginLinkHandler.php b/src/Symfony/Component/Security/Http/LoginLink/LoginLinkHandler.php
@@ -106,7 +106,11 @@ private function computeSignatureHash(UserInterface $user, int $expires): string
         $signatureFields = [base64_encode($user->getUsername()), $expires];
 
         foreach ($this->signatureProperties as $property) {
-            $value = $this->propertyAccessor->getValue($user, $property);
+            $value = $this->propertyAccessor->getValue($user, $property) ?? '';
+            if ($value instanceof \DateTimeInterface) {
+                $value = $value->format('c');
+            }
+
             if (!is_scalar($value) && !(\is_object($value) && method_exists($value, '__toString'))) {
                 throw new \InvalidArgumentException(sprintf('The property path "%s" on the user object "%s" must return a value that can be cast to a string, but "%s" was returned.', $property, \get_class($user), get_debug_type($value)));
             }
diff --git a/src/Symfony/Component/Security/Http/Tests/LoginLink/LoginLinkHandlerTest.php b/src/Symfony/Component/Security/Http/Tests/LoginLink/LoginLinkHandlerTest.php
@@ -44,29 +44,48 @@ protected function setUp(): void
         $this->expiredLinkStorage = $this->createMock(ExpiredLoginLinkStorage::class);
     }
 
-    public function testCreateLoginLink()
+    /**
+     * @dataProvider provideCreateLoginLinkData
+     */
+    public function testCreateLoginLink($user, array $extraProperties)
     {
-        $user = new TestLoginLinkHandlerUser('weaverryan', 'ryan@symfonycasts.com', 'pwhash');
-
         $this->router->expects($this->once())
             ->method('generate')
             ->with(
                 'app_check_login_link_route',
-                $this->callback(function ($parameters) {
+                $this->callback(function ($parameters) use ($extraProperties) {
                     return 'weaverryan' == $parameters['user']
                         && isset($parameters['expires'])
                         && isset($parameters['hash'])
                         // make sure hash is what we expect
-                        && $parameters['hash'] === $this->createSignatureHash('weaverryan', time() + 600, ['ryan@symfonycasts.com', 'pwhash']);
+                        && $parameters['hash'] === $this->createSignatureHash('weaverryan', time() + 600, array_values($extraProperties));
                 }),
                 UrlGeneratorInterface::ABSOLUTE_URL
             )
             ->willReturn('https://example.com/login/verify?user=weaverryan&hash=abchash&expires=1601235000');
 
-        $loginLink = $this->createLinker()->createLoginLink($user);
+        $loginLink = $this->createLinker([], array_keys($extraProperties))->createLoginLink($user);
         $this->assertSame('https://example.com/login/verify?user=weaverryan&hash=abchash&expires=1601235000', $loginLink->getUrl());
     }
 
+    public function provideCreateLoginLinkData()
+    {
+        yield [
+            new TestLoginLinkHandlerUser('weaverryan', 'ryan@symfonycasts.com', 'pwhash'),
+            ['emailProperty' => 'ryan@symfonycasts.com', 'passwordProperty' => 'pwhash'],
+        ];
+
+        yield [
+            new TestLoginLinkHandlerUser('weaverryan', 'ryan@symfonycasts.com', 'pwhash'),
+            ['lastAuthenticatedAt' => ''],
+        ];
+
+        yield [
+            new TestLoginLinkHandlerUser('weaverryan', 'ryan@symfonycasts.com', 'pwhash', new \DateTime('2020-06-01 00:00:00', new \DateTimeZone('+0000'))),
+            ['lastAuthenticatedAt' => '2020-06-01T00:00:00+00:00'],
+        ];
+    }
+
     public function testConsumeLoginLink()
     {
         $expires = time() + 500;
@@ -167,14 +186,14 @@ private function createSignatureHash(string $username, int $expires, array $extr
         return base64_encode(hash_hmac('sha256', implode(':', $fields), 's3cret'));
     }
 
-    private function createLinker(array $options = []): LoginLinkHandler
+    private function createLinker(array $options = [], array $extraProperties = ['emailProperty', 'passwordProperty']): LoginLinkHandler
     {
         $options = array_merge([
             'lifetime' => 600,
             'route_name' => 'app_check_login_link_route',
         ], $options);
 
-        return new LoginLinkHandler($this->router, $this->userProvider, $this->propertyAccessor, ['emailProperty', 'passwordProperty'], 's3cret', $options, $this->expiredLinkStorage);
+        return new LoginLinkHandler($this->router, $this->userProvider, $this->propertyAccessor, $extraProperties, 's3cret', $options, $this->expiredLinkStorage);
     }
 }
 
@@ -183,12 +202,14 @@ class TestLoginLinkHandlerUser implements UserInterface
     public $username;
     public $emailProperty;
     public $passwordProperty;
+    public $lastAuthenticatedAt;
 
-    public function __construct($username, $emailProperty, $passwordProperty)
+    public function __construct($username, $emailProperty, $passwordProperty, $lastAuthenticatedAt = null)
     {
         $this->username = $username;
         $this->emailProperty = $emailProperty;
         $this->passwordProperty = $passwordProperty;
+        $this->lastAuthenticatedAt = $lastAuthenticatedAt;
     }
 
     public function getRoles()
