Merge pull request #129 from szymach/3.2

Prevent accessing empty firewall config instance when checking for password change enforcement
fsi-open · Nov 29, 2019 · e917c22 · e917c22
2 parents 61967fd + c552e0e
commit e917c22
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 10 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -10,8 +10,7 @@ sudo: required
 addons:
     firefox: "47.0.1"
 
-services:
-    - xvfb
+services: xvfb
 
 matrix:
   include:

diff --git a/EventListener/EnforcePasswordChangeListener.php b/EventListener/EnforcePasswordChangeListener.php
@@ -13,7 +13,6 @@
 
 use FSi\Bundle\AdminSecurityBundle\Security\Firewall\FirewallMapper;
 use FSi\Bundle\AdminSecurityBundle\Security\User\EnforceablePasswordChangeInterface;
-use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
@@ -89,7 +88,7 @@ public static function getSubscribedEvents(): array
 
     public function onKernelRequest(GetResponseEvent $event): void
     {
-        if ($event->getRequestType() !== HttpKernelInterface::MASTER_REQUEST) {
+        if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) {
             return;
         }
 
@@ -98,20 +97,22 @@ public function onKernelRequest(GetResponseEvent $event): void
             return;
         }
 
-        if (!$this->isConfiguredFirewall($event->getRequest())) {
+        if (false === $this->isConfiguredFirewall($event->getRequest())) {
             return;
         }
 
-        if (!$this->authorizationChecker->isGranted('IS_AUTHENTICATED_FULLY')) {
+        if (false === $this->authorizationChecker->isGranted('IS_AUTHENTICATED_FULLY')) {
             return;
         }
 
-        if ($this->authorizationChecker->isGranted('ROLE_PREVIOUS_ADMIN')) {
+        if (true === $this->authorizationChecker->isGranted('ROLE_PREVIOUS_ADMIN')) {
             return;
         }
 
         $user = $token->getUser();
-        if (!($user instanceof EnforceablePasswordChangeInterface) || !$user->isForcedToChangePassword()) {
+        if (false === $user instanceof EnforceablePasswordChangeInterface
+            || false === $user->isForcedToChangePassword()
+        ) {
             return;
         }
 
@@ -120,8 +121,13 @@ public function onKernelRequest(GetResponseEvent $event): void
 
     private function isConfiguredFirewall(Request $request): bool
     {
-        if (method_exists($this->firewallMap, 'getFirewallConfig')) {
-            $firewallName = $this->firewallMap->getFirewallConfig($request)->getName();
+        if (true === method_exists($this->firewallMap, 'getFirewallConfig')) {
+            $config = $this->firewallMap->getFirewallConfig($request);
+            if (null === $config) {
+                return false;
+            }
+
+            $firewallName = $config->getName();
         } else {
             $firewallName = $this->firewallMapper->getFirewallName($request);
         }