Fix RememberMe with null password

jderusse · jderusse · commit a0f728151f12 · 2020-01-14T22:27:30.000+01:00
diff --git a/RememberMe/TokenBasedRememberMeServices.php b/RememberMe/TokenBasedRememberMeServices.php
@@ -91,12 +91,12 @@ protected function onLoginSuccess(Request $request, Response $response, TokenInt
     /**
      * Generates the cookie value.
      *
-     * @param int    $expires  The Unix timestamp when the cookie expires
-     * @param string $password The encoded password
+     * @param int         $expires  The Unix timestamp when the cookie expires
+     * @param string|null $password The encoded password
      *
      * @return string
      */
-    protected function generateCookieValue(string $class, string $username, int $expires, string $password)
+    protected function generateCookieValue(string $class, string $username, int $expires, ?string $password)
     {
         // $username is encoded because it might contain COOKIE_DELIMITER,
         // we assume other values don't
@@ -111,12 +111,12 @@ protected function generateCookieValue(string $class, string $username, int $exp
     /**
      * Generates a hash for the cookie to ensure it is not being tampered with.
      *
-     * @param int    $expires  The Unix timestamp when the cookie expires
-     * @param string $password The encoded password
+     * @param int         $expires  The Unix timestamp when the cookie expires
+     * @param string|null $password The encoded password
      *
      * @return string
      */
-    protected function generateCookieHash(string $class, string $username, int $expires, string $password)
+    protected function generateCookieHash(string $class, string $username, int $expires, ?string $password)
     {
         return hash_hmac('sha256', $class.self::COOKIE_DELIMITER.$username.self::COOKIE_DELIMITER.$expires.self::COOKIE_DELIMITER.$password, $this->getSecret());
     }

Original file line number	Diff line number	Diff line change
`@@ -91,12 +91,12 @@ protected function onLoginSuccess(Request $request, Response $response, TokenInt`
`91`	`91`	`/**`
`92`	`92`	`* Generates the cookie value.`
`93`	`93`	`*`
`94`		`- * @param int $expires The Unix timestamp when the cookie expires`
`95`		`- * @param string $password The encoded password`
	`94`	`+ * @param int $expires The Unix timestamp when the cookie expires`
	`95`	`+ * @param string\|null $password The encoded password`
`96`	`96`	`*`
`97`	`97`	`* @return string`
`98`	`98`	`*/`
`99`		`- protected function generateCookieValue(string $class, string $username, int $expires, string $password)`
	`99`	`+ protected function generateCookieValue(string $class, string $username, int $expires, ?string $password)`
`100`	`100`	`{`
`101`	`101`	`// $username is encoded because it might contain COOKIE_DELIMITER,`
`102`	`102`	`// we assume other values don't`
`@@ -111,12 +111,12 @@ protected function generateCookieValue(string $class, string $username, int $exp`
`111`	`111`	`/**`
`112`	`112`	`* Generates a hash for the cookie to ensure it is not being tampered with.`
`113`	`113`	`*`
`114`		`- * @param int $expires The Unix timestamp when the cookie expires`
`115`		`- * @param string $password The encoded password`
	`114`	`+ * @param int $expires The Unix timestamp when the cookie expires`
	`115`	`+ * @param string\|null $password The encoded password`
`116`	`116`	`*`
`117`	`117`	`* @return string`
`118`	`118`	`*/`
`119`		`- protected function generateCookieHash(string $class, string $username, int $expires, string $password)`
	`119`	`+ protected function generateCookieHash(string $class, string $username, int $expires, ?string $password)`
`120`	`120`	`{`
`121`	`121`	`return hash_hmac('sha256', $class.self::COOKIE_DELIMITER.$username.self::COOKIE_DELIMITER.$expires.self::COOKIE_DELIMITER.$password, $this->getSecret());`
`122`	`122`	`}`