umpirsky · September 20, 2019 08:59
diff --git a/TokenBasedRememberMeServices.php b/TokenBasedRememberMeServices.php
 <?php

 namespace Umpirsky\MyBundle\Security\Http\RememberMe;

 use Symfony\Component\Security\Http\RememberMe\TokenBasedRememberMeServices as BaseTokenBasedRememberMeServices;
 use Symfony\Component\HttpFoundation\Cookie;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\User\UserInterface;

 class TokenBasedRememberMeServices extends BaseTokenBasedRememberMeServices
 {
    protected function processAutoLoginCookie(array $cookieParts, Request $request)
    {
        if (4 !== \count($cookieParts)) {
            throw new AuthenticationException('The cookie is invalid.');
        }

        list($class, $username, $expires, $hash) = $cookieParts;
        if (false === $username = base64_decode($username, true)) {
            throw new AuthenticationException('$username contains a character from outside the base64 alphabet.');
        }
        try {
            $user = $this->getUserProvider($class)->loadUserByUsername($username);
        } catch (\Exception $e) {
            if (!$e instanceof AuthenticationException) {
                $e = new AuthenticationException($e->getMessage(), $e->getCode(), $e);
            }

            throw $e;
        }

        if (!$user instanceof UserInterface) {
            throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', \get_class($user)));
        }

        if (true !== hash_equals($this->generateCookieHash($class, $username, $expires, $user->getPassword()), $hash) && true !== hash_equals($this->generateCookieHashInTheOldFormat($class, $username, $expires, $user->getPassword()), $hash)) {
            throw new AuthenticationException('The cookie\'s hash is invalid.');
        }

        if ($expires < time()) {
            throw new AuthenticationException('The cookie has expired.');
        }

        return $user;
    }

    /**
     * Workaround for https://github.com/symfony/symfony/issues/33473 BC break.
     */
    protected function generateCookieHashInTheOldFormat($class, $username, $expires, $password)
    {
        return hash_hmac('sha256', $class.$username.$expires.$password, $this->getSecret());
    }
 }
	<?php

	namespace Umpirsky\MyBundle\Security\Http\RememberMe;

	use Symfony\Component\Security\Http\RememberMe\TokenBasedRememberMeServices as BaseTokenBasedRememberMeServices;
	use Symfony\Component\HttpFoundation\Cookie;
	use Symfony\Component\HttpFoundation\Request;
	use Symfony\Component\Security\Core\Exception\AuthenticationException;
	use Symfony\Component\Security\Core\User\UserInterface;

	class TokenBasedRememberMeServices extends BaseTokenBasedRememberMeServices
	{
	protected function processAutoLoginCookie(array $cookieParts, Request $request)
	{
	if (4 !== \count($cookieParts)) {
	throw new AuthenticationException('The cookie is invalid.');
	}

	list($class, $username, $expires, $hash) = $cookieParts;
	if (false === $username = base64_decode($username, true)) {
	throw new AuthenticationException('$username contains a character from outside the base64 alphabet.');
	}
	try {
	$user = $this->getUserProvider($class)->loadUserByUsername($username);
	} catch (\Exception $e) {
	if (!$e instanceof AuthenticationException) {
	$e = new AuthenticationException($e->getMessage(), $e->getCode(), $e);
	}

	throw $e;
	}

	if (!$user instanceof UserInterface) {
	throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', \get_class($user)));
	}

	if (true !== hash_equals($this->generateCookieHash($class, $username, $expires, $user->getPassword()), $hash) && true !== hash_equals($this->generateCookieHashInTheOldFormat($class, $username, $expires, $user->getPassword()), $hash)) {
	throw new AuthenticationException('The cookie\'s hash is invalid.');
	}

	if ($expires < time()) {
	throw new AuthenticationException('The cookie has expired.');
	}

	return $user;
	}

	/**
	* Workaround for https://github.com/symfony/symfony/issues/33473 BC break.
	*/
	protected function generateCookieHashInTheOldFormat($class, $username, $expires, $password)
	{
	return hash_hmac('sha256', $class.$username.$expires.$password, $this->getSecret());
	}
	}