Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit084e49f

Browse files
author
Robin Chalas
committed
feature#21951 [Security][Firewall] Passing the newly generated security token to the event during user switching (klandaika)
This PR was merged into the 3.4 branch.Discussion----------[Security][Firewall] Passing the newly generated security token to the event during user switchingEvent allows listeners to easily switch out the token if custom token updates are required| Q | A| ------------- | ---| Branch? | master| Bug fix? | no| New feature? | yes| BC breaks? | no| Deprecations? | no| Tests pass? | yes| Fixed tickets || License | MIT| Doc PR |Updated SwitchUserEvent to include the generated security Token. Allows the listeners to replace the token with their own (in case an application has some custom logic for token generation). The SwitchUserListener will now use the token returned by the event, so if token was not changed the self generated token will be used. If token was changed in the event then the new token would get used.Reasons for this feature--------------------------In our current project users can have different Role sets depending on which organization they switch to. Our `User->getRoles()` always returns ["ROLE_USER"] and after login user is presented with choice of organizations they want to work in. Based on selected organization roles get updated with then stored token.Without the change proposed in this PR. The only way we can setup the proper roles during user switch is by replacing `security.authentication.switchuser_listener` service with our own implementation of the listener.With the proposed change, we can replace the security token with the one having all the roles we require directly inside our listener for `security.switch_user` event that gets thrown by Symfony's `SwitchUserListener`Commits-------4205f1b Passing the newly generated security token to the event during user switching.
2 parents6fcb075 +4205f1b commit084e49f

File tree

4 files changed

+63
-3
lines changed

4 files changed

+63
-3
lines changed

‎src/Symfony/Component/Security/CHANGELOG.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,8 @@ CHANGELOG
44
3.4.0
55
-----
66

7+
* added a`setToken()` method to the`SwitchUserEvent` class to allow to replace the created token while switching users
8+
when custom token generation is required by application.
79
* Using voters that do not implement the`VoterInterface`is now deprecated in
810
the`AccessDecisionManager` and this functionality will be removed in 4.0.
911
* Using the`ContextListener` without setting the`logoutOnUserChange`

‎src/Symfony/Component/Security/Http/Event/SwitchUserEvent.php

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
namespaceSymfony\Component\Security\Http\Event;
1313

1414
useSymfony\Component\HttpFoundation\Request;
15+
useSymfony\Component\Security\Core\Authentication\Token\TokenInterface;
1516
useSymfony\Component\Security\Core\User\UserInterface;
1617
useSymfony\Component\EventDispatcher\Event;
1718

@@ -24,11 +25,13 @@ class SwitchUserEvent extends Event
2425
{
2526
private$request;
2627
private$targetUser;
28+
private$token;
2729

28-
publicfunction__construct(Request$request,UserInterface$targetUser)
30+
publicfunction__construct(Request$request,UserInterface$targetUser,TokenInterface$token =null)
2931
{
3032
$this->request =$request;
3133
$this->targetUser =$targetUser;
34+
$this->token =$token;
3235
}
3336

3437
/**
@@ -46,4 +49,17 @@ public function getTargetUser()
4649
{
4750
return$this->targetUser;
4851
}
52+
53+
/**
54+
* @return TokenInterface|null
55+
*/
56+
publicfunctiongetToken()
57+
{
58+
return$this->token;
59+
}
60+
61+
publicfunctionsetToken(TokenInterface$token)
62+
{
63+
$this->token =$token;
64+
}
4965
}

‎src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -145,8 +145,10 @@ private function attemptSwitchUser(Request $request)
145145
$token =newUsernamePasswordToken($user,$user->getPassword(),$this->providerKey,$roles);
146146

147147
if (null !==$this->dispatcher) {
148-
$switchEvent =newSwitchUserEvent($request,$token->getUser());
148+
$switchEvent =newSwitchUserEvent($request,$token->getUser(),$token);
149149
$this->dispatcher->dispatch(SecurityEvents::SWITCH_USER,$switchEvent);
150+
// use the token from the event in case any listeners have replaced it.
151+
$token =$switchEvent->getToken();
150152
}
151153

152154
return$token;
@@ -169,8 +171,9 @@ private function attemptExitUser(Request $request)
169171

170172
if (null !==$this->dispatcher &&$original->getUser()instanceof UserInterface) {
171173
$user =$this->provider->refreshUser($original->getUser());
172-
$switchEvent =newSwitchUserEvent($request,$user);
174+
$switchEvent =newSwitchUserEvent($request,$user,$original);
173175
$this->dispatcher->dispatch(SecurityEvents::SWITCH_USER,$switchEvent);
176+
$original =$switchEvent->getToken();
174177
}
175178

176179
return$original;

‎src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -227,4 +227,43 @@ public function testSwitchUserKeepsOtherQueryStringParameters()
227227
$this->assertSame('page=3&section=2',$this->request->server->get('QUERY_STRING'));
228228
$this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken',$this->tokenStorage->getToken());
229229
}
230+
231+
publicfunctiontestSwitchUserWithReplacedToken()
232+
{
233+
$user =newUser('username','password',array());
234+
$token =newUsernamePasswordToken($user,'','provider123',array('ROLE_FOO'));
235+
236+
$user =newUser('replaced','password',array());
237+
$replacedToken =newUsernamePasswordToken($user,'','provider123',array('ROLE_BAR'));
238+
239+
$this->tokenStorage->setToken($token);
240+
$this->request->query->set('_switch_user','kuba');
241+
242+
$this->accessDecisionManager->expects($this->any())
243+
->method('decide')->with($token,array('ROLE_ALLOWED_TO_SWITCH'))
244+
->will($this->returnValue(true));
245+
246+
$this->userProvider->expects($this->any())
247+
->method('loadUserByUsername')->with('kuba')
248+
->will($this->returnValue($user));
249+
250+
$dispatcher =$this->getMockBuilder('Symfony\Component\EventDispatcher\EventDispatcherInterface')->getMock();
251+
$dispatcher
252+
->expects($this->once())
253+
->method('dispatch')
254+
->with(SecurityEvents::SWITCH_USER,
255+
$this->callback(function (SwitchUserEvent$event)use ($replacedToken,$user) {
256+
if ($user !==$event->getTargetUser()) {
257+
returnfalse;
258+
}
259+
$event->setToken($replacedToken);
260+
261+
returntrue;
262+
}));
263+
264+
$listener =newSwitchUserListener($this->tokenStorage,$this->userProvider,$this->userChecker,'provider123',$this->accessDecisionManager,null,'_switch_user','ROLE_ALLOWED_TO_SWITCH',$dispatcher);
265+
$listener->handle($this->event);
266+
267+
$this->assertSame($replacedToken,$this->tokenStorage->getToken());
268+
}
230269
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp