NotificationsYou must be signed in to change notification settings
Fork9.7k
Star30.8k

Commitcdae16c

committed

[Security] Fixed SwitchUserListener when exiting an impersonication with AnonymousToken

If you configure a firewall with switch user with `role: IS_AUTHENTICATED_ANONYMOUSLY` it's impossible to exit the impersonation because the next line `$this->provider->refreshUser($original->getUser())` will fail. It fails because `RefreshUser`expects an instance of `UserInterface` and here it's a string.Therefore, it does not make sense to refresh an Anonymous Token, right ?

1 parent1314365 commitcdae16cCopy full SHA for cdae16c

File tree

1 file changed

-1

lines changed

src/Symfony/Component/Security/Http/Firewall
- SwitchUserListener.php

1 file changed

-1

lines changed

`‎src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php‎`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,7 @@`
`22`	`22`	`useSymfony\Component\HttpFoundation\RedirectResponse;`
`23`	`23`	`useSymfony\Component\HttpFoundation\Request;`
`24`	`24`	`useSymfony\Component\Security\Core\Role\SwitchUserRole;`
	`25`	`+useSymfony\Component\Security\Core\Authentication\Token\AnonymousToken;`
`25`	`26`	`useSymfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;`
`26`	`27`	`useSymfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;`
`27`	`28`	`useSymfony\Component\Security\Core\Authentication\Token\TokenInterface;`
`@@ -162,7 +163,7 @@ private function attemptExitUser(Request $request)`
`162`	`163`	`thrownewAuthenticationCredentialsNotFoundException('Could not find original Token object.');`
`163`	`164`	`}`
`164`	`165`
`165`		`-if (null !==$this->dispatcher) {`
	`166`	`+if (null !==$this->dispatcher && !$originalinstanceof AnonymousToken) {`
`166`	`167`	`$user =$this->provider->refreshUser($original->getUser());`
`167`	`168`	`$switchEvent =newSwitchUserEvent($request,$user);`
`168`	`169`	`$this->dispatcher->dispatch(SecurityEvents::SWITCH_USER,$switchEvent);`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commitcdae16c

File tree

1 file changed

1 file changed

`‎src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php‎`

0 commit comments