Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitce1ee74

Browse files
stlrnznicolas-grekas
authored andcommitted
[Security] Do not overwrite already stored tokens for REMOTE_USER authentication
1 parent07a891f commitce1ee74

File tree

2 files changed

+23
-0
lines changed

2 files changed

+23
-0
lines changed

‎src/Symfony/Component/Security/Http/Authenticator/AbstractPreAuthenticatedAuthenticator.php‎

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,17 @@ public function supports(Request $request): ?bool
7979
returnfalse;
8080
}
8181

82+
// do not overwrite already stored tokens from the same user (i.e. from the session)
83+
$token =$this->tokenStorage->getToken();
84+
85+
if ($tokeninstanceof PreAuthenticatedToken &&$this->firewallName ===$token->getFirewallName() &&$token->getUserIdentifier() ===$username) {
86+
if (null !==$this->logger) {
87+
$this->logger->debug('Skipping pre-authenticated authenticator as the user already has an existing session.', ['authenticator' =>static::class]);
88+
}
89+
90+
returnfalse;
91+
}
92+
8293
$request->attributes->set('_pre_authenticated_username',$username);
8394

8495
returntrue;

‎src/Symfony/Component/Security/Http/Tests/Authenticator/RemoteUserAuthenticatorTest.php‎

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313

1414
usePHPUnit\Framework\TestCase;
1515
useSymfony\Component\HttpFoundation\Request;
16+
useSymfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken;
1617
useSymfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
1718
useSymfony\Component\Security\Core\User\InMemoryUser;
1819
useSymfony\Component\Security\Core\User\InMemoryUserProvider;
@@ -37,6 +38,17 @@ public function testSupportNoUser()
3738
$this->assertFalse($authenticator->supports($this->createRequest([])));
3839
}
3940

41+
publicfunctiontestSupportTokenStorageWithToken()
42+
{
43+
$tokenStorage =newTokenStorage();
44+
$tokenStorage->setToken(newPreAuthenticatedToken('username','credentials','main'));
45+
46+
$authenticator =newRemoteUserAuthenticator(newInMemoryUserProvider(),$tokenStorage,'main');
47+
48+
$this->assertFalse($authenticator->supports($this->createRequest(['REMOTE_USER' =>'username'])));
49+
$this->assertTrue($authenticator->supports($this->createRequest(['REMOTE_USER' =>'another_username'])));
50+
}
51+
4052
/**
4153
* @dataProvider provideAuthenticators
4254
*/

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp