NotificationsYou must be signed in to change notification settings
Fork9.7k
Star30.8k

Commitd3d880a

committed

bug#30122 [Security] fix switch user without having current token (Antoine Lamirault)

This PR was merged into the 3.4 branch.Discussion----------[Security] fix switch user without having current token| Q | A| ------------- | ---| Branch? | 3.4| Bug fix? | yes| New feature? | no| BC breaks? | no| Deprecations? | no| Tests pass? | yes| Fixed tickets |#22729| License | MITAttempting to switch a user cause an error when not having any token in the storageCommits-------15db914 [Security] fix switch user without having current token

2 parentsa205211 +15db914 commitd3d880aCopy full SHA for d3d880a

File tree

2 files changed

+16

-1

lines changed

src/Symfony/Component/Security/Http
- Firewall
  - SwitchUserListener.php
- Tests/Firewall
  - SwitchUserListenerTest.php

2 files changed

+16

-1

lines changed

`‎src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php‎`

Lines changed: 5 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -83,6 +83,10 @@ public function handle(GetResponseEvent $event)`
`83`	`83`	`return;`
`84`	`84`	`}`
`85`	`85`
	`86`	`+if (null ===$this->tokenStorage->getToken()) {`
	`87`	`+thrownewAuthenticationCredentialsNotFoundException('Could not find original Token object.');`
	`88`	`+ }`
	`89`	`+`
`86`	`90`	`if (self::EXIT_VALUE ===$username) {`
`87`	`91`	`$this->tokenStorage->setToken($this->attemptExitUser($request));`
`88`	`92`	`}else {`
`@@ -164,7 +168,7 @@ private function attemptSwitchUser(Request $request, $username)`
`164`	`168`	`*/`
`165`	`169`	`privatefunctionattemptExitUser(Request$request)`
`166`	`170`	`{`
`167`		`-if (null ===($currentToken =$this->tokenStorage->getToken()) \|\|false ===$original =$this->getOriginalToken($currentToken)) {`
	`171`	`+if (false ===$original =$this->getOriginalToken($this->tokenStorage->getToken())) {`
`168`	`172`	`thrownewAuthenticationCredentialsNotFoundException('Could not find original Token object.');`
`169`	`173`	`}`
`170`	`174`

`‎src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php‎`

Lines changed: 11 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -267,6 +267,17 @@ public function testSwitchUserWithReplacedToken()`
`267`	`267`	`$this->assertSame($replacedToken,$this->tokenStorage->getToken());`
`268`	`268`	`}`
`269`	`269`
	`270`	`+/**`
	`271`	`+ * @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException`
	`272`	`+ */`
	`273`	`+publicfunctiontestSwitchtUserThrowsAuthenticationExceptionIfNoCurrentToken()`
	`274`	`+ {`
	`275`	`+$this->tokenStorage->setToken(null);`
	`276`	`+$this->request->query->set('_switch_user','username');`
	`277`	`+$listener =newSwitchUserListener($this->tokenStorage,$this->userProvider,$this->userChecker,'provider123',$this->accessDecisionManager);`
	`278`	`+$listener->handle($this->event);`
	`279`	`+ }`
	`280`	`+`
`270`	`281`	`publicfunctiontestSwitchUserStateless()`
`271`	`282`	`{`
`272`	`283`	`$token =newUsernamePasswordToken('username','','key', ['ROLE_FOO']);`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commitd3d880a

File tree

2 files changed

2 files changed

`‎src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php‎`

`‎src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php‎`

0 commit comments