NotificationsYou must be signed in to change notification settings
Fork9.7k
Star30.8k

Commitee219ef

committed

[Security] Allow switching to another user when already switched

1 parentb3b368b commitee219efCopy full SHA for ee219ef

File tree

13 files changed

+109

-11

lines changed

src/Symfony
- Bundle/SecurityBundle
  - CHANGELOG.md
  - DependencyInjection
    - MainConfiguration.php
    - SecurityExtension.php
  - Resources/config
    - security_listeners.xml
  - Tests
    - DependencyInjection
      - CompleteConfigurationTest.php
    - Functional
      - SwitchUserTest.php
      - app/StandardFormLogin
        switchuser_already_switched.yml
  - composer.json
- Component/Security
  - CHANGELOG.md
  - Core/Exception
    - AlreadySwitchedException.php
  - Http
    - Firewall
      - SwitchUserListener.php
    - Tests/Firewall
      - SwitchUserListenerTest.php
    - composer.json

13 files changed

+109

-11

lines changed

`‎src/Symfony/Bundle/SecurityBundle/CHANGELOG.md‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@ CHANGELOG`
`5`	`5`	`-----`
`6`	`6`
`7`	`7`	`* Added security configuration for priority-based access decision strategy`
	`8`	+* Added`switch_user.allow_already_switched` option to allow switching seamlessly when already switched (default`false`)
`8`	`9`
`9`	`10`	`5.0.0`
`10`	`11`	`-----`

`‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -238,6 +238,7 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto`
`238`	`238`	`->scalarNode('provider')->end()`
`239`	`239`	`->scalarNode('parameter')->defaultValue('_switch_user')->end()`
`240`	`240`	`->scalarNode('role')->defaultValue('ROLE_ALLOWED_TO_SWITCH')->end()`
	`241`	`+ ->booleanNode('allow_already_switched')->defaultFalse()->end()`
`241`	`242`	`->end()`
`242`	`243`	`->end()`
`243`	`244`	`;`

`‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php‎`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -684,6 +684,10 @@ private function createSwitchUserListener(ContainerBuilder $container, string $i`
`684`	`684`	`thrownewInvalidConfigurationException(sprintf('Not configuring explicitly the provider for the "switch_user" listener on "%s" firewall is ambiguous as there is more than one registered provider.',$id));`
`685`	`685`	`}`
`686`	`686`
	`687`	`+if ($stateless &&$config['allow_already_switched']) {`
	`688`	`+thrownewInvalidConfigurationException(sprintf('Cannot set "allow_already_switched" to true for the "switch_user" listener on firewall "%s" as it is stateless.',$id));`
	`689`	`+ }`
	`690`	`+`
`687`	`691`	`$switchUserListenerId ='security.authentication.switchuser_listener.'.$id;`
`688`	`692`	`$listener =$container->setDefinition($switchUserListenerId,newChildDefinition('security.authentication.switchuser_listener'));`
`689`	`693`	`$listener->replaceArgument(1,newReference($userProvider));`
`@@ -692,6 +696,7 @@ private function createSwitchUserListener(ContainerBuilder $container, string $i`
`692`	`696`	`$listener->replaceArgument(6,$config['parameter']);`
`693`	`697`	`$listener->replaceArgument(7,$config['role']);`
`694`	`698`	`$listener->replaceArgument(9,$stateless);`
	`699`	`+$listener->replaceArgument(10,$config['allow_already_switched']);`
`695`	`700`
`696`	`701`	`return$switchUserListenerId;`
`697`	`702`	`}`

`‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -202,6 +202,7 @@`
`202`	`202`	`<argument>ROLE_ALLOWED_TO_SWITCH</argument>`
`203`	`203`	`<argumenttype="service"id="event_dispatcher"on-invalid="null"/>`
`204`	`204`	`<argument>false</argument><!-- Stateless-->`
	`205`	`+ <argument>false</argument><!-- Consecutive Switching-->`
`205`	`206`	`</service>`
`206`	`207`
`207`	`208`	`<serviceid="security.access_listener"class="Symfony\Component\Security\Http\Firewall\AccessListener">`

`‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -111,6 +111,7 @@ public function testFirewalls()`
`111`	`111`	`[`
`112`	`112`	`'parameter' =>'_switch_user',`
`113`	`113`	`'role' =>'ROLE_ALLOWED_TO_SWITCH',`
	`114`	`+'allow_already_switched' =>false,`
`114`	`115`	`],`
`115`	`116`	`],`
`116`	`117`	`[`

`‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/SwitchUserTest.php‎`

Lines changed: 17 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,7 @@`
`12`	`12`	`namespaceSymfony\Bundle\SecurityBundle\Tests\Functional;`
`13`	`13`
`14`	`14`	`useSymfony\Component\HttpFoundation\JsonResponse;`
	`15`	`+useSymfony\Component\Security\Core\Exception\AlreadySwitchedException;`
`15`	`16`	`useSymfony\Component\Security\Http\Firewall\SwitchUserListener;`
`16`	`17`
`17`	`18`	`class SwitchUserTestextends AbstractWebTestCase`
`@@ -36,8 +37,20 @@ public function testSwitchedUserCannotSwitchToOther()`
`36`	`37`	`$client->request('GET','/profile?_switch_user=user_cannot_switch_1');`
`37`	`38`	`$client->request('GET','/profile?_switch_user=user_cannot_switch_2');`
`38`	`39`
`39`		`-$this->assertEquals(500,$client->getResponse()->getStatusCode());`
`40`		`-$this->assertEquals('user_cannot_switch_1',$client->getProfile()->getCollector('security')->getUser());`
	`40`	`+$this->assertSame(403,$client->getResponse()->getStatusCode());`
	`41`	`+$this->assertSame(AlreadySwitchedException::class,$client->getProfile()->getCollector('exception')->getException()->getPrevious()->getPrevious()->getClass());`
	`42`	`+$this->assertSame('user_cannot_switch_1',$client->getProfile()->getCollector('security')->getUser());`
	`43`	`+ }`
	`44`	`+`
	`45`	`+publicfunctiontestAlreadySwitchedUserCanSwitch()`
	`46`	`+ {`
	`47`	`+$client =$this->createAuthenticatedClient('user_can_switch','switchuser_already_switched.yml');`
	`48`	`+`
	`49`	`+$client->request('GET','/profile?_switch_user=user_cannot_switch_1');`
	`50`	`+$client->request('GET','/profile?_switch_user=user_cannot_switch_2');`
	`51`	`+`
	`52`	`+$this->assertSame(200,$client->getResponse()->getStatusCode());`
	`53`	`+$this->assertSame('user_cannot_switch_2',$client->getProfile()->getCollector('security')->getUser());`
`41`	`54`	`}`
`42`	`55`
`43`	`56`	`publicfunctiontestSwitchedUserExit()`
`@@ -73,9 +86,9 @@ public function getTestParameters()`
`73`	`86`	`];`
`74`	`87`	`}`
`75`	`88`
`76`		`-protectedfunctioncreateAuthenticatedClient($username)`
	`89`	`+protectedfunctioncreateAuthenticatedClient($username,string$rootConfig ='switchuser.yml')`
`77`	`90`	`{`
`78`		`-$client =$this->createClient(['test_case' =>'StandardFormLogin','root_config' =>'switchuser.yml']);`
	`91`	`+$client =$this->createClient(['test_case' =>'StandardFormLogin','root_config' =>$rootConfig]);`
`79`	`92`	`$client->followRedirects(true);`
`80`	`93`
`81`	`94`	`$form =$client->request('GET','/login')->selectButton('login')->form();`

`‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/switchuser_already_switched.yml‎`

Lines changed: 14 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,14 @@`
	`1`	`+imports:`
	`2`	`+ -{ resource: ./config.yml }`
	`3`	`+`
	`4`	`+security:`
	`5`	`+providers:`
	`6`	`+in_memory:`
	`7`	`+memory:`
	`8`	`+users:`
	`9`	`+user_can_switch:{ password: test, roles: [ROLE_USER, ROLE_ALLOWED_TO_SWITCH] }`
	`10`	`+user_cannot_switch_1:{ password: test, roles: [ROLE_USER] }`
	`11`	`+user_cannot_switch_2:{ password: test, roles: [ROLE_USER] }`
	`12`	`+firewalls:`
	`13`	`+default:`
	`14`	`+switch_user:{ allow_already_switched: true }`

`‎src/Symfony/Bundle/SecurityBundle/composer.json‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@`
`21`	`21`	`"symfony/config":"^4.4\|^5.0",`
`22`	`22`	`"symfony/dependency-injection":"^4.4\|^5.0",`
`23`	`23`	`"symfony/http-kernel":"^5.0",`
`24`		`-"symfony/security-core":"^4.4\|^5.0",`
	`24`	`+"symfony/security-core":"^5.1",`
`25`	`25`	`"symfony/security-csrf":"^4.4\|^5.0",`
`26`	`26`	`"symfony/security-guard":"^4.4\|^5.0",`
`27`	`27`	`"symfony/security-http":"^5.1"`

`‎src/Symfony/Component/Security/CHANGELOG.md‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@ CHANGELOG`
`5`	`5`	`-----`
`6`	`6`
`7`	`7`	`* Added access decision strategy to override access decisions by voter service priority`
	`8`	+* Added`bool $allowAlreadySwitched` argument to the`SwitchUserListener` constructor (default`false`)
`8`	`9`
`9`	`10`	`5.0.0`
`10`	`11`	`-----`

`‎src/Symfony/Component/Security/Core/Exception/AlreadySwitchedException.php‎`

Lines changed: 21 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,21 @@`
	`1`	`+<?php`
	`2`	`+`
	`3`	`+/*`
	`4`	`+ * This file is part of the Symfony package.`
	`5`	`+ *`
	`6`	`+ * (c) Fabien Potencier <fabien@symfony.com>`
	`7`	`+ *`
	`8`	`+ * For the full copyright and license information, please view the LICENSE`
	`9`	`+ * file that was distributed with this source code.`
	`10`	`+ */`
	`11`	`+`
	`12`	`+namespaceSymfony\Component\Security\Core\Exception;`
	`13`	`+`
	`14`	`+/**`
	`15`	`+ * Thrown when trying to switch to another user while being already switched.`
	`16`	`+ *`
	`17`	`+ * @author Robin Chalas <robin.chalas@gmail.com>`
	`18`	`+ */`
	`19`	`+finalclass AlreadySwitchedExceptionextends AuthenticationException`
	`20`	`+{`
	`21`	`+}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commitee219ef

File tree

13 files changed

13 files changed

`‎src/Symfony/Bundle/SecurityBundle/CHANGELOG.md‎`

`‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php‎`

`‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php‎`

`‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml‎`

`‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php‎`

`‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/SwitchUserTest.php‎`

`‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/switchuser_already_switched.yml‎`

`‎src/Symfony/Bundle/SecurityBundle/composer.json‎`

`‎src/Symfony/Component/Security/CHANGELOG.md‎`

`‎src/Symfony/Component/Security/Core/Exception/AlreadySwitchedException.php‎`

0 commit comments