[Security] fix switch user without having current token
This commit is contained in:
parent
bb54e40ca7
commit
15db914984
@ -83,6 +83,10 @@ class SwitchUserListener implements ListenerInterface
|
||||
return;
|
||||
}
|
||||
|
||||
if (null === $this->tokenStorage->getToken()) {
|
||||
throw new AuthenticationCredentialsNotFoundException('Could not find original Token object.');
|
||||
}
|
||||
|
||||
if (self::EXIT_VALUE === $username) {
|
||||
$this->tokenStorage->setToken($this->attemptExitUser($request));
|
||||
} else {
|
||||
@ -164,7 +168,7 @@ class SwitchUserListener implements ListenerInterface
|
||||
*/
|
||||
private function attemptExitUser(Request $request)
|
||||
{
|
||||
if (null === ($currentToken = $this->tokenStorage->getToken()) || false === $original = $this->getOriginalToken($currentToken)) {
|
||||
if (false === $original = $this->getOriginalToken($this->tokenStorage->getToken())) {
|
||||
throw new AuthenticationCredentialsNotFoundException('Could not find original Token object.');
|
||||
}
|
||||
|
||||
|
@ -267,6 +267,17 @@ class SwitchUserListenerTest extends TestCase
|
||||
$this->assertSame($replacedToken, $this->tokenStorage->getToken());
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException
|
||||
*/
|
||||
public function testSwitchtUserThrowsAuthenticationExceptionIfNoCurrentToken()
|
||||
{
|
||||
$this->tokenStorage->setToken(null);
|
||||
$this->request->query->set('_switch_user', 'username');
|
||||
$listener = new SwitchUserListener($this->tokenStorage, $this->userProvider, $this->userChecker, 'provider123', $this->accessDecisionManager);
|
||||
$listener->handle($this->event);
|
||||
}
|
||||
|
||||
public function testSwitchUserStateless()
|
||||
{
|
||||
$token = new UsernamePasswordToken('username', '', 'key', ['ROLE_FOO']);
|
||||
|
Reference in New Issue
Block a user