Fix parent serialization of user object

2013-12-17 21:46:42 +01:00 · 2013-12-17 21:46:42 +01:00 · 2d64dfc872
commit 2d64dfc872
parent 51316223fc
2 changed files with 49 additions and 1 deletions
--- a/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
+++ b/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
@ -146,7 +146,14 @@ abstract class AbstractToken implements TokenInterface
     */
    public function serialize()
    {
-        return serialize(array($this->user, $this->authenticated, $this->roles, $this->attributes));
+        return serialize(
+            array(
+                is_object($this->user) ? clone $this->user : $this->user,
+                $this->authenticated,
+                $this->roles,
+                $this->attributes
+            )
+        );
    }

    /**
--- a/src/Symfony/Component/Security/Tests/Core/Authentication/Token/AbstractTokenTest.php
+++ b/src/Symfony/Component/Security/Tests/Core/Authentication/Token/AbstractTokenTest.php
@ -11,7 +11,9 @@

 namespace Symfony\Component\Security\Tests\Core\Authentication\Token;

+use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
 use Symfony\Component\Security\Core\Role\Role;
+use Symfony\Component\Security\Core\Role\SwitchUserRole;

 class TestUser
 {
@ -28,6 +30,31 @@ class TestUser
    }
 }

+class ConcreteToken extends AbstractToken
+{
+    private $credentials = 'credentials_value';
+
+    public function __construct($user, array $roles = array())
+    {
+        parent::__construct($roles);
+
+        $this->setUser($user);
+    }
+
+    public function serialize()
+    {
+        return serialize(array($this->credentials, parent::serialize()));
+    }
+
+    public function unserialize($serialized)
+    {
+        list($this->credentials, $parentStr) = unserialize($serialized);
+        parent::unserialize($parentStr);
+    }
+
+    public function getCredentials() {}
+}
+
 class AbstractTokenTest extends \PHPUnit_Framework_TestCase
 {
    public function testGetUsername()
@ -71,6 +98,20 @@ class AbstractTokenTest extends \PHPUnit_Framework_TestCase
        $this->assertEquals($token->getAttributes(), $uToken->getAttributes());
    }

+    public function testSerializeParent()
+    {
+        $user = new TestUser('fabien');
+        $token = new ConcreteToken($user, array('ROLE_FOO'));
+
+        $parentToken = new ConcreteToken($user, array(new SwitchUserRole('ROLE_PREVIOUS', $token)));
+        $uToken = unserialize(serialize($parentToken));
+
+        $this->assertEquals(
+            current($parentToken->getRoles())->getSource()->getUser(),
+            current($uToken->getRoles())->getSource()->getUser()
+        );
+    }
+
    /**
     * @covers Symfony\Component\Security\Core\Authentication\Token\AbstractToken::__construct
     */