bug #35944 [Security/Core] Fix wrong roles comparison (thlbaut)
This PR was merged into the 4.4 branch.
Discussion
----------
[Security/Core] Fix wrong roles comparison
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix #35941
| License | MIT
Fix wrong roles comparison.
Commits
-------
7d2ad4b265
Fix wrong roles comparison
This commit is contained in:
commit
2e46c63bce
@ -317,13 +317,10 @@ abstract class AbstractToken implements TokenInterface
|
||||
return true;
|
||||
}
|
||||
|
||||
$currentUserRoles = array_map('strval', (array) $this->user->getRoles());
|
||||
$userRoles = array_map('strval', (array) $user->getRoles());
|
||||
|
||||
if ($this instanceof SwitchUserToken) {
|
||||
$userRoles[] = 'ROLE_PREVIOUS_ADMIN';
|
||||
}
|
||||
|
||||
if (\count($userRoles) !== \count($this->getRoleNames()) || \count($userRoles) !== \count(array_intersect($userRoles, $this->getRoleNames()))) {
|
||||
if (\count($userRoles) !== \count($currentUserRoles) || \count($userRoles) !== \count(array_intersect($userRoles, $currentUserRoles))) {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -238,7 +238,7 @@ class AbstractTokenTest extends TestCase
|
||||
*/
|
||||
public function testSetUserDoesNotSetAuthenticatedToFalseWhenUserDoesNotChange($user)
|
||||
{
|
||||
$token = new ConcreteToken();
|
||||
$token = new ConcreteToken(['ROLE_FOO']);
|
||||
$token->setAuthenticated(true);
|
||||
$this->assertTrue($token->isAuthenticated());
|
||||
|
||||
|
Reference in New Issue
Block a user