Merge branch '3.4' into 4.4
* 3.4: [Security] Allow switching to another user when already switched
This commit is contained in:
commit
3057c68b93
@ -29,15 +29,15 @@ class SwitchUserTest extends AbstractWebTestCase
|
|||||||
$this->assertEquals($expectedUser, $client->getProfile()->getCollector('security')->getUser());
|
$this->assertEquals($expectedUser, $client->getProfile()->getCollector('security')->getUser());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testSwitchedUserCannotSwitchToOther()
|
public function testSwitchedUserCanSwitchToOther()
|
||||||
{
|
{
|
||||||
$client = $this->createAuthenticatedClient('user_can_switch');
|
$client = $this->createAuthenticatedClient('user_can_switch');
|
||||||
|
|
||||||
$client->request('GET', '/profile?_switch_user=user_cannot_switch_1');
|
$client->request('GET', '/profile?_switch_user=user_cannot_switch_1');
|
||||||
$client->request('GET', '/profile?_switch_user=user_cannot_switch_2');
|
$client->request('GET', '/profile?_switch_user=user_cannot_switch_2');
|
||||||
|
|
||||||
$this->assertEquals(500, $client->getResponse()->getStatusCode());
|
$this->assertEquals(200, $client->getResponse()->getStatusCode());
|
||||||
$this->assertEquals('user_cannot_switch_1', $client->getProfile()->getCollector('security')->getUser());
|
$this->assertEquals('user_cannot_switch_2', $client->getProfile()->getCollector('security')->getUser());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testSwitchedUserExit()
|
public function testSwitchedUserExit()
|
||||||
|
@ -24,7 +24,7 @@
|
|||||||
"symfony/security-core": "^4.4",
|
"symfony/security-core": "^4.4",
|
||||||
"symfony/security-csrf": "^4.2|^5.0",
|
"symfony/security-csrf": "^4.2|^5.0",
|
||||||
"symfony/security-guard": "^4.2|^5.0",
|
"symfony/security-guard": "^4.2|^5.0",
|
||||||
"symfony/security-http": "^4.4.3"
|
"symfony/security-http": "^4.4.5"
|
||||||
},
|
},
|
||||||
"require-dev": {
|
"require-dev": {
|
||||||
"doctrine/doctrine-bundle": "^1.5|^2.0",
|
"doctrine/doctrine-bundle": "^1.5|^2.0",
|
||||||
|
@ -154,7 +154,8 @@ class SwitchUserListener extends AbstractListener implements ListenerInterface
|
|||||||
return $token;
|
return $token;
|
||||||
}
|
}
|
||||||
|
|
||||||
throw new \LogicException(sprintf('You are already switched to "%s" user.', $token->getUsername()));
|
// User already switched, exit before seamlessly switching to another user
|
||||||
|
$token = $this->attemptExitUser($request);
|
||||||
}
|
}
|
||||||
|
|
||||||
$currentUsername = $token->getUsername();
|
$currentUsername = $token->getUsername();
|
||||||
@ -189,7 +190,7 @@ class SwitchUserListener extends AbstractListener implements ListenerInterface
|
|||||||
$this->userChecker->checkPostAuth($user);
|
$this->userChecker->checkPostAuth($user);
|
||||||
|
|
||||||
$roles = $user->getRoles();
|
$roles = $user->getRoles();
|
||||||
$roles[] = new SwitchUserRole('ROLE_PREVIOUS_ADMIN', $this->tokenStorage->getToken(), false);
|
$roles[] = new SwitchUserRole('ROLE_PREVIOUS_ADMIN', $token, false);
|
||||||
|
|
||||||
$token = new SwitchUserToken($user, $user->getPassword(), $this->providerKey, $roles, $token);
|
$token = new SwitchUserToken($user, $user->getPassword(), $this->providerKey, $roles, $token);
|
||||||
|
|
||||||
|
@ -240,6 +240,39 @@ class SwitchUserListenerTest extends TestCase
|
|||||||
$this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', $this->tokenStorage->getToken());
|
$this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', $this->tokenStorage->getToken());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testSwitchUserAlreadySwitched()
|
||||||
|
{
|
||||||
|
$originalToken = new UsernamePasswordToken('original', null, 'key', ['ROLE_FOO']);
|
||||||
|
$alreadySwitchedToken = new SwitchUserToken('switched_1', null, 'key', ['ROLE_BAR'], $originalToken);
|
||||||
|
|
||||||
|
$tokenStorage = new TokenStorage();
|
||||||
|
$tokenStorage->setToken($alreadySwitchedToken);
|
||||||
|
|
||||||
|
$targetUser = new User('kuba', 'password', ['ROLE_FOO', 'ROLE_BAR']);
|
||||||
|
|
||||||
|
$this->request->query->set('_switch_user', 'kuba');
|
||||||
|
|
||||||
|
$this->accessDecisionManager->expects($this->once())
|
||||||
|
->method('decide')->with($originalToken, ['ROLE_ALLOWED_TO_SWITCH'], $targetUser)
|
||||||
|
->willReturn(true);
|
||||||
|
|
||||||
|
$this->userProvider->expects($this->exactly(2))
|
||||||
|
->method('loadUserByUsername')
|
||||||
|
->withConsecutive(['kuba'])
|
||||||
|
->will($this->onConsecutiveCalls($targetUser, $this->throwException(new UsernameNotFoundException())));
|
||||||
|
$this->userChecker->expects($this->once())
|
||||||
|
->method('checkPostAuth')->with($targetUser);
|
||||||
|
|
||||||
|
$listener = new SwitchUserListener($tokenStorage, $this->userProvider, $this->userChecker, 'provider123', $this->accessDecisionManager, null, '_switch_user', 'ROLE_ALLOWED_TO_SWITCH', null, false);
|
||||||
|
$listener($this->event);
|
||||||
|
|
||||||
|
$this->assertSame([], $this->request->query->all());
|
||||||
|
$this->assertSame('', $this->request->server->get('QUERY_STRING'));
|
||||||
|
$this->assertInstanceOf(SwitchUserToken::class, $tokenStorage->getToken());
|
||||||
|
$this->assertSame('kuba', $tokenStorage->getToken()->getUsername());
|
||||||
|
$this->assertSame($originalToken, $tokenStorage->getToken()->getOriginalToken());
|
||||||
|
}
|
||||||
|
|
||||||
public function testSwitchUserWorksWithFalsyUsernames()
|
public function testSwitchUserWorksWithFalsyUsernames()
|
||||||
{
|
{
|
||||||
$token = new UsernamePasswordToken('username', '', 'key', ['ROLE_FOO']);
|
$token = new UsernamePasswordToken('username', '', 'key', ['ROLE_FOO']);
|
||||||
|
Reference in New Issue
Block a user