diogo
/
symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Security] Skip user checks if not implementing UserInterface

This commit is contained in:
Robin Chalas 2018-04-25 13:23:26 +02:00
parent e775871d82
commit 384acf9f7f
2 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Symfony/Component/Security/Core/Authentication/Provider/SimpleAuthenticationProvider.php
View File

@ -13,6 +13,7 @@ namespace Symfony\Component\Security\Core\Authentication\Provider;
use Symfony\Component\Security\Core\User\UserChecker;
use Symfony\Component\Security\Core\User\UserCheckerInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface;
@ -45,6 +46,11 @@ class SimpleAuthenticationProvider implements AuthenticationProviderInterface
}
$user = $authToken->getUser();
if (!$user instanceof UserInterface) {
return $authToken;
}
$this->userChecker->checkPreAuth($user);
$this->userChecker->checkPostAuth($user);

15
src/Symfony/Component/Security/Core/Tests/Authentication/Provider/SimpleAuthenticationProviderTest.php
View File

@ -15,6 +15,7 @@ use PHPUnit\Framework\TestCase;
use Symfony\Component\Security\Core\Exception\DisabledException;
use Symfony\Component\Security\Core\Authentication\Provider\SimpleAuthenticationProvider;
use Symfony\Component\Security\Core\Exception\LockedException;
use Symfony\Component\Security\Core\User\UserChecker;
class SimpleAuthenticationProviderTest extends TestCase
{
@ -72,6 +73,20 @@ class SimpleAuthenticationProviderTest extends TestCase
$provider->authenticate($token);
}
public function testAuthenticateSkipsUserChecksForNonUserInterfaceObjects()
{
$token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock();
$token->expects($this->any())
->method('getUser')
->will($this->returnValue('string-user'));
$authenticator = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\SimpleAuthenticatorInterface')->getMock();
$authenticator->expects($this->once())
->method('authenticateToken')
->will($this->returnValue($token));
$this->assertSame($token, $this->getProvider($authenticator, null, new UserChecker())->authenticate($token));
}
protected function getProvider($simpleAuthenticator = null, $userProvider = null, $userChecker = null, $key = 'test')
{
if (null === $userChecker) {