diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '5.0' into 5.1

Browse Source 
* 5.0:
  [Security] Fixed AbstractToken::hasUserChanged()
  [DI] fix typo
This commit is contained in:
Nicolas Grekas 2020-05-30 23:52:37 +02:00
commit 3e05f1dafe
3 changed files with 72 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Symfony/Component/HttpClient/Tests/DataCollector/HttpClientDataCollectorTest.php
View File

@ -172,7 +172,7 @@ class HttpClientDataCollectorTest extends TestCase
foreach ($tracedRequests as $request) {
$response = $httpClient->request($request['method'], $request['url'], $request['options'] ?? []);
$response->getContent(false); // To avoid exception in ResponseTrait::doDestruct
$response->getContent(false); // disables exceptions from destructors
}
return $httpClient;

7
src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
View File

@ -270,10 +270,13 @@ abstract class AbstractToken implements TokenInterface
return true;
}
$currentUserRoles = array_map('strval', (array) $this->user->getRoles());
$userRoles = array_map('strval', (array) $user->getRoles());
if (\count($userRoles) !== \count($currentUserRoles) || \count($userRoles) !== \count(array_intersect($userRoles, $currentUserRoles))) {
if ($this instanceof SwitchUserToken) {
$userRoles[] = 'ROLE_PREVIOUS_ADMIN';
}
if (\count($userRoles) !== \count($this->getRoleNames()) || \count($userRoles) !== \count(array_intersect($userRoles, $this->getRoleNames()))) {
return true;
}

67
src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php
View File

@ -152,7 +152,7 @@ class AbstractTokenTest extends TestCase
*/
public function testSetUserDoesNotSetAuthenticatedToFalseWhenUserDoesNotChange($user)
{
$token = new ConcreteToken(['ROLE_FOO']);
$token = new ConcreteToken();
$token->setAuthenticated(true);
$this->assertTrue($token->isAuthenticated());
@ -162,6 +162,21 @@ class AbstractTokenTest extends TestCase
$token->setUser($user);
$this->assertTrue($token->isAuthenticated());
}
public function testIsUserChangedWhenSerializing()
{
$token = new ConcreteToken(['ROLE_ADMIN']);
$token->setAuthenticated(true);
$this->assertTrue($token->isAuthenticated());
$user = new SerializableUser('wouter', ['ROLE_ADMIN']);
$token->setUser($user);
$this->assertTrue($token->isAuthenticated());
$token = unserialize(serialize($token));
$token->setUser($user);
$this->assertTrue($token->isAuthenticated());
}
}
class TestUser
@ -179,6 +194,56 @@ class TestUser
}
}
class SerializableUser implements UserInterface, \Serializable
{
private $roles;
private $name;
public function __construct($name, array $roles = [])
{
$this->name = $name;
$this->roles = $roles;
}
public function getUsername()
{
return $this->name;
}
public function getPassword()
{
return '***';
}
public function getRoles()
{
if (empty($this->roles)) {
return ['ROLE_USER'];
}
return $this->roles;
}
public function eraseCredentials()
{
}
public function getSalt()
{
return null;
}
public function serialize()
{
return serialize($this->name);
}
public function unserialize($serialized)
{
$this->name = unserialize($serialized);
}
}
class ConcreteToken extends AbstractToken
{
private $credentials = 'credentials_value';