Passing the newly generated security token to the event during user switching.
Event allows listeners to easily switch out the token if custom token updates are required
This commit is contained in:
parent
701d41cc33
commit
4205f1bc68
@ -4,6 +4,8 @@ CHANGELOG
|
|||||||
3.4.0
|
3.4.0
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
* added a `setToken()` method to the `SwitchUserEvent` class to allow to replace the created token while switching users
|
||||||
|
when custom token generation is required by application.
|
||||||
* Using voters that do not implement the `VoterInterface`is now deprecated in
|
* Using voters that do not implement the `VoterInterface`is now deprecated in
|
||||||
the `AccessDecisionManager` and this functionality will be removed in 4.0.
|
the `AccessDecisionManager` and this functionality will be removed in 4.0.
|
||||||
|
|
||||||
|
@ -12,6 +12,7 @@
|
|||||||
namespace Symfony\Component\Security\Http\Event;
|
namespace Symfony\Component\Security\Http\Event;
|
||||||
|
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||||
use Symfony\Component\Security\Core\User\UserInterface;
|
use Symfony\Component\Security\Core\User\UserInterface;
|
||||||
use Symfony\Component\EventDispatcher\Event;
|
use Symfony\Component\EventDispatcher\Event;
|
||||||
|
|
||||||
@ -24,11 +25,13 @@ class SwitchUserEvent extends Event
|
|||||||
{
|
{
|
||||||
private $request;
|
private $request;
|
||||||
private $targetUser;
|
private $targetUser;
|
||||||
|
private $token;
|
||||||
|
|
||||||
public function __construct(Request $request, UserInterface $targetUser)
|
public function __construct(Request $request, UserInterface $targetUser, TokenInterface $token = null)
|
||||||
{
|
{
|
||||||
$this->request = $request;
|
$this->request = $request;
|
||||||
$this->targetUser = $targetUser;
|
$this->targetUser = $targetUser;
|
||||||
|
$this->token = $token;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -46,4 +49,17 @@ class SwitchUserEvent extends Event
|
|||||||
{
|
{
|
||||||
return $this->targetUser;
|
return $this->targetUser;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return TokenInterface|null
|
||||||
|
*/
|
||||||
|
public function getToken()
|
||||||
|
{
|
||||||
|
return $this->token;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function setToken(TokenInterface $token)
|
||||||
|
{
|
||||||
|
$this->token = $token;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -145,8 +145,10 @@ class SwitchUserListener implements ListenerInterface
|
|||||||
$token = new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey, $roles);
|
$token = new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey, $roles);
|
||||||
|
|
||||||
if (null !== $this->dispatcher) {
|
if (null !== $this->dispatcher) {
|
||||||
$switchEvent = new SwitchUserEvent($request, $token->getUser());
|
$switchEvent = new SwitchUserEvent($request, $token->getUser(), $token);
|
||||||
$this->dispatcher->dispatch(SecurityEvents::SWITCH_USER, $switchEvent);
|
$this->dispatcher->dispatch(SecurityEvents::SWITCH_USER, $switchEvent);
|
||||||
|
// use the token from the event in case any listeners have replaced it.
|
||||||
|
$token = $switchEvent->getToken();
|
||||||
}
|
}
|
||||||
|
|
||||||
return $token;
|
return $token;
|
||||||
@ -169,8 +171,9 @@ class SwitchUserListener implements ListenerInterface
|
|||||||
|
|
||||||
if (null !== $this->dispatcher && $original->getUser() instanceof UserInterface) {
|
if (null !== $this->dispatcher && $original->getUser() instanceof UserInterface) {
|
||||||
$user = $this->provider->refreshUser($original->getUser());
|
$user = $this->provider->refreshUser($original->getUser());
|
||||||
$switchEvent = new SwitchUserEvent($request, $user);
|
$switchEvent = new SwitchUserEvent($request, $user, $original);
|
||||||
$this->dispatcher->dispatch(SecurityEvents::SWITCH_USER, $switchEvent);
|
$this->dispatcher->dispatch(SecurityEvents::SWITCH_USER, $switchEvent);
|
||||||
|
$original = $switchEvent->getToken();
|
||||||
}
|
}
|
||||||
|
|
||||||
return $original;
|
return $original;
|
||||||
|
@ -227,4 +227,43 @@ class SwitchUserListenerTest extends TestCase
|
|||||||
$this->assertSame('page=3§ion=2', $this->request->server->get('QUERY_STRING'));
|
$this->assertSame('page=3§ion=2', $this->request->server->get('QUERY_STRING'));
|
||||||
$this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', $this->tokenStorage->getToken());
|
$this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', $this->tokenStorage->getToken());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testSwitchUserWithReplacedToken()
|
||||||
|
{
|
||||||
|
$user = new User('username', 'password', array());
|
||||||
|
$token = new UsernamePasswordToken($user, '', 'provider123', array('ROLE_FOO'));
|
||||||
|
|
||||||
|
$user = new User('replaced', 'password', array());
|
||||||
|
$replacedToken = new UsernamePasswordToken($user, '', 'provider123', array('ROLE_BAR'));
|
||||||
|
|
||||||
|
$this->tokenStorage->setToken($token);
|
||||||
|
$this->request->query->set('_switch_user', 'kuba');
|
||||||
|
|
||||||
|
$this->accessDecisionManager->expects($this->any())
|
||||||
|
->method('decide')->with($token, array('ROLE_ALLOWED_TO_SWITCH'))
|
||||||
|
->will($this->returnValue(true));
|
||||||
|
|
||||||
|
$this->userProvider->expects($this->any())
|
||||||
|
->method('loadUserByUsername')->with('kuba')
|
||||||
|
->will($this->returnValue($user));
|
||||||
|
|
||||||
|
$dispatcher = $this->getMockBuilder('Symfony\Component\EventDispatcher\EventDispatcherInterface')->getMock();
|
||||||
|
$dispatcher
|
||||||
|
->expects($this->once())
|
||||||
|
->method('dispatch')
|
||||||
|
->with(SecurityEvents::SWITCH_USER,
|
||||||
|
$this->callback(function (SwitchUserEvent $event) use ($replacedToken, $user) {
|
||||||
|
if ($user !== $event->getTargetUser()) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
$event->setToken($replacedToken);
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}));
|
||||||
|
|
||||||
|
$listener = new SwitchUserListener($this->tokenStorage, $this->userProvider, $this->userChecker, 'provider123', $this->accessDecisionManager, null, '_switch_user', 'ROLE_ALLOWED_TO_SWITCH', $dispatcher);
|
||||||
|
$listener->handle($this->event);
|
||||||
|
|
||||||
|
$this->assertSame($replacedToken, $this->tokenStorage->getToken());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user