[Security] Copy token attributes when auth providers create a new token from another
PreAuthenticatedAuthenticationProvider and UserAuthenticationProvider tend to copy a token instead of modifying it during their authenticate() methods, which is probably a good idea if the token might be immutable. Ensure that the token's attributes get copied along with everything else.
This commit is contained in:
parent
d2840aaad3
commit
5113886f34
@ -68,7 +68,10 @@ class PreAuthenticatedAuthenticationProvider implements AuthenticationProviderIn
|
||||
|
||||
$this->accountChecker->checkPostAuth($user);
|
||||
|
||||
return new PreAuthenticatedToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
|
||||
$authenticatedToken = new PreAuthenticatedToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
|
||||
$authenticatedToken->setAttributes($token->getAttributes());
|
||||
|
||||
return $authenticatedToken;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -70,7 +70,10 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter
|
||||
$this->checkAuthentication($user, $token);
|
||||
$this->accountChecker->checkPostAuth($user);
|
||||
|
||||
return new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
|
||||
$authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
|
||||
$authenticatedToken->setAttributes($token->getAttributes());
|
||||
|
||||
return $authenticatedToken;
|
||||
} catch (UsernameNotFoundException $notFound) {
|
||||
if ($this->hideUserNotFoundExceptions) {
|
||||
throw new BadCredentialsException('Bad credentials', 0, $notFound);
|
||||
|
@ -60,6 +60,7 @@ class PreAuthenticatedAuthenticationProviderTest extends \PHPUnit_Framework_Test
|
||||
$this->assertEquals('pass', $token->getCredentials());
|
||||
$this->assertEquals('key', $token->getProviderKey());
|
||||
$this->assertEquals(array(), $token->getRoles());
|
||||
$this->assertEquals(array('foo' => 'bar'), $token->getAttributes(), '->authenticate() copies token attributes');
|
||||
$this->assertSame($user, $token->getUser());
|
||||
}
|
||||
|
||||
@ -103,6 +104,8 @@ class PreAuthenticatedAuthenticationProviderTest extends \PHPUnit_Framework_Test
|
||||
->will($this->returnValue('key'))
|
||||
;
|
||||
|
||||
$token->setAttributes(array('foo' => 'bar'));
|
||||
|
||||
return $token;
|
||||
}
|
||||
|
||||
|
@ -157,6 +157,7 @@ class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
|
||||
$this->assertSame($user, $authToken->getUser());
|
||||
$this->assertEquals(array(new Role('ROLE_FOO')), $authToken->getRoles());
|
||||
$this->assertEquals('foo', $authToken->getCredentials());
|
||||
$this->assertEquals(array('foo' => 'bar'), $authToken->getAttributes(), '->authenticate() copies token attributes');
|
||||
}
|
||||
|
||||
protected function getSupportedToken()
|
||||
@ -168,6 +169,8 @@ class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
|
||||
->will($this->returnValue('key'))
|
||||
;
|
||||
|
||||
$mock->setAttributes(array('foo' => 'bar'));
|
||||
|
||||
return $mock;
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user