[Security] Copy token attributes when auth providers create a new token from another
PreAuthenticatedAuthenticationProvider and UserAuthenticationProvider tend to copy a token instead of modifying it during their authenticate() methods, which is probably a good idea if the token might be immutable. Ensure that the token's attributes get copied along with everything else.
This commit is contained in:
parent
d2840aaad3
commit
5113886f34
@ -68,7 +68,10 @@ class PreAuthenticatedAuthenticationProvider implements AuthenticationProviderIn
|
|||||||
|
|
||||||
$this->accountChecker->checkPostAuth($user);
|
$this->accountChecker->checkPostAuth($user);
|
||||||
|
|
||||||
return new PreAuthenticatedToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
|
$authenticatedToken = new PreAuthenticatedToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
|
||||||
|
$authenticatedToken->setAttributes($token->getAttributes());
|
||||||
|
|
||||||
|
return $authenticatedToken;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -70,7 +70,10 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter
|
|||||||
$this->checkAuthentication($user, $token);
|
$this->checkAuthentication($user, $token);
|
||||||
$this->accountChecker->checkPostAuth($user);
|
$this->accountChecker->checkPostAuth($user);
|
||||||
|
|
||||||
return new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
|
$authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $this->providerKey, $user->getRoles());
|
||||||
|
$authenticatedToken->setAttributes($token->getAttributes());
|
||||||
|
|
||||||
|
return $authenticatedToken;
|
||||||
} catch (UsernameNotFoundException $notFound) {
|
} catch (UsernameNotFoundException $notFound) {
|
||||||
if ($this->hideUserNotFoundExceptions) {
|
if ($this->hideUserNotFoundExceptions) {
|
||||||
throw new BadCredentialsException('Bad credentials', 0, $notFound);
|
throw new BadCredentialsException('Bad credentials', 0, $notFound);
|
||||||
|
@ -60,6 +60,7 @@ class PreAuthenticatedAuthenticationProviderTest extends \PHPUnit_Framework_Test
|
|||||||
$this->assertEquals('pass', $token->getCredentials());
|
$this->assertEquals('pass', $token->getCredentials());
|
||||||
$this->assertEquals('key', $token->getProviderKey());
|
$this->assertEquals('key', $token->getProviderKey());
|
||||||
$this->assertEquals(array(), $token->getRoles());
|
$this->assertEquals(array(), $token->getRoles());
|
||||||
|
$this->assertEquals(array('foo' => 'bar'), $token->getAttributes(), '->authenticate() copies token attributes');
|
||||||
$this->assertSame($user, $token->getUser());
|
$this->assertSame($user, $token->getUser());
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -103,6 +104,8 @@ class PreAuthenticatedAuthenticationProviderTest extends \PHPUnit_Framework_Test
|
|||||||
->will($this->returnValue('key'))
|
->will($this->returnValue('key'))
|
||||||
;
|
;
|
||||||
|
|
||||||
|
$token->setAttributes(array('foo' => 'bar'));
|
||||||
|
|
||||||
return $token;
|
return $token;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -157,6 +157,7 @@ class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
|
|||||||
$this->assertSame($user, $authToken->getUser());
|
$this->assertSame($user, $authToken->getUser());
|
||||||
$this->assertEquals(array(new Role('ROLE_FOO')), $authToken->getRoles());
|
$this->assertEquals(array(new Role('ROLE_FOO')), $authToken->getRoles());
|
||||||
$this->assertEquals('foo', $authToken->getCredentials());
|
$this->assertEquals('foo', $authToken->getCredentials());
|
||||||
|
$this->assertEquals(array('foo' => 'bar'), $authToken->getAttributes(), '->authenticate() copies token attributes');
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function getSupportedToken()
|
protected function getSupportedToken()
|
||||||
@ -168,6 +169,8 @@ class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
|
|||||||
->will($this->returnValue('key'))
|
->will($this->returnValue('key'))
|
||||||
;
|
;
|
||||||
|
|
||||||
|
$mock->setAttributes(array('foo' => 'bar'));
|
||||||
|
|
||||||
return $mock;
|
return $mock;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user