diogo
/
symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bug #22732 [Security] fix switch user _exit without having current token (dmaicher) 

This PR was merged into the 2.7 branch.

Discussion
----------

[Security] fix switch user _exit without having current token

| Q             | A
| ------------- | ---
| Branch?       | 2.7
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #22729
| License       | MIT
| Doc PR        | -

Attempting to `_exit` from a switched user caused an error when not having any token in the storage (for example happens when not logged in + disallowing anonymous users on that firewall):

`[1] Symfony\Component\Debug\Exception\FatalThrowableError: Type error: Argument 1 passed to Symfony\Component\Security\Http\Firewall\SwitchUserListener::getOriginalToken()
        must be an instance of Symfony\Component\Security\Core\Authentication\Token\TokenInterface, null given, called in
        symfony/symfony/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php on line 164`

Commits
-------

16da6861be [Security] fix switch user _exit without having current token
This commit is contained in:
Fabien Potencier 2017-06-19 11:57:05 -07:00
parent 71b61b04a1 16da6861be
commit 6e75cee83e
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php
View File

@ -158,7 +158,7 @@ class SwitchUserListener implements ListenerInterface
*/
private function attemptExitUser(Request $request)
{
if (false === $original = $this->getOriginalToken($this->tokenStorage->getToken())) {
if (null === ($currentToken = $this->tokenStorage->getToken()) || false === $original = $this->getOriginalToken($currentToken)) {
throw new AuthenticationCredentialsNotFoundException('Could not find original Token object.');
}

11
src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php
View File

@ -65,6 +65,17 @@ class SwitchUserListenerTest extends TestCase
$this->assertNull($this->tokenStorage->getToken());
}
/**
* @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException
*/
public function testExitUserThrowsAuthenticationExceptionIfNoCurrentToken()
{
$this->tokenStorage->setToken(null);
$this->request->query->set('_switch_user', '_exit');
$listener = new SwitchUserListener($this->tokenStorage, $this->userProvider, $this->userChecker, 'provider123', $this->accessDecisionManager);
$listener->handle($this->event);
}
/**
* @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException
*/