bug #22732 [Security] fix switch user _exit without having current token (dmaicher)
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] fix switch user _exit without having current token
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22729
| License | MIT
| Doc PR | -
Attempting to `_exit` from a switched user caused an error when not having any token in the storage (for example happens when not logged in + disallowing anonymous users on that firewall):
`[1] Symfony\Component\Debug\Exception\FatalThrowableError: Type error: Argument 1 passed to Symfony\Component\Security\Http\Firewall\SwitchUserListener::getOriginalToken()
must be an instance of Symfony\Component\Security\Core\Authentication\Token\TokenInterface, null given, called in
symfony/symfony/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php on line 164`
Commits
-------
16da6861be
[Security] fix switch user _exit without having current token
This commit is contained in:
commit
6e75cee83e
@ -158,7 +158,7 @@ class SwitchUserListener implements ListenerInterface
|
|||||||
*/
|
*/
|
||||||
private function attemptExitUser(Request $request)
|
private function attemptExitUser(Request $request)
|
||||||
{
|
{
|
||||||
if (false === $original = $this->getOriginalToken($this->tokenStorage->getToken())) {
|
if (null === ($currentToken = $this->tokenStorage->getToken()) || false === $original = $this->getOriginalToken($currentToken)) {
|
||||||
throw new AuthenticationCredentialsNotFoundException('Could not find original Token object.');
|
throw new AuthenticationCredentialsNotFoundException('Could not find original Token object.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -65,6 +65,17 @@ class SwitchUserListenerTest extends TestCase
|
|||||||
$this->assertNull($this->tokenStorage->getToken());
|
$this->assertNull($this->tokenStorage->getToken());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException
|
||||||
|
*/
|
||||||
|
public function testExitUserThrowsAuthenticationExceptionIfNoCurrentToken()
|
||||||
|
{
|
||||||
|
$this->tokenStorage->setToken(null);
|
||||||
|
$this->request->query->set('_switch_user', '_exit');
|
||||||
|
$listener = new SwitchUserListener($this->tokenStorage, $this->userProvider, $this->userChecker, 'provider123', $this->accessDecisionManager);
|
||||||
|
$listener->handle($this->event);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException
|
* @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException
|
||||||
*/
|
*/
|
||||||
|
Reference in New Issue
Block a user