diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bug #34859 [SecurityBundle] Fix TokenStorage::reset not called in stateless firewall (jderusse)

Browse Source 
This PR was merged into the 4.4 branch.

Discussion
----------

[SecurityBundle] Fix TokenStorage::reset not called in stateless firewall

| Q             | A
| ------------- | ---
| Branch?       | 4.4
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | NA
| License       | MIT
| Doc PR        | NA

By default, the service `security.token_storage` is resetable. https://github.com/symfony/symfony/blob/master/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml#L22-L24

But when using a stateless application without session, the `RegisterTokenUsageTrackingPass` replace the service `security.token_storage` by an alias to `security.untracked_token_storage` (which is not tagged as resetable.

Commits
-------

616c30f185 Fix TokenStorage::reset not called in stateless firewall
This commit is contained in:
Nicolas Grekas 2019-12-06 18:42:06 +01:00
commit 70dec3c8a3
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/RegisterTokenUsageTrackingPass.php
View File

@ -43,6 +43,7 @@ class RegisterTokenUsageTrackingPass implements CompilerPassInterface
if (!$container->has('session')) {
$container->setAlias('security.token_storage', 'security.untracked_token_storage')->setPublic(true);
$container->getDefinition('security.untracked_token_storage')->addTag('kernel.reset', ['method' => 'reset']);
} elseif ($container->hasDefinition('security.context_listener')) {
$container->getDefinition('security.context_listener')
->setArgument(6, [new Reference('security.token_storage'), 'enableUsageTracking']);