merged branch fabpot/missing-provider-key-check (PR #7937)
This PR was merged into the 2.1 branch.
Discussion
----------
added a missing check for the provider key
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
5b7e1e6
added a missing check for the provider key
This commit is contained in:
commit
759293c9f5
@ -47,7 +47,7 @@ abstract class AbstractPreAuthenticatedListener implements ListenerInterface
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Handles X509 authentication.
|
* Handles pre-authentication.
|
||||||
*
|
*
|
||||||
* @param GetResponseEvent $event A GetResponseEvent instance
|
* @param GetResponseEvent $event A GetResponseEvent instance
|
||||||
*/
|
*/
|
||||||
@ -62,7 +62,7 @@ abstract class AbstractPreAuthenticatedListener implements ListenerInterface
|
|||||||
list($user, $credentials) = $this->getPreAuthenticatedData($request);
|
list($user, $credentials) = $this->getPreAuthenticatedData($request);
|
||||||
|
|
||||||
if (null !== $token = $this->securityContext->getToken()) {
|
if (null !== $token = $this->securityContext->getToken()) {
|
||||||
if ($token instanceof PreAuthenticatedToken && $token->isAuthenticated() && $token->getUsername() === $user) {
|
if ($token instanceof PreAuthenticatedToken && $this->providerKey == $token->getProviderKey() && $token->isAuthenticated() && $token->getUsername() === $user) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user