merged branch fabpot/missing-provider-key-check (PR #7937)
This PR was merged into the 2.1 branch.
Discussion
----------
added a missing check for the provider key
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
5b7e1e6
added a missing check for the provider key
This commit is contained in:
commit
759293c9f5
@ -47,7 +47,7 @@ abstract class AbstractPreAuthenticatedListener implements ListenerInterface
|
||||
}
|
||||
|
||||
/**
|
||||
* Handles X509 authentication.
|
||||
* Handles pre-authentication.
|
||||
*
|
||||
* @param GetResponseEvent $event A GetResponseEvent instance
|
||||
*/
|
||||
@ -62,7 +62,7 @@ abstract class AbstractPreAuthenticatedListener implements ListenerInterface
|
||||
list($user, $credentials) = $this->getPreAuthenticatedData($request);
|
||||
|
||||
if (null !== $token = $this->securityContext->getToken()) {
|
||||
if ($token instanceof PreAuthenticatedToken && $token->isAuthenticated() && $token->getUsername() === $user) {
|
||||
if ($token instanceof PreAuthenticatedToken && $this->providerKey == $token->getProviderKey() && $token->isAuthenticated() && $token->getUsername() === $user) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user