[Security] #[CurrentUser] argument should resolve to null when it is anonymous
This commit is contained in:
parent
5028aaf542
commit
8d3078dd35
|
@ -35,12 +35,9 @@ final class UserValueResolver implements ArgumentValueResolverInterface
|
|||
|
||||
public function supports(Request $request, ArgumentMetadata $argument): bool
|
||||
{
|
||||
if ($argument->getAttribute() instanceof CurrentUser) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// only security user implementations are supported
|
||||
if (UserInterface::class !== $argument->getType()) {
|
||||
// with the attribute, the type can be any UserInterface implementation
|
||||
// otherwise, the type must be UserInterface
|
||||
if (UserInterface::class !== $argument->getType() && !$argument->getAttribute() instanceof CurrentUser) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
@ -83,6 +83,17 @@ class UserValueResolverTest extends TestCase
|
|||
$this->assertSame([$user], iterator_to_array($resolver->resolve(Request::create('/'), $metadata)));
|
||||
}
|
||||
|
||||
public function testResolveWithAttributeAndNoUser()
|
||||
{
|
||||
$tokenStorage = new TokenStorage();
|
||||
$tokenStorage->setToken(new UsernamePasswordToken('username', 'password', 'provider'));
|
||||
|
||||
$resolver = new UserValueResolver($tokenStorage);
|
||||
$metadata = new ArgumentMetadata('foo', null, false, false, null, false, new CurrentUser());
|
||||
|
||||
$this->assertFalse($resolver->supports(Request::create('/'), $metadata));
|
||||
}
|
||||
|
||||
public function testIntegration()
|
||||
{
|
||||
$user = $this->createMock(UserInterface::class);
|
||||
|
|
Reference in New Issue