bug #19778 [Security] Fixed roles serialization on token from user object (eko)
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fixed roles serialization on token from user object
| Q | A |
| --- | --- |
| Branch? | 2.7 |
| Bug fix? | yes |
| New feature? | no |
| BC breaks? | no |
| Deprecations? | no |
| Tests pass? | yes |
| Fixed tickets | #14274 |
| License | MIT |
| Doc PR | - |
This PR fixes the serialization of tokens when using `Role` objects provided from the user. Indeed, there were actually a reference issue that can causes fatal errors like the following one:
```
FatalErrorException in RoleHierarchy.php line 43:
Error: Call to a member function getRole() on string
```
Here is a small code example to reproduce and its output:
``` php
$user = new Symfony\Component\Security\Core\User\User('name', 'password', [
new Symfony\Component\Security\Core\Role\Role('name')
]);
$token = new Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken($user, 'password', 'providerKey', $user->getRoles());
$serialized = serialize($token);
$unserialized = unserialize($serialized);
var_dump($unserialized->getRoles());
```
Before:
```
array(1) { [0]=> bool(true) }
```
After:
```
array(1) { [0]=> object(Symfony\Component\Security\Core\Role\Role)#15 (1) {["role":"Symfony\Component\Security\Core\Role\Role":private]=> string(4) "name" } }
```
Thank you
Commits
-------
dfa7f5020e [Security] Fixed roles serialization on token from user object
This commit is contained in:
Fabien Potencier
commit
a6b20d1e5c
@ -150,7 +150,7 @@ abstract class AbstractToken implements TokenInterface
|
||||
array(
|
||||
is_object($this->user) ? clone $this->user : $this->user,
|
||||
$this->authenticated,
|
||||
$this->roles,
|
||||
array_map(function ($role) { return clone $role; }, $this->roles),
|
||||
$this->attributes,
|
||||
)
|
||||
);
|
||||
|
||||
@ -221,7 +221,7 @@ class UserAuthenticationProviderTest extends TestCase
|
||||
$this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', $authToken);
|
||||
$this->assertSame($user, $authToken->getUser());
|
||||
$this->assertContains(new Role('ROLE_FOO'), $authToken->getRoles(), '', false, false);
|
||||
$this->assertContains($switchUserRole, $authToken->getRoles());
|
||||
$this->assertContains($switchUserRole, $authToken->getRoles(), '', false, false);
|
||||
$this->assertEquals('foo', $authToken->getCredentials());
|
||||
$this->assertEquals(array('foo' => 'bar'), $authToken->getAttributes(), '->authenticate() copies token attributes');
|
||||
}
|
||||
|
||||
@ -15,6 +15,7 @@ use PHPUnit\Framework\TestCase;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
|
||||
use Symfony\Component\Security\Core\Role\Role;
|
||||
use Symfony\Component\Security\Core\Role\SwitchUserRole;
|
||||
use Symfony\Component\Security\Core\User\User;
|
||||
|
||||
class TestUser
|
||||
{
|
||||
@ -89,7 +90,7 @@ class AbstractTokenTest extends TestCase
|
||||
|
||||
public function testSerialize()
|
||||
{
|
||||
$token = $this->getToken(array('ROLE_FOO'));
|
||||
$token = $this->getToken(array('ROLE_FOO', new Role('ROLE_BAR')));
|
||||
$token->setAttributes(array('foo' => 'bar'));
|
||||
|
||||
$uToken = unserialize(serialize($token));
|
||||
@ -98,6 +99,19 @@ class AbstractTokenTest extends TestCase
|
||||
$this->assertEquals($token->getAttributes(), $uToken->getAttributes());
|
||||
}
|
||||
|
||||
public function testSerializeWithRoleObjects()
|
||||
{
|
||||
$user = new User('name', 'password', array(new Role('ROLE_FOO'), new Role('ROLE_BAR')));
|
||||
$token = new ConcreteToken($user, $user->getRoles());
|
||||
|
||||
$serialized = serialize($token);
|
||||
$unserialized = unserialize($serialized);
|
||||
|
||||
$roles = $unserialized->getRoles();
|
||||
|
||||
$this->assertEquals($roles, $user->getRoles());
|
||||
}
|
||||
|
||||
public function testSerializeParent()
|
||||
{
|
||||
$user = new TestUser('fabien');
|
||||
|
||||
Reference in New Issue
Block a user