bug #40286 [Security] #[CurrentUser] arguments should resolve to null for "anon." (chalasr)
This PR was merged into the 5.2 branch. Discussion ---------- [Security] #[CurrentUser] arguments should resolve to null for "anon." | Q | A | ------------- | --- | Branch? | 5.2 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | - | License | MIT | Doc PR | - The UserValueResolver should only resolve `UserInterface` (or subtype) typed arguments:bc9e946a56/src/Symfony/Component/Security/Http/Controller/UserValueResolver.php (L54-L55)
When using the `#CurrentUser` attribute with an AnonymousToken in the storage, the resolved argument value is `anon.`. This PR fixes it. /cc @jvasseur Commits -------8d3078dd35
[Security] #[CurrentUser] argument should resolve to null when it is anonymous
This commit is contained in:
commit
b03731981a
@ -35,12 +35,9 @@ final class UserValueResolver implements ArgumentValueResolverInterface
|
|||||||
|
|
||||||
public function supports(Request $request, ArgumentMetadata $argument): bool
|
public function supports(Request $request, ArgumentMetadata $argument): bool
|
||||||
{
|
{
|
||||||
if ($argument->getAttribute() instanceof CurrentUser) {
|
// with the attribute, the type can be any UserInterface implementation
|
||||||
return true;
|
// otherwise, the type must be UserInterface
|
||||||
}
|
if (UserInterface::class !== $argument->getType() && !$argument->getAttribute() instanceof CurrentUser) {
|
||||||
|
|
||||||
// only security user implementations are supported
|
|
||||||
if (UserInterface::class !== $argument->getType()) {
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -83,6 +83,17 @@ class UserValueResolverTest extends TestCase
|
|||||||
$this->assertSame([$user], iterator_to_array($resolver->resolve(Request::create('/'), $metadata)));
|
$this->assertSame([$user], iterator_to_array($resolver->resolve(Request::create('/'), $metadata)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testResolveWithAttributeAndNoUser()
|
||||||
|
{
|
||||||
|
$tokenStorage = new TokenStorage();
|
||||||
|
$tokenStorage->setToken(new UsernamePasswordToken('username', 'password', 'provider'));
|
||||||
|
|
||||||
|
$resolver = new UserValueResolver($tokenStorage);
|
||||||
|
$metadata = new ArgumentMetadata('foo', null, false, false, null, false, new CurrentUser());
|
||||||
|
|
||||||
|
$this->assertFalse($resolver->supports(Request::create('/'), $metadata));
|
||||||
|
}
|
||||||
|
|
||||||
public function testIntegration()
|
public function testIntegration()
|
||||||
{
|
{
|
||||||
$user = $this->createMock(UserInterface::class);
|
$user = $this->createMock(UserInterface::class);
|
||||||
|
Reference in New Issue
Block a user