bug #30122 [Security] fix switch user without having current token (Antoine Lamirault)
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] fix switch user without having current token
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22729
| License | MIT
Attempting to switch a user cause an error when not having any token in the storage
Commits
-------
15db914984
[Security] fix switch user without having current token
This commit is contained in:
commit
d3d880a1e7
@ -83,6 +83,10 @@ class SwitchUserListener implements ListenerInterface
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (null === $this->tokenStorage->getToken()) {
|
||||||
|
throw new AuthenticationCredentialsNotFoundException('Could not find original Token object.');
|
||||||
|
}
|
||||||
|
|
||||||
if (self::EXIT_VALUE === $username) {
|
if (self::EXIT_VALUE === $username) {
|
||||||
$this->tokenStorage->setToken($this->attemptExitUser($request));
|
$this->tokenStorage->setToken($this->attemptExitUser($request));
|
||||||
} else {
|
} else {
|
||||||
@ -164,7 +168,7 @@ class SwitchUserListener implements ListenerInterface
|
|||||||
*/
|
*/
|
||||||
private function attemptExitUser(Request $request)
|
private function attemptExitUser(Request $request)
|
||||||
{
|
{
|
||||||
if (null === ($currentToken = $this->tokenStorage->getToken()) || false === $original = $this->getOriginalToken($currentToken)) {
|
if (false === $original = $this->getOriginalToken($this->tokenStorage->getToken())) {
|
||||||
throw new AuthenticationCredentialsNotFoundException('Could not find original Token object.');
|
throw new AuthenticationCredentialsNotFoundException('Could not find original Token object.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -267,6 +267,17 @@ class SwitchUserListenerTest extends TestCase
|
|||||||
$this->assertSame($replacedToken, $this->tokenStorage->getToken());
|
$this->assertSame($replacedToken, $this->tokenStorage->getToken());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException
|
||||||
|
*/
|
||||||
|
public function testSwitchtUserThrowsAuthenticationExceptionIfNoCurrentToken()
|
||||||
|
{
|
||||||
|
$this->tokenStorage->setToken(null);
|
||||||
|
$this->request->query->set('_switch_user', 'username');
|
||||||
|
$listener = new SwitchUserListener($this->tokenStorage, $this->userProvider, $this->userChecker, 'provider123', $this->accessDecisionManager);
|
||||||
|
$listener->handle($this->event);
|
||||||
|
}
|
||||||
|
|
||||||
public function testSwitchUserStateless()
|
public function testSwitchUserStateless()
|
||||||
{
|
{
|
||||||
$token = new UsernamePasswordToken('username', '', 'key', ['ROLE_FOO']);
|
$token = new UsernamePasswordToken('username', '', 'key', ['ROLE_FOO']);
|
||||||
|
Reference in New Issue
Block a user