diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Security] Fixed roles serialization on token from user object

Browse Source
This commit is contained in:
Vincent Composieux 2016-08-29 20:28:05 +02:00
parent 79e25a9848
commit dfa7f5020e
No known key found for this signature in database
GPG Key ID: 097ADC11BEEA8D8C
3 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
View File

@ -150,7 +150,7 @@ abstract class AbstractToken implements TokenInterface
array(
is_object($this->user) ? clone $this->user : $this->user,
$this->authenticated,
$this->roles,
array_map(function ($role) { return clone $role; }, $this->roles),
$this->attributes,
)
);

2
src/Symfony/Component/Security/Core/Tests/Authentication/Provider/UserAuthenticationProviderTest.php
View File

@ -220,7 +220,7 @@ class UserAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
$this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', $authToken);
$this->assertSame($user, $authToken->getUser());
$this->assertContains(new Role('ROLE_FOO'), $authToken->getRoles(), '', false, false);
$this->assertContains($switchUserRole, $authToken->getRoles());
$this->assertContains($switchUserRole, $authToken->getRoles(), '', false, false);
$this->assertEquals('foo', $authToken->getCredentials());
$this->assertEquals(array('foo' => 'bar'), $authToken->getAttributes(), '->authenticate() copies token attributes');
}

16
src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php
View File

@ -14,6 +14,7 @@ namespace Symfony\Component\Security\Core\Tests\Authentication\Token;
use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
use Symfony\Component\Security\Core\Role\Role;
use Symfony\Component\Security\Core\Role\SwitchUserRole;
use Symfony\Component\Security\Core\User\User;
class TestUser
{
@ -87,7 +88,7 @@ class AbstractTokenTest extends \PHPUnit_Framework_TestCase
public function testSerialize()
{
$token = $this->getToken(array('ROLE_FOO'));
$token = $this->getToken(array('ROLE_FOO', new Role('ROLE_BAR')));
$token->setAttributes(array('foo' => 'bar'));
$uToken = unserialize(serialize($token));
@ -96,6 +97,19 @@ class AbstractTokenTest extends \PHPUnit_Framework_TestCase
$this->assertEquals($token->getAttributes(), $uToken->getAttributes());
}
public function testSerializeWithRoleObjects()
{
$user = new User('name', 'password', array(new Role('ROLE_FOO'), new Role('ROLE_BAR')));
$token = new ConcreteToken($user, $user->getRoles());
$serialized = serialize($token);
$unserialized = unserialize($serialized);
$roles = $unserialized->getRoles();
$this->assertEquals($roles, $user->getRoles());
}
public function testSerializeParent()
{
$user = new TestUser('fabien');