[Security] Fixed AbstractToken::hasUserChanged()
This commit is contained in:
Wouter de Jong
Nicolas Grekas
parent
96d2d19de2
commit
f297beb42c
|
|
@ -317,10 +317,13 @@ abstract class AbstractToken implements TokenInterface
|
|||
return true;
|
||||
}
|
||||
|
||||
$currentUserRoles = array_map('strval', (array) $this->user->getRoles());
|
||||
$userRoles = array_map('strval', (array) $user->getRoles());
|
||||
|
||||
if (\count($userRoles) !== \count($currentUserRoles) || \count($userRoles) !== \count(array_intersect($userRoles, $currentUserRoles))) {
|
||||
if ($this instanceof SwitchUserToken) {
|
||||
$userRoles[] = 'ROLE_PREVIOUS_ADMIN';
|
||||
}
|
||||
|
||||
if (\count($userRoles) !== \count($this->getRoleNames()) || \count($userRoles) !== \count(array_intersect($userRoles, $this->getRoleNames()))) {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -238,7 +238,7 @@ class AbstractTokenTest extends TestCase
|
|||
*/
|
||||
public function testSetUserDoesNotSetAuthenticatedToFalseWhenUserDoesNotChange($user)
|
||||
{
|
||||
$token = new ConcreteToken(['ROLE_FOO']);
|
||||
$token = new ConcreteToken();
|
||||
$token->setAuthenticated(true);
|
||||
$this->assertTrue($token->isAuthenticated());
|
||||
|
||||
|
|
@ -248,6 +248,21 @@ class AbstractTokenTest extends TestCase
|
|||
$token->setUser($user);
|
||||
$this->assertTrue($token->isAuthenticated());
|
||||
}
|
||||
|
||||
public function testIsUserChangedWhenSerializing()
|
||||
{
|
||||
$token = new ConcreteToken(['ROLE_ADMIN']);
|
||||
$token->setAuthenticated(true);
|
||||
$this->assertTrue($token->isAuthenticated());
|
||||
|
||||
$user = new SerializableUser('wouter', ['ROLE_ADMIN']);
|
||||
$token->setUser($user);
|
||||
$this->assertTrue($token->isAuthenticated());
|
||||
|
||||
$token = unserialize(serialize($token));
|
||||
$token->setUser($user);
|
||||
$this->assertTrue($token->isAuthenticated());
|
||||
}
|
||||
}
|
||||
|
||||
class TestUser
|
||||
|
|
@ -265,6 +280,56 @@ class TestUser
|
|||
}
|
||||
}
|
||||
|
||||
class SerializableUser implements UserInterface, \Serializable
|
||||
{
|
||||
private $roles;
|
||||
private $name;
|
||||
|
||||
public function __construct($name, array $roles = [])
|
||||
{
|
||||
$this->name = $name;
|
||||
$this->roles = $roles;
|
||||
}
|
||||
|
||||
public function getUsername()
|
||||
{
|
||||
return $this->name;
|
||||
}
|
||||
|
||||
public function getPassword()
|
||||
{
|
||||
return '***';
|
||||
}
|
||||
|
||||
public function getRoles()
|
||||
{
|
||||
if (empty($this->roles)) {
|
||||
return ['ROLE_USER'];
|
||||
}
|
||||
|
||||
return $this->roles;
|
||||
}
|
||||
|
||||
public function eraseCredentials()
|
||||
{
|
||||
}
|
||||
|
||||
public function getSalt()
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
public function serialize()
|
||||
{
|
||||
return serialize($this->name);
|
||||
}
|
||||
|
||||
public function unserialize($serialized)
|
||||
{
|
||||
$this->name = unserialize($serialized);
|
||||
}
|
||||
}
|
||||
|
||||
class ConcreteToken extends AbstractToken
|
||||
{
|
||||
private $credentials = 'credentials_value';
|
||||
|
|
|
|||
Reference in New Issue