5b6da77a96
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Fixed SwitchUserListener when exiting an impersonation with AnonymousToken
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
If you configure a firewall with switch user with `role: IS_AUTHENTICATED_ANONYMOUSLY` it's impossible to exit the
impersonation because the next line `$this->provider->refreshUser($original->getUser())` will fail. It fails because `RefreshUser`
expects an instance of `UserInterface` and here it's a string.
Therefore, it does not make sense to refresh an Anonymous Token, right ?
Commits
-------
|
||
|---|---|---|
| .. | ||
| Bridge | ||
| Bundle | ||
| Component | ||