6e75cee83e
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] fix switch user _exit without having current token
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22729
| License | MIT
| Doc PR | -
Attempting to `_exit` from a switched user caused an error when not having any token in the storage (for example happens when not logged in + disallowing anonymous users on that firewall):
`[1] Symfony\Component\Debug\Exception\FatalThrowableError: Type error: Argument 1 passed to Symfony\Component\Security\Http\Firewall\SwitchUserListener::getOriginalToken()
must be an instance of Symfony\Component\Security\Core\Authentication\Token\TokenInterface, null given, called in
symfony/symfony/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php on line 164`
Commits
-------
|
||
---|---|---|
.. | ||
Authentication | ||
Authorization | ||
EntryPoint | ||
Event | ||
Firewall | ||
Logout | ||
RememberMe | ||
Session | ||
Tests | ||
.gitignore | ||
AccessMap.php | ||
AccessMapInterface.php | ||
composer.json | ||
Firewall.php | ||
FirewallMap.php | ||
FirewallMapInterface.php | ||
HttpUtils.php | ||
LICENSE | ||
phpunit.xml.dist | ||
README.md | ||
SecurityEvents.php |
Security Component - HTTP Integration
Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. It is inspired by the Java Spring framework.