Skip to content

Commit

Permalink
Merge branch '6.4' into 7.1
Browse files Browse the repository at this point in the history
* 6.4:
  fix detecting anonymous exception classes on Windows and PHP 7
  skip tests requiring the intl extension if it's not installed
  [RateLimiter] Fix DateInterval normalization
  [Security] Store original token in token storage when implicitly exiting impersonation
  [Cache] Fix clear() when using Predis
  • Loading branch information
nicolas-grekas committed Nov 5, 2024
2 parents a4af934 + cc13b60 commit d551ee8
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 2 deletions.
4 changes: 3 additions & 1 deletion Firewall/SwitchUserListener.php
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ public function authenticate(RequestEvent $event): void
}

if (self::EXIT_VALUE === $username) {
$this->tokenStorage->setToken($this->attemptExitUser($request));
$this->attemptExitUser($request);
} else {
try {
$this->tokenStorage->setToken($this->attemptSwitchUser($request, $username));
Expand Down Expand Up @@ -212,6 +212,8 @@ private function attemptExitUser(Request $request): TokenInterface
$original = $switchEvent->getToken();
}

$this->tokenStorage->setToken($original);

return $original;
}

Expand Down
6 changes: 5 additions & 1 deletion Tests/Firewall/SwitchUserListenerTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
use Symfony\Component\HttpKernel\HttpKernelInterface;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
Expand Down Expand Up @@ -206,7 +207,10 @@ public function testSwitchUserAlreadySwitched()

$targetsUser = $this->callback(fn ($user) => 'kuba' === $user->getUserIdentifier());
$this->accessDecisionManager->expects($this->once())
->method('decide')->with($originalToken, ['ROLE_ALLOWED_TO_SWITCH'], $targetsUser)
->method('decide')->with(self::callback(function (TokenInterface $token) use ($originalToken, $tokenStorage) {
// the token storage should also contain the original token for voters depending on it
return $token === $originalToken && $tokenStorage->getToken() === $originalToken;
}), ['ROLE_ALLOWED_TO_SWITCH'], $targetsUser)
->willReturn(true);

$this->userChecker->expects($this->once())
Expand Down

0 comments on commit d551ee8

Please sign in to comment.