Skip to content

Commit

Permalink
Merge branch '4.4' into 5.0
Browse files Browse the repository at this point in the history 
* 4.4:
  [Security] Fixed AbstractToken::hasUserChanged()
  [DI] fix typo
  • Loading branch information
@nicolas-grekas
nicolas-grekas committed May 30, 2020
2 parents 527f3f3 + bdb01db commit 41b9595
Show file tree
Hide file tree
Showing 3 changed files with 72 additions and 4 deletions.
2 changes: 1 addition & 1 deletion src/Symfony/Component/HttpClient/Tests/DataCollector/HttpClientDataCollectorTest.php
View file
Expand Up @@ -172,7 +172,7 @@ private function httpClientThatHasTracedRequests($tracedRequests): TraceableHttp

foreach ($tracedRequests as $request) {
$response = $httpClient->request($request['method'], $request['url'], $request['options'] ?? []);
$response->getContent(false); // To avoid exception in ResponseTrait::doDestruct
$response->getContent(false); // disables exceptions from destructors
}

return $httpClient;
Expand Down
7 changes: 5 additions & 2 deletions src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
View file
Expand Up @@ -270,10 +270,13 @@ private function hasUserChanged(UserInterface $user): bool
return true;
}

$currentUserRoles = array_map('strval', (array) $this->user->getRoles());
$userRoles = array_map('strval', (array) $user->getRoles());

if (\count($userRoles) !== \count($currentUserRoles) || \count($userRoles) !== \count(array_intersect($userRoles, $currentUserRoles))) {
if ($this instanceof SwitchUserToken) {
$userRoles[] = 'ROLE_PREVIOUS_ADMIN';
}

if (\count($userRoles) !== \count($this->getRoleNames()) || \count($userRoles) !== \count(array_intersect($userRoles, $this->getRoleNames()))) {
return true;
}

Expand Down
67 changes: 66 additions & 1 deletion src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php
View file
Expand Up @@ -152,13 +152,28 @@ public function getUserChanges()
*/
public function testSetUserDoesNotSetAuthenticatedToFalseWhenUserDoesNotChange($user)
{
$token = new ConcreteToken(['ROLE_FOO']);
$token = new ConcreteToken();
$token->setAuthenticated(true);
$this->assertTrue($token->isAuthenticated());

$token->setUser($user);
$this->assertTrue($token->isAuthenticated());

$token->setUser($user);
$this->assertTrue($token->isAuthenticated());
}

public function testIsUserChangedWhenSerializing()
{
$token = new ConcreteToken(['ROLE_ADMIN']);
$token->setAuthenticated(true);
$this->assertTrue($token->isAuthenticated());

$user = new SerializableUser('wouter', ['ROLE_ADMIN']);
$token->setUser($user);
$this->assertTrue($token->isAuthenticated());

$token = unserialize(serialize($token));
$token->setUser($user);
$this->assertTrue($token->isAuthenticated());
}
Expand All @@ -179,6 +194,56 @@ public function __toString(): string
}
}

class SerializableUser implements UserInterface, \Serializable
{
private $roles;
private $name;

public function __construct($name, array $roles = [])
{
$this->name = $name;
$this->roles = $roles;
}

public function getUsername()
{
return $this->name;
}

public function getPassword()
{
return '***';
}

public function getRoles()
{
if (empty($this->roles)) {
return ['ROLE_USER'];
}

return $this->roles;
}

public function eraseCredentials()
{
}

public function getSalt()
{
return null;
}

public function serialize()
{
return serialize($this->name);
}

public function unserialize($serialized)
{
$this->name = unserialize($serialized);
}
}

class ConcreteToken extends AbstractToken
{
private $credentials = 'credentials_value';
Expand Down

0 comments on commit 41b9595

Please sign in to comment.