Bug in the identity impersonalization part of the security package #36174
Labels
Comments
|
Thanks for reporting @AllanFousse. What is the exact exception you get please? |
|
is that you need ? |
|
Yes, thank you. Can you check #36223 please? |
|
I try the modification, and it's work fine for me |
nicolas-grekas
added a commit
that referenced
this issue
Apr 1, 2020
…nt username protection errors (fancyweb) This PR was merged into the 4.4 branch. Discussion ---------- [Security][Http][SwitchUserListener] Ignore all non existent username protection errors | Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | #36174 | License | MIT | Doc PR | - Since we generate the non existent username blindly, it can lead to Doctrine exceptions or any other exception. We can catch all exceptions here but I guess it reduces the protection since the SQL query was not executed? Alternative: we can only catch Doctrine DriverException (in addition to the existing AuthenticationException) and only silent the reported error codes? Commits ------- 42311d5 [Security][Http][SwitchUserListener] Ignore all non existent username protection errors
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Symfony version(s) affected: 5.0.5
Description
Impersonalisation not working if we use Uuid for username in Postgresql database
How to reproduce
use uuid type instead string in postgresql database for username
Possible Solution
generate à uuid string instead of pure random string line 152 of SwitchUserListener.php
Additional context
the error is SQLSTATE[22P02]: Invalid text representation
The text was updated successfully, but these errors were encountered: