New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug in the identity impersonalization part of the security package #36174
Labels
Comments
Thanks for reporting @AllanFousse. What is the exact exception you get please? |
Yes, thank you. Can you check #36223 please? |
I try the modification, and it's work fine for me |
nicolas-grekas
added a commit
that referenced
this issue
Apr 1, 2020
…nt username protection errors (fancyweb) This PR was merged into the 4.4 branch. Discussion ---------- [Security][Http][SwitchUserListener] Ignore all non existent username protection errors | Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | #36174 | License | MIT | Doc PR | - Since we generate the non existent username blindly, it can lead to Doctrine exceptions or any other exception. We can catch all exceptions here but I guess it reduces the protection since the SQL query was not executed? Alternative: we can only catch Doctrine DriverException (in addition to the existing AuthenticationException) and only silent the reported error codes? Commits ------- 42311d5 [Security][Http][SwitchUserListener] Ignore all non existent username protection errors
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Symfony version(s) affected: 5.0.5
Description
Impersonalisation not working if we use Uuid for username in Postgresql database
How to reproduce
use uuid type instead string in postgresql database for username
Possible Solution
generate à uuid string instead of pure random string line 152 of SwitchUserListener.php
Additional context
the error is SQLSTATE[22P02]: Invalid text representation
The text was updated successfully, but these errors were encountered: