Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 008a448

Browse filesBrowse files
AndrolGenhaldAndrolGenhald
committed
Refresh original user in SwitchUserListener.
Fixes #39991
1 parent bbf786c commit 008a448
Copy full SHA for 008a448

File tree

Expand file treeCollapse file tree

2 files changed

+31
-0
lines changed
Filter options
Expand file treeCollapse file tree

2 files changed

+31
-0
lines changed

‎src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -217,6 +217,7 @@ private function attemptExitUser(Request $request): TokenInterface
217217

218218
if (null !== $this->dispatcher && $original->getUser() instanceof UserInterface) {
219219
$user = $this->provider->refreshUser($original->getUser());
220+
$original->setUser($user);
220221
$switchEvent = new SwitchUserEvent($request, $user, $original);
221222
$this->dispatcher->dispatch($switchEvent, SecurityEvents::SWITCH_USER);
222223
$original = $switchEvent->getToken();

‎src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php
+30Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -413,4 +413,34 @@ public function testSwitchUserStateless()
413413
$this->assertInstanceOf(UsernamePasswordToken::class, $this->tokenStorage->getToken());
414414
$this->assertFalse($this->event->hasResponse());
415415
}
416+
417+
public function testSwitchUserRefreshesOriginalToken()
418+
{
419+
$originalUser = $this->getMockBuilder(\Symfony\Component\Security\Core\User\UserInterface::class)->getMock();
420+
$refreshedOriginalUser = $this->getMockBuilder(\Symfony\Component\Security\Core\User\UserInterface::class)->getMock();
421+
$this
422+
->userProvider
423+
->expects($this->any())
424+
->method('refreshUser')
425+
->with($originalUser)
426+
->willReturn($refreshedOriginalUser);
427+
$originalToken = new UsernamePasswordToken($originalUser, '', 'key');
428+
$this->tokenStorage->setToken(new SwitchUserToken('username', '', 'key', ['ROLE_USER'], $originalToken));
429+
$this->request->query->set('_switch_user', SwitchUserListener::EXIT_VALUE);
430+
431+
$dispatcher = $this->getMockBuilder(EventDispatcherInterface::class)->getMock();
432+
$dispatcher
433+
->expects($this->once())
434+
->method('dispatch')
435+
->with(
436+
$this->callback(function (SwitchUserEvent $event) use ($refreshedOriginalUser) {
437+
return $event->getToken()->getUser() === $refreshedOriginalUser;
438+
}),
439+
SecurityEvents::SWITCH_USER
440+
)
441+
;
442+
443+
$listener = new SwitchUserListener($this->tokenStorage, $this->userProvider, $this->userChecker, 'provider123', $this->accessDecisionManager, null, '_switch_user', 'ROLE_ALLOWED_TO_SWITCH', $dispatcher);
444+
$listener($this->event);
445+
}
416446
}

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.