Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 2e46c63

Browse filesBrowse files
fabpotfabpot
committed
bug #35944 [Security/Core] Fix wrong roles comparison (thlbaut)
This PR was merged into the 4.4 branch. Discussion ---------- [Security/Core] Fix wrong roles comparison | Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #35941 | License | MIT Fix wrong roles comparison. Commits ------- 7d2ad4b Fix wrong roles comparison
2 parents 47180fe + 7d2ad4b commit 2e46c63
Copy full SHA for 2e46c63

File tree

2 files changed

+3
-6
lines changed
Filter options

2 files changed

+3
-6
lines changed

‎src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
+2-5Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -317,13 +317,10 @@ private function hasUserChanged(UserInterface $user): bool
317317
return true;
318318
}
319319

320+
$currentUserRoles = array_map('strval', (array) $this->user->getRoles());
320321
$userRoles = array_map('strval', (array) $user->getRoles());
321322

322-
if ($this instanceof SwitchUserToken) {
323-
$userRoles[] = 'ROLE_PREVIOUS_ADMIN';
324-
}
325-
326-
if (\count($userRoles) !== \count($this->getRoleNames()) || \count($userRoles) !== \count(array_intersect($userRoles, $this->getRoleNames()))) {
323+
if (\count($userRoles) !== \count($currentUserRoles) || \count($userRoles) !== \count(array_intersect($userRoles, $currentUserRoles))) {
327324
return true;
328325
}
329326

‎src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -238,7 +238,7 @@ public function getUserChangesAdvancedUser()
238238
*/
239239
public function testSetUserDoesNotSetAuthenticatedToFalseWhenUserDoesNotChange($user)
240240
{
241-
$token = new ConcreteToken();
241+
$token = new ConcreteToken(['ROLE_FOO']);
242242
$token->setAuthenticated(true);
243243
$this->assertTrue($token->isAuthenticated());
244244

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.