Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 69a588f

Browse filesBrowse files
ekoeko
committed
[Security] Fixed roles serialization on token from user object
1 parent bcb1d8f commit 69a588f
Copy full SHA for 69a588f

File tree

6 files changed

+139
-1
lines changed
Filter options

6 files changed

+139
-1
lines changed

‎src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ public function __construct(array $roles = array())
4646
throw new \InvalidArgumentException(sprintf('$roles must be an array of strings, or RoleInterface instances, but got %s.', gettype($role)));
4747
}
4848

49-
$this->roles[] = $role;
49+
$this->roles[] = clone $role;
5050
}
5151
}
5252

‎src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php
+14Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@
1414
use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
1515
use Symfony\Component\Security\Core\Role\Role;
1616
use Symfony\Component\Security\Core\Role\SwitchUserRole;
17+
use Symfony\Component\Security\Core\User\User;
1718

1819
class TestUser
1920
{
@@ -96,6 +97,19 @@ public function testSerialize()
9697
$this->assertEquals($token->getAttributes(), $uToken->getAttributes());
9798
}
9899

100+
public function testSerializeWithRoleObjects()
101+
{
102+
$user = new User('name', 'password', array(new Role('ROLE_FOO')));
103+
$token = new ConcreteToken($user, $user->getRoles());
104+
105+
$serialized = serialize($token);
106+
$unserialized = unserialize($serialized);
107+
108+
$roles = $unserialized->getRoles();
109+
110+
$this->assertEquals($roles, $user->getRoles());
111+
}
112+
99113
public function testSerializeParent()
100114
{
101115
$user = new TestUser('fabien');

‎src/Symfony/Component/Security/Core/Tests/Authentication/Token/AnonymousTokenTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Authentication/Token/AnonymousTokenTest.php
+31Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313

1414
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
1515
use Symfony\Component\Security\Core\Role\Role;
16+
use Symfony\Component\Security\Core\User\User;
1617

1718
class AnonymousTokenTest extends \PHPUnit_Framework_TestCase
1819
{
@@ -42,4 +43,34 @@ public function testGetUser()
4243
$token = new AnonymousToken('foo', 'bar');
4344
$this->assertEquals('bar', $token->getUser());
4445
}
46+
47+
public function testSerialize()
48+
{
49+
$user = new User('name', 'password', array('ROLE_FOO'));
50+
$token = new AnonymousToken('secret', $user, $user->getRoles());
51+
52+
$serialized = serialize($token);
53+
$unserialized = unserialize($serialized);
54+
55+
$roles = $unserialized->getRoles();
56+
57+
$this->assertCount(1, $roles);
58+
59+
$role = $roles[0];
60+
$this->assertInstanceOf('Symfony\Component\Security\Core\Role\RoleInterface', $role);
61+
$this->assertEquals('ROLE_FOO', $role->getRole());
62+
}
63+
64+
public function testSerializeWithRoleObjects()
65+
{
66+
$user = new User('name', 'password', array(new Role('ROLE_FOO')));
67+
$token = new AnonymousToken('secret', $user, $user->getRoles());
68+
69+
$serialized = serialize($token);
70+
$unserialized = unserialize($serialized);
71+
72+
$roles = $unserialized->getRoles();
73+
74+
$this->assertEquals($user->getRoles(), $roles);
75+
}
4576
}

‎src/Symfony/Component/Security/Core/Tests/Authentication/Token/PreAuthenticatedTokenTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Authentication/Token/PreAuthenticatedTokenTest.php
+31Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313

1414
use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken;
1515
use Symfony\Component\Security\Core\Role\Role;
16+
use Symfony\Component\Security\Core\User\User;
1617

1718
class PreAuthenticatedTokenTest extends \PHPUnit_Framework_TestCase
1819
{
@@ -45,4 +46,34 @@ public function testEraseCredentials()
4546
$token->eraseCredentials();
4647
$this->assertEquals('', $token->getCredentials());
4748
}
49+
50+
public function testSerialize()
51+
{
52+
$user = new User('name', 'password', array('ROLE_FOO'));
53+
$token = new PreAuthenticatedToken($user, 'password', 'providerKey', $user->getRoles());
54+
55+
$serialized = serialize($token);
56+
$unserialized = unserialize($serialized);
57+
58+
$roles = $unserialized->getRoles();
59+
60+
$this->assertCount(1, $roles);
61+
62+
$role = $roles[0];
63+
$this->assertInstanceOf('Symfony\Component\Security\Core\Role\RoleInterface', $role);
64+
$this->assertEquals('ROLE_FOO', $role->getRole());
65+
}
66+
67+
public function testSerializeWithRoleObjects()
68+
{
69+
$user = new User('name', 'password', array(new Role('ROLE_FOO')));
70+
$token = new PreAuthenticatedToken($user, 'password', 'providerKey', $user->getRoles());
71+
72+
$serialized = serialize($token);
73+
$unserialized = unserialize($serialized);
74+
75+
$roles = $unserialized->getRoles();
76+
77+
$this->assertEquals($user->getRoles(), $roles);
78+
}
4879
}

‎src/Symfony/Component/Security/Core/Tests/Authentication/Token/RememberMeTokenTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Authentication/Token/RememberMeTokenTest.php
+31Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313

1414
use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
1515
use Symfony\Component\Security\Core\Role\Role;
16+
use Symfony\Component\Security\Core\User\User;
1617

1718
class RememberMeTokenTest extends \PHPUnit_Framework_TestCase
1819
{
@@ -52,6 +53,36 @@ public function testConstructorKeyCannotBeEmptyString()
5253
);
5354
}
5455

56+
public function testSerialize()
57+
{
58+
$user = new User('name', 'password', array('ROLE_FOO'));
59+
$token = new RememberMeToken($user, 'password', 'providerKey');
60+
61+
$serialized = serialize($token);
62+
$unserialized = unserialize($serialized);
63+
64+
$roles = $unserialized->getRoles();
65+
66+
$this->assertCount(1, $roles);
67+
68+
$role = $roles[0];
69+
$this->assertInstanceOf('Symfony\Component\Security\Core\Role\RoleInterface', $role);
70+
$this->assertEquals('ROLE_FOO', $role->getRole());
71+
}
72+
73+
public function testSerializeWithRoleObjects()
74+
{
75+
$user = new User('name', 'password', array(new Role('ROLE_FOO')));
76+
$token = new RememberMeToken($user, 'password', 'providerKey');
77+
78+
$serialized = serialize($token);
79+
$unserialized = unserialize($serialized);
80+
81+
$roles = $unserialized->getRoles();
82+
83+
$this->assertEquals($user->getRoles(), $roles);
84+
}
85+
5586
protected function getUser($roles = array('ROLE_FOO'))
5687
{
5788
$user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');

‎src/Symfony/Component/Security/Core/Tests/Authentication/Token/UsernamePasswordTokenTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Authentication/Token/UsernamePasswordTokenTest.php
+31Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313

1414
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
1515
use Symfony\Component\Security\Core\Role\Role;
16+
use Symfony\Component\Security\Core\User\User;
1617

1718
class UsernamePasswordTokenTest extends \PHPUnit_Framework_TestCase
1819
{
@@ -50,6 +51,36 @@ public function testEraseCredentials()
5051
$this->assertEquals('', $token->getCredentials());
5152
}
5253

54+
public function testSerialize()
55+
{
56+
$user = new User('name', 'password', array('ROLE_FOO'));
57+
$token = new UsernamePasswordToken($user, 'password', 'providerKey', $user->getRoles());
58+
59+
$serialized = serialize($token);
60+
$unserialized = unserialize($serialized);
61+
62+
$roles = $unserialized->getRoles();
63+
64+
$this->assertCount(1, $roles);
65+
66+
$role = $roles[0];
67+
$this->assertInstanceOf('Symfony\Component\Security\Core\Role\RoleInterface', $role);
68+
$this->assertEquals('ROLE_FOO', $role->getRole());
69+
}
70+
71+
public function testSerializeWithRoleObjects()
72+
{
73+
$user = new User('name', 'password', array(new Role('ROLE_FOO')));
74+
$token = new UsernamePasswordToken($user, 'password', 'providerKey', $user->getRoles());
75+
76+
$serialized = serialize($token);
77+
$unserialized = unserialize($serialized);
78+
79+
$roles = $unserialized->getRoles();
80+
81+
$this->assertEquals($user->getRoles(), $roles);
82+
}
83+
5384
public function testToString()
5485
{
5586
$token = new UsernamePasswordToken('foo', '', 'foo', array('A', 'B'));

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.