Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 8cfe338

Browse filesBrowse files
SeldaekSeldaek
committed
[Security] Return default value instead of deferring to lower prio resolvers when using #[CurrentUser] and no user is found
1 parent 6bd4770 commit 8cfe338
Copy full SHA for 8cfe338

File tree

Expand file treeCollapse file tree

2 files changed

+8
-12
lines changed
Filter options
Expand file treeCollapse file tree

2 files changed

+8
-12
lines changed

‎src/Symfony/Component/Security/Http/Controller/UserValueResolver.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Controller/UserValueResolver.php
+3-7Lines changed: 3 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -47,11 +47,6 @@ public function supports(Request $request, ArgumentMetadata $argument): bool
4747
return false;
4848
}
4949

50-
// if no user is present but a default value exists we delegate to DefaultValueResolver
51-
if ($argument->hasDefaultValue() && null === $this->tokenStorage->getToken()?->getUser()) {
52-
return false;
53-
}
54-
5550
return true;
5651
}
5752

@@ -64,9 +59,10 @@ public function resolve(Request $request, ArgumentMetadata $argument): array
6459
}
6560
$user = $this->tokenStorage->getToken()?->getUser();
6661

67-
// if no user is present but a default value exists we delegate to DefaultValueResolver
62+
// if no user is present but a default value exists we use it to prevent the EntityValueResolver or others
63+
// from attempting resolution of the User as the current logged in user was requested here
6864
if ($argument->hasDefaultValue() && null === $user) {
69-
return [];
65+
return [$argument->getDefaultValue()];
7066
}
7167

7268
if (null === $user) {

‎src/Symfony/Component/Security/Http/Tests/Controller/UserValueResolverTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Tests/Controller/UserValueResolverTest.php
+5-5Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@
2828
class UserValueResolverTest extends TestCase
2929
{
3030
/**
31-
* In Symfony 7, keep this test case but remove the call to supports()
31+
* In Symfony 7, keep this test case but remove the call to supports().
3232
*
3333
* @group legacy
3434
*/
@@ -43,18 +43,18 @@ public function testSupportsFailsWithNoType()
4343
}
4444

4545
/**
46-
* In Symfony 7, keep this test case but remove the call to supports()
46+
* In Symfony 7, keep this test case but remove the call to supports().
4747
*
4848
* @group legacy
4949
*/
5050
public function testSupportsFailsWhenDefaultValAndNoUser()
5151
{
5252
$tokenStorage = new TokenStorage();
5353
$resolver = new UserValueResolver($tokenStorage);
54-
$metadata = new ArgumentMetadata('foo', UserInterface::class, false, true, new InMemoryUser('username', 'password'));
54+
$metadata = new ArgumentMetadata('foo', UserInterface::class, false, true, $default = new InMemoryUser('username', 'password'));
5555

56-
$this->assertSame([], $resolver->resolve(Request::create('/'), $metadata));
57-
$this->assertFalse($resolver->supports(Request::create('/'), $metadata));
56+
$this->assertSame([$default], $resolver->resolve(Request::create('/'), $metadata));
57+
$this->assertTrue($resolver->supports(Request::create('/'), $metadata));
5858
}
5959

6060
public function testResolveSucceedsWithUserInterface()

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.