diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SwitchUserTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SwitchUserTest.php index d89c24f1233fb..97b0a559193c4 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SwitchUserTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SwitchUserTest.php @@ -54,7 +54,7 @@ public function testSwitchedUserExit() public function testSwitchUserStateless() { $client = $this->createClient(array('test_case' => 'JsonLogin', 'root_config' => 'switchuser_stateless.yml')); - $client->request('POST', '/chk', array('_switch_user' => 'dunglas'), array(), array('CONTENT_TYPE' => 'application/json'), '{"user": {"login": "user_can_switch", "password": "test"}}'); + $client->request('POST', '/chk', array(), array(), array('HTTP_X_SWITCH_USER' => 'dunglas', 'CONTENT_TYPE' => 'application/json'), '{"user": {"login": "user_can_switch", "password": "test"}}'); $response = $client->getResponse(); $this->assertInstanceOf(JsonResponse::class, $response); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/switchuser_stateless.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/switchuser_stateless.yml index 29789a4caa25f..b8c832032c6f0 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/switchuser_stateless.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/switchuser_stateless.yml @@ -10,4 +10,5 @@ security: firewalls: main: switch_user: + parameter: X-Switch-User stateless: true diff --git a/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php b/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php index d659ffc258db4..426727a738365 100644 --- a/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php @@ -79,16 +79,17 @@ public function __construct(TokenStorageInterface $tokenStorage, UserProviderInt public function handle(GetResponseEvent $event) { $request = $event->getRequest(); + $username = $request->get($this->usernameParameter) ?: $request->headers->get($this->usernameParameter); - if (!$request->get($this->usernameParameter)) { + if (!$username) { return; } - if (self::EXIT_VALUE === $request->get($this->usernameParameter)) { + if (self::EXIT_VALUE === $username) { $this->tokenStorage->setToken($this->attemptExitUser($request)); } else { try { - $this->tokenStorage->setToken($this->attemptSwitchUser($request)); + $this->tokenStorage->setToken($this->attemptSwitchUser($request, $username)); } catch (AuthenticationException $e) { throw new \LogicException(sprintf('Switch User failed: "%s"', $e->getMessage())); } @@ -106,20 +107,21 @@ public function handle(GetResponseEvent $event) /** * Attempts to switch to another user. * - * @param Request $request A Request instance + * @param Request $request A Request instance + * @param string $username * * @return TokenInterface|null The new TokenInterface if successfully switched, null otherwise * * @throws \LogicException * @throws AccessDeniedException */ - private function attemptSwitchUser(Request $request) + private function attemptSwitchUser(Request $request, $username) { $token = $this->tokenStorage->getToken(); $originalToken = $this->getOriginalToken($token); if (false !== $originalToken) { - if ($token->getUsername() === $request->get($this->usernameParameter)) { + if ($token->getUsername() === $username) { return $token; } @@ -133,8 +135,6 @@ private function attemptSwitchUser(Request $request) throw $exception; } - $username = $request->get($this->usernameParameter); - if (null !== $this->logger) { $this->logger->info('Attempting to switch to user.', array('username' => $username)); }