Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

[Security] Refresh original user in SwitchUserListener #39992

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 12, 2021
Merged

[Security] Refresh original user in SwitchUserListener #39992

merged 1 commit into from
Mar 12, 2021

Conversation

AndrolGenhald
Copy link
Contributor

Fixes #39991

Q A
Branch? 4.4
Bug fix? yes
New feature? no
Deprecations? no
Tickets Fix #39991
License MIT
Doc PR NA

Fix SwitchUserListener to update original token with refreshed user. This prevents a non-refreshed user from causing problems elsewhere, such as in Voters.

@carsonbot carsonbot added this to the 4.4 milestone Jan 27, 2021
@carsonbot
Copy link

Hey!

I see that this is your first PR. That is great! Welcome!

Symfony has a contribution guide which I suggest you to read.

In short:

  • Always add tests
  • Keep backward compatibility (see https://symfony.com/bc).
  • Bug fixes must be submitted against the lowest maintained branch where they apply (see https://symfony.com/releases)
  • Features and deprecations must be submitted against the 5.x branch.

Review the GitHub status checks of your pull request and try to solve the reported issues. If some tests are failing, try to see if they are failing because of this change.

When two Symfony core team members approve this change, it will be merged and you will become an official Symfony contributor!
If this PR is merged in a lower version branch, it will be merged up to all maintained branches within a few days.

I am going to sit back now and wait for the reviews.

Cheers!

Carsonbot

@nicolas-grekas nicolas-grekas changed the title Refresh original user in SwitchUserListener. [Security/Http] Refresh original user in SwitchUserListener Jan 27, 2021
@carsonbot carsonbot changed the title [Security/Http] Refresh original user in SwitchUserListener [Security] [Security/Http] Refresh original user in SwitchUserListener Mar 8, 2021
@derrabus derrabus changed the title [Security] [Security/Http] Refresh original user in SwitchUserListener [Security] Refresh original user in SwitchUserListener Mar 8, 2021
@chalasr
Copy link
Member

chalasr commented Mar 10, 2021

@AndrolGenhald Could you address the remaining review comment so that we can move this PR forward?

@AndrolGenhald AndrolGenhald force-pushed the bugfix/switch_user_listener_refresh_user branch from 2a55611 to 008a448 Compare March 12, 2021 00:34
@AndrolGenhald AndrolGenhald force-pushed the bugfix/switch_user_listener_refresh_user branch from 008a448 to 4245345 Compare March 12, 2021 01:21
@fabpot
Copy link
Member

fabpot commented Mar 12, 2021

Thank you @AndrolGenhald.

@fabpot fabpot merged commit 2bfc641 into symfony:4.4 Mar 12, 2021
This was referenced Mar 29, 2021
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maxhelias maxhelias maxhelias left review comments

@fabpot fabpot fabpot approved these changes

@OskarStark OskarStark OskarStark approved these changes

@derrabus derrabus derrabus approved these changes

@chalasr chalasr Awaiting requested review from chalasr chalasr is a code owner

@wouterj wouterj Awaiting requested review from wouterj wouterj is a code owner

Assignees
No one assigned
Labels
Bug Security Status: Reviewed
Projects
None yet
Milestone
4.4
Development

Successfully merging this pull request may close these issues.
7 participants
@AndrolGenhald @carsonbot @chalasr @fabpot @OskarStark @derrabus @maxhelias
Morty Proxy This is a proxified and sanitized view of the page, visit original site.