Skip to content

Commit 3109317

Browse files
nicolas-grekasnicolas-grekas
committed
Merge branch '4.4' into 5.0
* 4.4: [Security] Fixed AbstractToken::hasUserChanged() [DI] fix typo
2 parents afe9bbf + 16ab88e commit 3109317

File tree

2 files changed

+71
-3
lines changed

2 files changed

+71
-3
lines changed

Authentication/Token/AbstractToken.php

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -270,10 +270,13 @@ private function hasUserChanged(UserInterface $user): bool
270270
return true;
271271
}
272272

273-
$currentUserRoles = array_map('strval', (array) $this->user->getRoles());
274273
$userRoles = array_map('strval', (array) $user->getRoles());
275274

276-
if (\count($userRoles) !== \count($currentUserRoles) || \count($userRoles) !== \count(array_intersect($userRoles, $currentUserRoles))) {
275+
if ($this instanceof SwitchUserToken) {
276+
$userRoles[] = 'ROLE_PREVIOUS_ADMIN';
277+
}
278+
279+
if (\count($userRoles) !== \count($this->getRoleNames()) || \count($userRoles) !== \count(array_intersect($userRoles, $this->getRoleNames()))) {
277280
return true;
278281
}
279282

Tests/Authentication/Token/AbstractTokenTest.php

Lines changed: 66 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -152,13 +152,28 @@ public function getUserChanges()
152152
*/
153153
public function testSetUserDoesNotSetAuthenticatedToFalseWhenUserDoesNotChange($user)
154154
{
155-
$token = new ConcreteToken(['ROLE_FOO']);
155+
$token = new ConcreteToken();
156+
$token->setAuthenticated(true);
157+
$this->assertTrue($token->isAuthenticated());
158+
159+
$token->setUser($user);
160+
$this->assertTrue($token->isAuthenticated());
161+
162+
$token->setUser($user);
163+
$this->assertTrue($token->isAuthenticated());
164+
}
165+
166+
public function testIsUserChangedWhenSerializing()
167+
{
168+
$token = new ConcreteToken(['ROLE_ADMIN']);
156169
$token->setAuthenticated(true);
157170
$this->assertTrue($token->isAuthenticated());
158171

172+
$user = new SerializableUser('wouter', ['ROLE_ADMIN']);
159173
$token->setUser($user);
160174
$this->assertTrue($token->isAuthenticated());
161175

176+
$token = unserialize(serialize($token));
162177
$token->setUser($user);
163178
$this->assertTrue($token->isAuthenticated());
164179
}
@@ -179,6 +194,56 @@ public function __toString(): string
179194
}
180195
}
181196

197+
class SerializableUser implements UserInterface, \Serializable
198+
{
199+
private $roles;
200+
private $name;
201+
202+
public function __construct($name, array $roles = [])
203+
{
204+
$this->name = $name;
205+
$this->roles = $roles;
206+
}
207+
208+
public function getUsername()
209+
{
210+
return $this->name;
211+
}
212+
213+
public function getPassword()
214+
{
215+
return '***';
216+
}
217+
218+
public function getRoles()
219+
{
220+
if (empty($this->roles)) {
221+
return ['ROLE_USER'];
222+
}
223+
224+
return $this->roles;
225+
}
226+
227+
public function eraseCredentials()
228+
{
229+
}
230+
231+
public function getSalt()
232+
{
233+
return null;
234+
}
235+
236+
public function serialize()
237+
{
238+
return serialize($this->name);
239+
}
240+
241+
public function unserialize($serialized)
242+
{
243+
$this->name = unserialize($serialized);
244+
}
245+
}
246+
182247
class ConcreteToken extends AbstractToken
183248
{
184249
private $credentials = 'credentials_value';

0 commit comments

Comments
 (0)