bug #22732 [Security] fix switch user _exit without having current token (dmaicher)

fabpot · fabpot · commit 6e75cee83e2b · 2017-06-19T11:57:05.000-07:00
This PR was merged into the 2.7 branch. Discussion ---------- [Security] fix switch user _exit without having current token | Q | A | ------------- | --- | Branch? | 2.7 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #22729 | License | MIT | Doc PR | - Attempting to `_exit` from a switched user caused an error when not having any token in the storage (for example happens when not logged in + disallowing anonymous users on that firewall): `[1] Symfony\Component\Debug\Exception\FatalThrowableError: Type error: Argument 1 passed to Symfony\Component\Security\Http\Firewall\SwitchUserListener::getOriginalToken() must be an instance of Symfony\Component\Security\Core\Authentication\Token\TokenInterface, null given, called in symfony/symfony/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php on line 164` Commits ------- 16da686 [Security] fix switch user _exit without having current token
diff --git a/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php b/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php
@@ -158,7 +158,7 @@ private function attemptSwitchUser(Request $request)
      */
     private function attemptExitUser(Request $request)
     {
-        if (false === $original = $this->getOriginalToken($this->tokenStorage->getToken())) {
+        if (null === ($currentToken = $this->tokenStorage->getToken()) || false === $original = $this->getOriginalToken($currentToken)) {
             throw new AuthenticationCredentialsNotFoundException('Could not find original Token object.');
         }
 
diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php
@@ -65,6 +65,17 @@ public function testEventIsIgnoredIfUsernameIsNotPassedWithTheRequest()
         $this->assertNull($this->tokenStorage->getToken());
     }
 
+    /**
+     * @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException
+     */
+    public function testExitUserThrowsAuthenticationExceptionIfNoCurrentToken()
+    {
+        $this->tokenStorage->setToken(null);
+        $this->request->query->set('_switch_user', '_exit');
+        $listener = new SwitchUserListener($this->tokenStorage, $this->userProvider, $this->userChecker, 'provider123', $this->accessDecisionManager);
+        $listener->handle($this->event);
+    }
+
     /**
      * @expectedException \Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException
      */

Original file line number	Diff line number	Diff line change
`@@ -158,7 +158,7 @@ private function attemptSwitchUser(Request $request)`
`158`	`158`	`*/`
`159`	`159`	`private function attemptExitUser(Request $request)`
`160`	`160`	`{`
`161`		`- if (false === $original = $this->getOriginalToken($this->tokenStorage->getToken())) {`
	`161`	`+ if (null === ($currentToken = $this->tokenStorage->getToken()) \|\| false === $original = $this->getOriginalToken($currentToken)) {`
`162`	`162`	`throw new AuthenticationCredentialsNotFoundException('Could not find original Token object.');`
`163`	`163`	`}`
`164`	`164`