8000 Use auth trust resolver to determine anonymous in ContextListener · symfony/symfony@a695652 · GitHub
[go: up one dir, main page]
Skip to content
Sign in

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit a695652

Browse files
wouterjwouterjcommitted
Use auth trust resolver to determine anonymous in ContextListener
1 parent 83ebf97 commit a695652

File tree

3 files changed

+16
-4
lines changed

3 files changed

+16
-4
lines changed

src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,8 @@
4141
<argument type="collection" />
4242
<argument /> <!-- Provider Key -->
4343
<argument type="service" id="logger" on-invalid="null" />
44-
<argument type="service" id="event_dispatcher" on-invalid="null"/>
44+
<argument type="service" id="event_dispatcher" on-invalid="null" />
45+
<argument type="service" id="security.authentication.trust_resolver" />
4546
</service>
4647

4748
<service id="security.logout_listener" class="Symfony\Component\Security\Http\Firewall\LogoutListener" public="false" abstract="true">

src/Symfony/Component/Security/Http/Firewall/ContextListener.php

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,8 @@
1515
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
1616
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
1717
use Symfony\Component\HttpKernel\KernelEvents;
18-
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
18+
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver;
19+
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
1920
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
2021
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
2122
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
@@ -39,8 +40,9 @@ class ContextListener implements ListenerInterface
3940
private $userProviders;
4041
private $dispatcher;
4142
private $registered;
43+
private $trustResolver;
4244

43-
public function __construct(TokenStorageInterface $tokenStorage, array $userProviders, $contextKey, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
45+
public function __construct(TokenStorageInterface $tokenStorage, array $userProviders, $contextKey, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, AuthenticationTrustResolverInterface $trustResolver = null)
4446
{
4547
if (empty($contextKey)) {
4648
throw new \InvalidArgumentException('$contextKey must not be empty.');
@@ -58,6 +60,7 @@ public function __construct(TokenStorageInterface $tokenStorage, array $userProv
5860
$this->sessionKey = '_security_'.$contextKey;
5961
$this->logger = $logger;
6062
$this->dispatcher = $dispatcher;
63+
$this->trustResolver = $trustResolver ?: new AuthenticationTrustResolver('Symfony\Component\Security\Core\Authentication\Token\AnonymousToken', 'Symfony\Component\Security\Core\Authentication\Token\RememberMeToken');
6164
}
6265

6366
/**
@@ -121,7 +124,7 @@ public function onKernelResponse(FilterResponseEvent $event)
121124
$request = $event->getRequest();
122125
$session = $request->getSession();
123126

124-
if ((null === $token = $this->tokenStorage->getToken()) || ($token instanceof AnonymousToken)) {
127+
if ((null === $token = $this->tokenStorage->getToken()) || ($this->trustResolver->isAnonymous($token))) {
125128
if ($request->hasPreviousSession()) {
126129
$session->remove($this->sessionKey);
127130
}

src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
1919
use Symfony\Component\HttpKernel\HttpKernelInterface;
2020
use Symfony\Component\HttpKernel\KernelEvents;
21+
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
2122
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
2223
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
2324
use Symfony\Component\Security\Http\Firewall\ContextListener;
@@ -85,6 +86,13 @@ public function testOnKernelResponseWillRemoveSession()
8586
$this->assertFalse($session->has('_security_session'));
8687
}
8788

89+
public function testOnKernelResponseWillRemoveSessionOnAnonymousToken()
90+
{
91+
$session = $this->runSessionOnKernelResponse(new AnonymousToken('secret', 'anon.'), 'C:10:"serialized"');
92+
93+
$this->assertFalse($session->has('_security_session'));
94+
}
95+
8896
public function testOnKernelResponseWithoutSession()
8997
{
9098
$tokenStorage = new TokenStorage();

0 commit comments

Comments
 (0)
0