8000 bug #19778 [Security] Fixed roles serialization on token from user ob… · symfony/symfony@a6b20d1 · GitHub
[go: up one dir, main page]
Skip to content

Commit a6b20d1

Browse files
fabpotfabpot
committed
bug #19778 [Security] Fixed roles serialization on token from user object (eko)
This PR was merged into the 2.7 branch. Discussion ---------- [Security] Fixed roles serialization on token from user object | Q | A | | --- | --- | | Branch? | 2.7 | | Bug fix? | yes | | New feature? | no | | BC breaks? | no | | Deprecations? | no | | Tests pass? | yes | | Fixed tickets | #14274 | | License | MIT | | Doc PR | - | This PR fixes the serialization of tokens when using `Role` objects provided from the user. Indeed, there were actually a reference issue that can causes fatal errors like the following one: ``` FatalErrorException in RoleHierarchy.php line 43: Error: Call to a member function getRole() on string ``` Here is a small code example to reproduce and its output: ``` php $user = new Symfony\Component\Security\Core\User\User('name', 'password', [ new Symfony\Component\Security\Core\Role\Role('name') ]); $token = new Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken($user, 'password', 'providerKey', $user->getRoles()); $serialized = serialize($token); $unserialized = unserialize($serialized); var_dump($unserialized->getRoles()); ``` Before: ``` array(1) { [0]=> bool(true) } ``` After: ``` array(1) { [0]=> object(Symfony\Component\Security\Core\Role\Role)#15 (1) {["role":"Symfony\Component\Security\Core\Role\Role":private]=> string(4) "name" } } ``` Thank you Commits ------- dfa7f50 [Security] Fixed roles serialization on token from user object
2 parents 3aa7658 + dfa7f50 commit a6b20d1

File tree

3 files changed

+17
-3
lines changed

3 files changed

+17
-3
lines changed

src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -150,7 +150,7 @@ public function serialize()
150150
array(
151151
is_object($this->user) ? clone $this->user : $this->user,
152152
$this->authenticated,
153-
$this->roles,
153+
array_map(function ($role) { return clone $role; }, $this->roles),
154154
$this->attributes,
155155
)
156156
);

src/Symfony/Component/Security/Core/Tests/Authentication/Provider/UserAuthenticationProviderTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -221,7 +221,7 @@ public function testAuthenticateWithPreservingRoleSwitchUserRole()
221221
$this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', $authToken);
222222
$this->assertSame($user, $authToken->getUser());
223223
$this->assertContains(new Role('ROLE_FOO'), $authToken->getRoles(), '', false, false);
224-
$this->assertContains($switchUserRole, $authToken->getRoles());
224+
$this->assertContains($switchUserRole, $authToken->getRoles(), '', false, false);
225225
$this->assertEquals('foo', $authToken->getCredentials());
226226
$this->assertEquals(array('foo' => 'bar'), $authToken->getAttributes(), '->authenticate() copies token attributes');
227227
}

src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
1616
use Symfony\Component\Security\Core\Role\Role;
1717
use Symfony\Component\Security\Core\Role\SwitchUserRole;
18+
use Symfony\Component\Security\Core\User\User;
1819

1920
class TestUser
2021
{
@@ -89,7 +90,7 @@ public function testEraseCredentials()
8990

9091
public function testSerialize()
9192
{
92-
$token = $this->getToken(array('ROLE_FOO'));
93+
$token = $this->getToken(array('ROLE_FOO', new Role('ROLE_BAR')));
9394
$token->setAttributes(array('foo' => 'bar'));
9495

9596
$uToken = unserialize(serialize($token));
@@ -98,6 +99,19 @@ public function testSerialize()
9899
$this->assertEquals($token->getAttributes(), $uToken->getAttributes());
99100
}
100101

102+
public function testSerializeWithRoleObjects()
103+
{
104+
$user = new User('name', 'password', array(new Role('ROLE_FOO'), new Role('ROLE_BAR')));
105+
$token = new ConcreteToken($user, $user->getRoles());
106+
107+
$serialized = serialize($token);
108+
$unserialized = unserialize($serialized);
109+
110+
$roles = $unserialized->getRoles();
111+
112+
$this->assertEquals($roles, $user->getRoles());
113+
}
114+
101115
public function testSerializeParent()
102116
{
103117
$user = new TestUser('fabien');

0 commit comments

Comments
 (0)
0