8000 [Security] Do not overwrite already stored tokens for REMOTE_USER aut… · symfony/symfony@ce1ee74 · GitHub
[go: up one dir, main page]
Skip to content

Commit ce1ee74

Browse files
stlrnznicolas-grekas
stlrnz
authored and
nicolas-grekas
committed
[Security] Do not overwrite already stored tokens for REMOTE_USER authentication
1 parent 07a891f commit ce1ee74

File tree

2 files changed

+23
-0
lines changed

2 files changed

+23
-0
lines changed

src/Symfony/Component/Security/Http/Authenticator/AbstractPreAuthenticatedAuthenticator.php

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,17 @@ public function supports(Request $request): ?bool
7979
return false;
8080
}
8181

82+
// do not overwrite already stored tokens from the same user (i.e. from the session)
83+
$token = $this->tokenStorage->getToken();
84+
85+
if ($token instanceof PreAuthenticatedToken && $this->firewallName === $token->getFirewallName() && $token->getUserIdentifier() === $username) {
86+
if (null !== $this->logger) {
87+
$this->logger->debug('Skipping pre-authenticated authenticator as the user already has an existing session.', ['authenticator' => static::class]);
88+
}
89+
90+
return false;
91+
}
92+
8293
$request->attributes->set('_pre_authenticated_username', $username);
8394

8495
return true;

src/Symfony/Component/Security/Http/Tests/Authenticator/RemoteUserAuthenticatorTest.php

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313

1414
use PHPUnit\Framework\TestCase;
1515
use Symfony\Component\HttpFoundation\Request;
16+
use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken;
1617
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
1718
use Symfony\Component\Security\Core\User\InMemoryUser;
1819
use Symfony\Component\Security\Core\User\InMemoryUserProvider;
@@ -37,6 +38,17 @@ public function testSupportNoUser()
3738
$this->assertFalse($authenticator->supports($this->createRequest([])));
3839
}
3940

41+
public function testSupportTokenStorageWithToken()
42+
{
43+
$tokenStorage = new TokenStorage();
44+
$tokenStorage->setToken(new PreAuthenticatedToken('username', 'credentials', 'main'));
45+
46+
$authenticator = new RemoteUserAuthenticator(new InMemoryUserProvider(), $tokenStorage, 'main');
47+
48+
$this->assertFalse($authenticator->supports($this->createRequest(['REMOTE_USER' => 'username'])));
49+
$this->assertTrue($authenticator->supports($this->createRequest(['REMOTE_USER' => 'another_username'])));
50+
}
51+
4052
/**
4153
* @dataProvider provideAuthenticators
4254
*/

0 commit comments

Comments
 (0)
0