8000 bug #28100 [Security] Call AccessListener after LogoutListener (chalasr) · symfony/symfony@ea0b508 · GitHub
[go: up one dir, main page]
Skip to content

Commit ea0b508

Browse files
author
Robin Chalas
committed
bug #28100 [Security] Call AccessListener after LogoutListener (chalasr)
This PR was merged into the 2.8 branch. Discussion ---------- [Security] Call AccessListener after LogoutListener | Q | A | ------------- | --- | Branch? | 2.8 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #28058 | License | MIT | Doc PR | n/a Commits ------- 44dbea6 [Security] Call AccessListener after LogoutListener
2 parents 30b24d2 + 44dbea6 commit ea0b508

File tree

7 files changed

+74
-2
lines changed

7 files changed

+74
-2
lines changed

src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,4 +49,14 @@ public function testCsrfTokensAreClearedOnLogout()
4949

5050
$this->assertFalse($client->getContainer()->get('security.csrf.token_storage')->hasToken('foo'));
5151
}
52+
53+
public function testAccessControlDoesNotApplyOnLogout()
54+
{
55+
$client = $this->createClient(array('test_case' => 'LogoutAccess', 'root_config' => 'config.yml'));
56+
57+
$client->request('POST', '/login', array('_username' => 'johannes', '_password' => 'test'));
58+
$client->request('GET', '/logout');
59+
60+
$this->assertRedirect($client->getResponse(), '/');
61+
}
5262
}

src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutAccess/bundles.php

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
<?php
2+
3+
/*
4+
* This file is part of the Symfony package.
5+
*
6+
* (c) Fabien Potencier <fabien@symfony.com>
7+
*
8+
* For the full copyright and license information, please view the LICENSE
9+
* file that was distributed with this source code.
10+
*/
11+
12+
use Symfony\Bundle\FrameworkBundle\FrameworkBundle;
13+
use Symfony\Bundle\SecurityBundle\SecurityBundle;
14+
15+
return array(
16+
new FrameworkBundle(),
17+
new SecurityBundle(),
18+
);

src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutAccess/config.yml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
imports:
2+
- { resource: ./../config/framework.yml }
3+
4+
security:
5+
encoders:
6+
Symfony\Component\Security\Core\User\User: plaintext
7+
8+
providers:
9+
in_memory:
10+
memory:
11+
users:
12+
johannes: { password: test, roles: [ROLE_USER] }
13+
14+
firewalls:
15+
default:
16+
form_login:
17+
check_path: login
18+
remember_me: true
19+
require_previous_session: false
20+
logout: ~
21+
anonymous: ~
22+
stateless: true
23+
24+
access_control:
25+
- { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
26+
- { path: .*, roles: IS_AUTHENTICATED_FULLY }

src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutAccess/routing.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
login:
2+
path: /login
3+
4+
logout:
5+
path: /logout

src/Symfony/Bundle/SecurityBundle/composer.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
"require": {
1919
"php": ">=5.3.9",
2020
"ext-xml": "*",
21-
"symfony/security": "^2.8.42|^3.4.12",
21+
"symfony/security": "^2.8.45|^3.4.15",
2222
"symfony/security-acl": "~2.7|~3.0.0",
2323
"symfony/http-kernel": "~2.7|~3.0.0",
2424
"symfony/polyfill-php70": "~1.0"

src/Symfony/Component/Security/Http/Firewall.php

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616
use Symfony\Component\HttpKernel\Event\FinishRequestEvent;
1717
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
1818
use Symfony\Component\HttpKernel\KernelEvents;
19+
use Symfony\Component\Security\Http\Firewall\AccessListener;
1920

2021
/**
2122
* Firewall uses a FirewallMap to register security listeners for the given
@@ -58,8 +59,16 @@ public function onKernelRequest(GetResponseEvent $event)
5859
$exceptionListener->register($this->dispatcher);
5960
}
6061

62+
$accessListener = null;
63+
6164
// initiate the listener chain
6265
foreach ($authenticationListeners as $listener) {
66+
if ($listener instanceof AccessListener) {
67+
$accessListener = $listener;
68+
69+
continue;
70+
}
71+
6372
$listener->handle($event);
6473

6574
if ($event->hasResponse()) {
@@ -70,6 +79,10 @@ public function onKernelRequest(GetResponseEvent $event)
7079
if (null !== $logoutListener) {
7180
$logoutListener->handle($event);
7281
}
82+
83+
if (!$event->hasResponse() && null !== $accessListener) {
84+
$accessListener->handle($event);
85+
}
7386
}
7487

7588
public function onKernelFinishRequest(FinishRequestEvent $event)

src/Symfony/Component/Security/Http/Tests/FirewallTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,7 @@ public function testOnKernelRequestStopsWhenThereIsAResponse()
7979
->getMock()
8080
;
8181
$event
82-
->expects($this->once())
82+
->expects($this->at(0))
8383
->method('hasResponse')
8484
->will($this->returnValue(true))
8585
;

0 commit comments

Comments
 (0)
0