8000 bug #15137 [Security] Initialize SwitchUserEvent::targetUser on attem… · symfony/symfony@f28ee56 · GitHub
[go: up one dir, main page]
Skip to content

Commit f28ee56

Browse files
fabpotfabpot
committed
bug #15137 [Security] Initialize SwitchUserEvent::targetUser on attemptExitUser (Rvanlaak, xabbuh)
This PR was merged into the 2.3 branch. Discussion ---------- [Security] Initialize SwitchUserEvent::targetUser on attemptExitUser | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #14931 | License | MIT | Doc PR | Commits ------- f999217 trigger event with right user (add test) 01ee3f6 [Security] Initialize SwitchUserEvent::targetUser on attemptExitUser
2 parents 7e418fd + f999217 commit f28ee56

File tree

2 files changed

+54
-1
lines changed

2 files changed

+54
-1
lines changed

src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -163,7 +163,8 @@ private function attemptExitUser(Request $request)
163163
}
164164

165165
if (null !== $this->dispatcher) {
166-
$switchEvent = new SwitchUserEvent($request, $original->getUser());
166+
$user = $this->provider->refreshUser($original->getUser());
167+
$switchEvent = new SwitchUserEvent($request, $user);
167168
$this->dispatcher->dispatch(SecurityEvents::SWITCH_USER, $switchEvent);
168169
}
169170

src/Symfony/Component/Security/Tests/Http/Firewall/SwitchUserListenerTest.php

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,9 @@
1111

1212
namespace Symfony\Component\Security\Tests\Http\Firewall;
1313

14+
use Symfony\Component\Security\Http\Event\SwitchUserEvent;
1415
use Symfony\Component\Security\Http\Firewall\SwitchUserListener;
16+
use Symfony\Component\Security\Http\SecurityEvents;
1517

1618
class SwitchUserListenerTest extends \PHPUnit_Framework_TestCase
1719
{
@@ -97,6 +99,56 @@ public function testExitUserUpdatesToken()
9799
$listener->handle($this->event);
98100
}
99101

102+
public function testExitUserDispatchesEventWithRefreshedUser()
103+
{
104+
$originalUser = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
105+
$refreshedUser = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
106+
$this
107+
->userProvider
108+
->expects($this->any())
109+
->method('refreshUser')
110+
->with($originalUser)
111+
->willReturn($refreshedUser);
112+
$originalToken = $this->getToken();
113+
$originalToken
114+
->expects($this->any())
115+
->method('getUser')
116+
->willReturn($originalUser);
117+
$role = $this
118+
->getMockBuilder('Symfony\Component\Security\Core\Role\SwitchUserRole')
119+
->disableOriginalConstructor()
120+
->getMock();
121+
$role->expects($this->any())->method('getSource')->willReturn($originalToken);
122+
$this
123+
->securityContext
124+
->expects($this->any())
125+
->method('getToken')
126+
->willReturn($this->getToken(array($role)));
127+
$this
128+
->request
129+
->expects($this->any())
130+
->method('get')
131+
->with('_switch_user')
132+
->willReturn('_exit');
133+
$this
134+
->request
135+
->expects($this->any())
136+
->method('getUri')
137+
->willReturn('/');
138+
139+
$dispatcher = $this->getMock('Symfony\Component\EventDispatcher\EventDispatcherInterface');
140+
$dispatcher
141+
->expects($this->once())
142+
->method('dispatch')
143+
->with(SecurityEvents::SWITCH_USER, $this->callback(function (SwitchUserEvent $event) use ($refreshedUser) {
144+
return $event->getTargetUser() === $refreshedUser;
145+
}))
146+
;
147+
148+
$listener = new SwitchUserListener($this->securityContext, $this->userProvider, $this->userChecker, 'provider123', $this->accessDecisionManager, null, '_switch_user', 'ROLE_ALLOWED_TO_SWITCH', $dispatcher);
149+
$listener->handle($this->event);
150+
}
151+
100152
/**
101153
* @expectedException \Symfony\Component\Security\Core\Exception\AccessDeniedException
102154
*/

0 commit comments

Comments
 (0)
0